今天无意中发现路由器的登录页面在提交过程中用JS对提交的数据做过加密,但加密算法好像是用哈希算法的原理,但不知具体的原理里是什么,望有路过的人们指点指点。 以下是页面代码: <html> <head> <title>Vigor Login Page</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <mce:style><!-- td.userpwd { color: #000000; font-family : Verdana, Arial, Helvetica, sans-serif; font-size : 14px; font-weight: bold; } td.copyright { color: #FFFFFF; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; font-weight: normal; } input.login { color: #FFFFFF; width: 77px; height: 25px; padding: 0 .38em .22em .38em; background: #004488 url(images/login1.jpg) scroll 0; border: 0px #004488 solid; font-family: Verdana, Arial, Helvetica, sans-serif; font-style: normal; font-weight: bold; font-size: 14px; cursor: pointer; } input.userpwd { width: 160px; font-family: Verdana, Arial, Helvetica, sans-serif; } --></mce:style><style mce_bogus="1"> td.userpwd { color: #000000; font-family : Verdana, Arial, Helvetica, sans-serif; font-size : 14px; font-weight: bold; } td.copyright { color: #FFFFFF; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; font-weight: normal; } input.login { color: #FFFFFF; width: 77px; height: 25px; padding: 0 .38em .22em .38em; background: #004488 url(images/login1.jpg) scroll 0; border: 0px #004488 solid; font-family: Verdana, Arial, Helvetica, sans-serif; font-style: normal; font-weight: bold; font-size: 14px; cursor: pointer; } input.userpwd { width: 160px; font-family: Verdana, Arial, Helvetica, sans-serif; }</style> </head> <body> <form name=frm1> <table width=100% height=90% border=0> <tr> <td> <table background="images/login.gif" align=center width=442px height=245px border=0> <tr> <td colspan=2> <table width=70% align=center cellspacing="0" cellpadding=2 border=0> <tr> <td width=40% class=userpwd>Username</td> <td width=60%><input class=userpwd type=text name=sUserName maxlength=24></td> </tr> <tr> <td class=userpwd>Password</td> <td><input class=userpwd type=password name=sSysPass maxlength=24></td> </tr> <tr> <td colspan=2 align=right><br><input type=button name=btnOk value=Login class=login></td> </tr> </table> </td> </tr> <tr> <td width=10 height=40></td> <td class=copyright>Copyright©, DrayTek Corp. All Rights Reserved.</td> </tr> </table> </td> </tr> </table> </td> </tr> </table> </form> <form name=frmSub> <mce:script type="text/javascript"><!-- for (i=0; i<2; i++) { document.write("<input type=hidden name=obj" + i + ">"); } // --></mce:script> </form> </body> </html> <mce:script type="text/javascript"><!-- var isNav = ( navigator.appName.indexOf( "Netscape" ) != -1 ); var isIE = ( navigator.appName.indexOf( "Microsoft" ) != -1 ); var isOpr = ( navigator.appName.indexOf( "Opera" ) != -1 ); var f = document.frm1; initPage(); function initPage() { if (self != top) top.location = "login.htm"; f.sUserName.focus(); // addhandlers(window); // addhandlers(document); for( var d = 0; d < document.forms.length-1; d++ ) { // addhandlers( document.forms[d] ); for( var e = 0; e < document.forms[d].elements.length; e++ ) { addhandlers(document.forms[d].elements[e]); } } } //加密函数 function encode(instr) { var keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; var outstr = ""; var chr1, chr2, chr3 = ""; var enc1, enc2, enc3, enc4 = ""; var i = 0; do { chr1 = instr.charCodeAt(i++); chr2 = instr.charCodeAt(i++); chr3 = instr.charCodeAt(i++); enc1 = chr1 >> 2; enc2 = ((chr1 & 3) << 4) | (chr2 >> 4); enc3 = ((chr2 & 15) << 2) | (chr3 >> 6); enc4 = chr3 & 63; if (isNaN(chr2)) { enc3 = enc4 = 64; } else if (isNaN(chr3)) { enc4 = 64; } outstr = outstr + keyStr.charAt(enc1) + keyStr.charAt(enc2) + keyStr.charAt(enc3) + keyStr.charAt(enc4); chr1 = chr2 = chr3 = ""; enc1 = enc2 = enc3 = enc4 = ""; } while (i < instr.length); return outstr; } function submitPara() { var frmSub = document.frmSub; frmSub.method = "post"; frmSub.action = "/cgi-bin/webstax/login/login"; frmSub[0].name = "aa"; frmSub[0].value = encode(f.sUserName.value); frmSub[1].name = "ab"; frmSub[1].value = encode(f.sSysPass.value); frmSub.submit(); } function handler (_e ) { var e = _e, elmt, type; if (isNav) {elmt = e.target; type = e.type; keycode = e.which;} if (isIE || isOpr) {e = window.event; elmt = e.srcElement; type = e.type; keycode = e.keyCode;} //if (!(elmt)) // return; if (isIE) { if (elmt.type == "text") e.cancelBubble = false; else e.cancelBubble = true; } if (elmt == f.btnOk && type == "click") { submitPara(); } if (elmt != f.btnOk && type == "keydown") { if (keycode == 13) { //Enter e.returnValue = false; submitPara(); } } } /* which event can be catch by handler */ function addhandlers(_o) { var o = _o; o.onclick = handler; o.onkeydown = handler; } // --></mce:script>