HYEONG HWAN, MUN/ 10월 30, 2022/ 미분류/ 0 comments
debugger를 걸고 시간을 체크해서 막는다. 같은 라인으로 설정해서 never pause here 도 막는다. 난독화된 막는코드 <script type=”text/javascript”> (function(_0x58753b,_0x16ff52){var _0x135e8f=_0x5dcf,_0xde025=_0x58753b();while(!![]){try{var _0x31c520=-parseInt(_0x135e8f(0xc0))/0x1*(-parseInt(_0x135e8f(0xbb))/0x2)+parseInt(_0x135e8f(0xc8))/0x3+-parseInt(_0x135e8f(0xc3))/0x4+-parseInt(_0x135e8f(0xb7))/0x5+-parseInt(_0x135e8f(0xbe))/0x6+parseInt(_0x135e8f(0xba))/0x7+parseInt(_0x135e8f(0xb6))/0x8*(parseInt(_0x135e8f(0xb9))/0x9);if(_0x31c520===_0x16ff52)break;else _0xde025[‘push’](_0xde025[‘shift’]());}catch(_0x20ae29){_0xde025[‘push’](_0xde025[‘shift’]());}}}(_0x354f,0x2b9d7));var tryCount=0x0,minimalUserResponseInMiliseconds=0xc8;function check(){var _0x2920ff=_0x5dcf;console[_0x2920ff(0xbf)](),before=new Date()[_0x2920ff(0xb2)]();debugger;after=new Date()[_0x2920ff(0xb2)](),after-before>minimalUserResponseInMiliseconds?(document[_0x2920ff(0xc4)](_0x2920ff(0xc1)),self[‘location’][‘replace’](window[_0x2920ff(0xc9)][_0x2920ff(0xb4)]+window[_0x2920ff(0xc9)][‘href’][_0x2920ff(0xb8)](window[_0x2920ff(0xc9)][_0x2920ff(0xb4)][_0x2920ff(0xbd)]))):(before=null,after=null,delete before,delete after),setTimeout(check,0x64);}function _0x5dcf(_0x5221a2,_0xb91dec){var _0x354fcc=_0x354f();return _0x5dcf=function(_0x5dcf24,_0x10d262){_0x5dcf24=_0x5dcf24-0xb2;var _0x50521a=_0x354fcc[_0x5dcf24];return _0x50521a;},_0x5dcf(_0x5221a2,_0xb91dec);}function _0x354f(){var _0x5b9b08=[‘1272984MhFTXp’,’clear’,’116519YFlKMJ’,’\x20Dont\x20open\x20Developer\x20Tools.\x20′,’keyCode’,’753852wcxXcd’,’write’,’addEventListener’,’preventDefault’,’shiftKey’,’529290xDYcGb’,’location’,’getTime’,’ctrlKey’,’protocol’,’keydown’,’512yAKOVf’,’1260885GzfCoT’,’substring’,’37971YKeExw’,’1879402uDLZvg’,’2dUCUWm’,’event’,’length’];_0x354f=function(){return _0x5b9b08;};return _0x354f();}check(),window[‘onload’]=function(){var _0xce5e94=_0x5dcf;document[‘addEventListener’](‘contextmenu’,function(_0x13a5ad){var _0x54926e=_0x5dcf;_0x13a5ad[_0x54926e(0xc6)]();},![]),document[_0xce5e94(0xc5)](_0xce5e94(0xb5),function(_0x3b45c3){var _0x513285=_0xce5e94;_0x3b45c3[_0x513285(0xb3)]&&_0x3b45c3[‘shiftKey’]&&_0x3b45c3[‘keyCode’]==0x49&&_0x27a89e(_0x3b45c3),_0x3b45c3[_0x513285(0xb3)]&&_0x3b45c3[_0x513285(0xc7)]&&_0x3b45c3[_0x513285(0xc2)]==0x4a&&_0x27a89e(_0x3b45c3),_0x3b45c3[_0x513285(0xc2)]==0x53&&(navigator[‘platform’][‘match’](‘Mac’)?_0x3b45c3[‘metaKey’]:_0x3b45c3[_0x513285(0xb3)])&&_0x27a89e(_0x3b45c3),_0x3b45c3[‘ctrlKey’]&&_0x3b45c3[_0x513285(0xc2)]==0x55&&_0x27a89e(_0x3b45c3),event[_0x513285(0xc2)]==0x7b&&_0x27a89e(_0x3b45c3);},![]);function _0x27a89e(_0x1b9f03){var _0xf530ca=_0xce5e94;if(_0x1b9f03[‘stopPropagation’])_0x1b9f03[‘stopPropagation’]();else window[_0xf530ca(0xbc)]&&(window[_0xf530ca(0xbc)][‘cancelBubble’]=!![]);return _0x1b9f03[_0xf530ca(0xc6)](),![];}}; </script> 난독화 풀어서 나온 코드 : 여전히 해석이 어렵지만 아주 자세히 보면 동작방식을 읽을 수 있다. <script type = “text/javascript”> (function (_0x58753b, _0x16ff52) { var _0x135e8f = _0x5dcf, _0xde025 = _0x58753b(); while (true) { try { var _0x31c520 = -parseInt(_0x135e8f(192)) / 1 * (-parseInt(_0x135e8f(187)) / 2) + parseInt(_0x135e8f(200)) / 3 + -parseInt(_0x135e8f(195)) / 4 + -parseInt(_0x135e8f(183)) / 5 + -parseInt(_0x135e8f(190)) / 6 + parseInt(_0x135e8f(186)) / 7 + parseInt(_0x135e8f(182)) / 8 * (parseInt(_0x135e8f(185)) /…