邮件头中的SPAMCAUSE字段是否可以解码？

我通过改进Ikraider和DoubleYou提供的Python解决方案，并添加了JavaScript解决方案。

Python：

def Decode(msg):
    return ''.join([chr(ord(msg[i * 2]) + ord(msg[i * 2 + 1]) - 1768 + ord(msg[i * 2 + 1 - (i & 1)]) * 16) for i in range(len(msg) // 2)])

print(Decode('gggruggvucftvghtrhho'))

JavaScript：

function Decode(msg)
{
    return Array(msg.length >> 1).fill(0).map((_, i) => String.fromCharCode(msg[i * 2].charCodeAt(0) + msg[i * 2 + 1].charCodeAt(0) - 1768 + (msg[i * 2 + 1 - (i & 1)].charCodeAt(0) << 4))).join('');
}

console.log(Decode('gggruggvucftvghtrhho'));

根据此标记，您提供的 X-OVH-SPAMCAUSE 翻译为：

Vade Retro 01.394.21 AS+AV+AP+RT Profile: OVH; Bailout: 300; ^ForbiddenHdr (500)

从lkraider的优秀Python答案开始，我提高了准确性。结果发现偏移字符(c..g)交替附加和插入。因此，不仅需要检查其中一个是否在配对中，而且还需要通过跟踪偶数或奇数对来区分例如fh和hf。

def decode(msg):
    text = ""
    for i in range(0, len(msg), 2):
        # add position as extra parameter
        text += unrot(msg[i: i + 2], i // 2)
    return text


def unrot(pair, pos, key=ord('x')):
    # "even" position => 2nd char is offset
    if pos % 2 == 0:
        # swap letters in pair
        pair = pair[1] + pair[0]
    # treat 1st char as offset
    offset = (ord('g') - ord(pair[0])) * 16
    # map to original character
    return chr(sum(ord(c) for c in pair) - key - offset)

print(decode('gggruggvucftvghtrhho'))

https://gist.github.com/DoubleYouEl/e3de97293ce3d5452b3be7a336a06ad7

看起来是通过旋转字符进行混淆。我试着用Python解决了这个问题。它不是完美的，但大部分似乎可以工作：

def decode(msg):
    text = []
    for i in range(0, len(msg), 2):
        text.append(unrot(msg[i: i + 2]))
    return str.join('', text)


def unrot(pair, key=ord('x')):
    offset = 0
    for c in 'cdefgh':
        if c in pair:
            offset = (ord('g') - ord(c)) * 16
            break
    return chr(sum(ord(c) for c in pair) - key - offset)


print(decode('gggruggvucftvghtrhho'))

https://gist.github.com/lkraider/9530798a695586fc1580d0728966f6f0