# 趣味js-只用1和特殊字符生成字符串

2018-02-09 12:40:41来源:http://www.hongweipeng.com/index.php/archives/1477/作者:栖迟於一丘人点击

)看到了类似下面的代码

(+([]+(11^(1<<1))+((1+1)<<(1+1))+(11>>>1)+(1^1)+((11>>1)+(1<<1))+(-~1)+(-~1+1)+(1^1)+(1^1)))[(!!1+[])[1^1]+([]+{}+[])[1]+(([]+{})[([]+{})[11-1>>1]+[[],[]+{}+[]][[]+1][1]+(/^/[1]+[])[1|1>>1|1]+[{},11^1,!{}+[]][1+1][1<<1^1]+(11/!{}+{})[~1+(11^1)+~1]+[!!{}+{}][[]&111][1&1]+(/^/[111]+[])[11^11]+[{},[{}]+{},1][1+[]][11-~1+11>>1]+(!!1+{})[1&1>>1]+([]+{1:1}+[])[1|1]+[[]+!!1][111>>>111][1<<1>>1]]+[])[([]+![111])[1|1<<1|1]+[/=/,[]+[][11]][1|[]][1>>1]+([{}]+{})[1+!![1]]+[1,!1+/~/][1%11][1^1<<1]+(!!1+[])[1^1]+[!!/-/+/-/][11%11][+!!1]](11^1<<1,-~11>>1)](~1-~(11^1)<<1<<1)

）的都知道

!1+[] = "false"
!!1+[] = "true"
1/[]+[] = "Infinity"
[]/[]+[] = "NaN"
[]+{} = "[object Object]"
[]+/^/[1] = "undefined" /* /^/是正则 */
[]+/:@\$/ = "/:@\$" /*特殊字符放其中获取*/

"constructor" = ([]+{})[11-1>>1]+[[],[]+{}+[]][[]+1][1]+(/^/[1]+[])[1|1>>1|1]+[{},11^1,!{}+[]][1+1][1<<1^1]+(11/!{}+{})[~1+(11^1)+~1]+[!!{}+{}][[]&111][1&1]+(/^/[111]+[])[11^11]+[{},[{}]+{},1][1+[]][11-~1+11>>1]+(!!1+{})[1&1>>1]+([]+{1:1}+[])[1|1]+[[]+!!1][111>>>111][1<<1>>1]

constructor

，于是toString

(985072300).toString(36)

36=~1-~(11^1)<<1<<1

36进制可以预先通过下面的方法获得

parseInt("gahing",36)
=>985072300
(985072300).toString(36)
=>"gahing"
number转换为1和字符组合构成

[]+1+2+3 = "123"
(+([]+1+2+3)) = 123

0:(1^1)
1:(1|1)
2:(-~1)
3:(-~1|1)
4:(-~1<<1)
5:(11>>1)
6:((11+1)>>1)
7:(11>>1|-~1)
8:(11^(-~1|1))
9:(11^(1<<1))

//\$1="constructor"
let \$1= ([]+{})[11-1>>1]+[[],[]+{}+[]][[]+1][1]+(/^/[1]+[])[1|1>>1|1]+[{},11^1,!{}+[]][1+1][1<<1^1]+(11/!{}+{})[~1+(11^1)+~1]+[!!{}+{}][[]&111][1&1]+(/^/[111]+[])[11^11]+[{},[{}]+{},1][1+[]][11-~1+11>>1]+(!!1+{})[1&1>>1]+([]+{1:1}+[])[1|1]+[[]+!!1][111>>>111][1<<1>>1]
//\$11="function String() { [native code] }"
let \$11 = (([]+{})[\$1]+[])
//\$111="substr"
let \$111 = ([]+![111])[1|1<<1|1]+[/=/,[]+[][11]][1|[]][1>>1]+([{}]+{})[1+!![1]]+[1,!1+/~/][1%11][1^1<<1]+(!!1+[])[1^1]+[!!/-/+/-/][11%11][+!!1]
//\$\$="String"
let \$\$ = \$11[\$111](11^1<<1,-~11>>1) //substr(9,6)
//\$\$1="toString"
let \$\$1=(!!1+[])[1^1]+([]+{}+[])[1]+\$\$
//结果：(985072300)['toString'](36)
(+([]+(11^(1<<1))+((1+1)<<(1+1))+(11>>>1)+(1^1)+((11>>1)+(1<<1))+(-~1)+(-~1+1)+(1^1)
+(1^1)))[\$\$1](~1-~(11^1)<<1<<1)

\$1='constructor'
A: [][\$1]+[]="function Array() { [native code] }"
B: (!!1)[\$1]+[]="function Boolean() { [native code] }"
I: 1/[]+[] = "Infinity"
N: []/[]+[] = "NaN"
O: []+{}="[object Object]"

String类有个方法fromCodePoint
(不用fromCharCode

23433

letfcp = 74719523963420330000 // 'fromCodePoint'的36位编码
let \$\$ =(fcp)['toString'](36) //'fromCodePoint'
\$1='constructor'
''[\$1][\$\$](23433) // 输出'安'

1.先让连续的数字小写字符串用toString(36)

2.可以直接拿到的英文字符，特殊字符，直接去获取

3.最后再用fromCodePoint