2016年4月12日
ua.js 获取访客浏览器与操作系统信息的方式
actionlog_js_ua.js混淆编程形式与执行主流程
ua.js中mousedown和mousemove事件自定义函数功能解析
ua.js中JSocket.getlso和JSocket.setlso代码分析
ua.js中arguments.callee.caller的应用
淘宝的ua.js在load事件处理函数中,使用正则表达式和navigator[“userAgent”]和navigator[“platform”] 来获取访客的浏览器和操作系统信息,也会获取访客屏幕分辨率和浏览器窗口尺寸,用这些信息来更新UA。
获取访客浏览器与操作系统信息
ua.js在load处理函数中调用函数ihd,ihd函数中包含获取运行浏览器的操作系统信息的代码,ihd通过调用函数h3d6获取浏览器信息。函数ihd和h3d6反混淆和简化之后的代码如下所示:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
h3d6 = function () { var os, hpc, er3k, rhma, tu, rn5 = navigator["userAgent"]["toLowerCase"](); var mu37 = function () { var hpc, w = ere || this; hpc = (typeof window["onhelp"] == object) ?"IExplorer" :(typeof window["chrome"] == object)?"Chrome":(typeof window["InstallTrigger"] == object)?"Firefox":(typeof window["opera"] == object)?Opera:"An unknown browser"; return hpc; }; var gr6 = 0; var n1 = 0; do { if (n1) { tu == "-1" ? tu = "an unknown version" : tu = tu["split"]('.')[0]; continue; } tu = (er3k = rn5["match"](/maxthon[\/ ]([\d.]+)/i))? (hpc="Maxthon", er3k[1]):(er3k = rn5["match"](/msie.*360se/i))?(hpc = "360SE", "-1") : (er3k = rn5["match"](/msie.*360ee/i))?(hpc = "360EE", "-1"):(er3k = rn5["match"](/msie.*alibrowser ([\d.]+)/i))? (hpc = "Alibrowser", er3k[1]) : (er3k = rn5["match"](/chrome.*taobrowser\/([\d.]+)/i))? (hpc = "Taobrowser", er3k[1]) :(er3k = rn5["match"](/se ([\d]+.[\w]*) metasr ([\d.]+)/i))?(hpc = "Sogou", er3k[1]) : (er3k = rn5["match"](/msie.*qihu theworld/i))?(hpc="Theworld","-1"):(er3k = rn5["match"](/tencenttraveler ([\d.]+)/i))? (hpc = "TencentTraveler", er3k[1]) : (er3k = rn5["match"](/qqbrowser\/([\d.]+)/i))?(hpc="QQBrowser",er3k[1]): (er3k = rn5["match"](/msie ([\d.]+)/i))?(hpc= "IExplorer",er3k[1]): (er3k = rn5["match"](/firefox\/([\d.]+)/i))?(hpc = "Firefox", er3k[1]) :(er3k = rn5["match"](/Opera.+Version\/([\d.]+)/i))?(hpc="Opera", er3k[1]): (er3k = rn5["match"](/opr\/([\d.]+)/i))?(hpc = "Opera", er3k[1]) : (er3k = rn5["match"](/version\/([\d.]+).*safari/i))?(hpc = "Safari" , er3k[1]): (er3k = rn5["match"](/chrome\/([\d.]+)/i))?(hpc = "Chrome", er3k[1]): (rhma = mu37(), hpc = rhma, -1); // rn5[match] hpc=Maxthon rn5[match] rn5[match] hpc=360EE rn5[match] rn5[match] rn5[match] rn5[match] hpc= Theworld rn5[match] rn5[match] (hpc="QQBrowser",er3k[]): rn5[match] ?(hpc= "IExplorer",er3k[1]): rn5[match] rn5[match] ?(hpc="Opera", er3k[1]) rn5[match] rn5[match] ?(hpc = "Safari" , er3k[1]) rn5[match] ?(hpc = "Chrome", er3k[1]) -1 // tu = (er3k = rn5[jj('hhMTcthZamB', 2, 2)](/maxthon[\/ ]([\d.]+)/i)) ? (hpc = k1('ynlohtUxaMl', 3, 1), er3k[1]) : (er3k = rn5[eb('uhdtctCxamk', 2, 2)](/msie.*360se/i)) ? (hpc = "360SE", "-1") : (er3k = rn5[m2('lhKuctpwaml', 2, 2)](/msie.*360ee/i)) ? (hpc = jj('nElmE0Qy63E', 2, 2), "-1") : (er3k = rn5[eb('chMBctREamb', 2, 2)](/msie.*alibrowser ([\d.]+)/i)) ? (hpc = "Alibrowser", er3k[1]) : (er3k = rn5[eb('NhYbctbWamj', 2, 2)](/chrome.*taobrowser\/([\d.]+)/i)) ? (hpc = "Taobrowser", er3k[1]) : (er3k = rn5[eb('LhWsctkEamx', 2, 2)](/se ([\d]+.[\w]*) metasr ([\d.]+)/i)) ? (hpc = "Sogou", er3k[1]) : (er3k = rn5[m2('GhZictsGamk', 2, 2)](/msie.*qihu theworld/i)) ? (hpc = k1('kdllrowvehTf', 3, 1), "-1") : (er3k = rn5[jj('ThElcttTami', 2, 2)](/tencenttraveler ([\d.]+)/i)) ? (hpc = "TencentTraveler", er3k[1]) : (er3k = rn5[k1('lhXQctbBama', 2, 2)](/qqbrowser\/([\d.]+)/i)) ? (hpc = eb('KlresgworXBQQz', 3, 1), er3k[(0x3e8 % 01267 & 79)]) : (er3k = rn5[eb('VhUkctFtams', 2, 2)](/msie ([\d.]+)/i)) ? (hpc = jj('kqrerxolpQxEIm', 3, 1), er3k[1]) : (er3k = rn5[eb('lheBctDAamI', 2, 2)](/firefox\/([\d.]+)/i)) ? (hpc = "Firefox", er3k[1]) : (er3k = rn5[jj('fhkFctyqamR', 2, 2)](/Opera.+Version\/([\d.]+)/i)) ? (hpc = k1('MalGreNRpOo', 2, 2), er3k[1]) : (er3k = rn5[k1('hhqRctEhamX', 2, 2)](/opr\/([\d.]+)/i)) ? (hpc = "Opera", er3k[1]) : (er3k = rn5[m2('FhbpctQNamo', 2, 2)](/version\/([\d.]+).*safari/i)) ? (hpc = m2('CirgafaSC', 4, 1), er3k[1]) : (er3k = rn5[eb('shElctYyamI', 2, 2)](/chrome\/([\d.]+)/i)) ? (hpc = "Chrome", er3k[(0x3f3 * 0243 & 65)]) : (rhma = mu37(), hpc = rhma, m2('iSz1Wg-f', 1, 2)); n1 = ++gr6 + gr6++; } while (--n1); return [hpc, tu]; }; ihd = function () { var uc2 = h3d6(); var nbyi = [], l6 = navigator["platform"] || navigator["userAgent"]; os = (l6[match](/win/i)) ? "Windows" : (l6[match](/linux/i)) ? "Linux" : (l6[match](/Mac/i)) ? "Mac" : (l6[match](/iPhone/i)) ? "iPhone" : (l6[match](/iPod/i)) ? "iPod" : "an unknown OS"; var rkht = vq4; //浏览器名称 浏览器版本号 操作系统名称 nbyi = [uc2[0], uc2[1], os]; su(wjt(ovh("" + arguments["callee"])), "" + arguments["callee"]); rkht([2, nbyi]); }; |
由代码可知,函数ihd通过正则表达式从navigator[“userAgent”]和navigator[“platform”]中获取访客操作系统信息,而通过调用函数h3d6来获取浏览器信息。函数h3d6中也通过正则表达式从navigator[“userAgent”]提取访客浏览器信息。navigator[“userAgent”]声明了浏览器用于HTTP 请求的用户代理头的值;navigator[“platform”]声明了运行浏览器的操作系统和(或)硬件平台。
可以直接新建一个html文件,添加上述代码来验证上述代码的运行结果。以我的电脑为例:windows10,用火狐浏览器运行上述代码。函数h3d6返回数组第一个元素是浏览器名称Firefox,第二个元素是当前使用浏览器主版本号43,而os则是windows。
获取运行浏览器屏幕分辨率和浏览器
ua.js在load处理函数中调用函数bqx3获取运行浏览器屏幕的分辨率,浏览器屏幕的可用宽度与高度,网页可见区域的宽度和高度信息,其反混淆,简化后的代码如下所示:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
bqx3 = function () { try { var cghu = window["mozInnerScreenY"] || window["screenTop"]; var ih = window["mozInnerScreenX"] || window["screenLeft"]; if (typeof cghu == 'undefined') { cghu = 0; } if (typeof ih == 'undefined') { ih = 0; } var kq = window["document"]["body"]["clientWidth"]; var tj = window["document"]["body"]["clientHeight"]; var fonx = window["screen"]["width"]; var j7h = window["screen"]["height"]; var ay = window["screen"]["availWidth"]; var pu6 = window["screen"]["availHeight"]; var wz1 = [3, [cghu, ih, kq, tj, fonx, j7h, ay, pu6]]; su(wjt(ovh("" + arguments["callee"])), "" + arguments["callee"]); vq4(wz1); } catch (err) {} }; |
这部分的代码我能看懂,所以我想大家应该都能看懂。但我不是很明白screen.availwidth, screen.width, document.body.clientWidth这几类变量之间的关系,我在google上找了一张说明它们关系的图,共享给大家。
.png)
