Deobfuscating Javascript [closed]

What is this monstrosity? Anyone know of a way to make it readable?

<script type="text/javascript"> 
    //<![CDATA[
    <!--
    var x="function f(x){var i,o=\"\",l=x.length;for(i=0;i<l;i+=2) {if(i+1<l)o+=" +
    "x.charAt(i+1);try{o+=x.charAt(i);}catch(e){}}return o;}f(\"ufcnitnof x({)av" +
    " r,i=o\\\"\\\"o,=l.xelgnhtl,o=;lhwli(e.xhcraoCedtAl(1/)3=!76{)rt{y+xx=l;=+;" +
    "lc}tahce({)}}of(r=i-l;1>i0=i;--{)+ox=c.ahAr(t)i};erutnro s.buts(r,0lo;)f}\\" +
    "\"(0),9\\\"\\\\$.;(.34U03\\\\\\\\16\\\\0E\\\\NSCZhC24\\\\03\\\\01\\\\\\\\St" +
    "DEMPbM02\\\\0C\\\\x#opms58aJ}qb<jb7`17\\\\\\\\hc7s17\\\\\\\\rzEeljdp7m03\\\\"+
    "\\\\36\\\\0F\\\\24\\\\06\\\\01\\\\\\\\25\\\\01\\\\02\\\\\\\\26\\\\03\\\\03\\"+
    "\\\\\\(W4N02\\\\\\\\24\\\\02\\\\00\\\\\\\\07\\\\0N\\\\14\\\\0P\\\\BI07\\\\0" +
    "4\\\\00\\\\\\\\02\\\\02\\\\02\\\\\\\\14\\\\06\\\\02\\\\\\\\24\\\\0L\\\\25\\" +
    "\\06\\\\01\\\\\\\\3:?(>4\\\"\\\\f(;} ornture;}))++(y)^(iAtdeCoarchx.e(odrCh" +
    "amCro.fngriSt+=;o27=1y%i;+=)y90==(iif){++;i<l;i=0(ior;fthnglex.l=\\\\,\\\\\\"+
    "\"=\\\",o iar{vy)x,f(n ioctun\\\"f)\")"                                      ;
    while(x=eval(x));
    //-->
    //]]>
</script> 

Answers:

Answer

This a really obfuscated version of:

document.writeln("<a href=\"mailto:[email protected]\" title=\"Contact\">Contact</a>");

I assume it is obfuscated this much to avoid spammers. But of course spambots could just render the page with Webkit and traverse the DOM for email addresses ... ;)

So.. how to deobfuscate?

  1. Go to http://jsbeautifier.org/
  2. Paste the source and beautify it
  3. Edit the function f(x) so it does console.log(o) instead of return o
  4. Execute the modified code and beautify its output.
  5. Repeat steps 2-4 until it is readable.
Answer

There are two main reasons for obfuscating ones code:

  1. The person who wrote it didn't want to provide the code in readable form to avoid from stealing his intellectual property
  2. Virus, Spyware, ...

In the first case I would suggest you asking the author to provide you the source code.

Answer

It is doing something like this:

document.writeln("< a href=\"mailto:[email protected]\" title=\"Contact\">Contact</a>");

So something like a copyright notice

Full source

function f(x, y) {
    var i, o = "", l = x.length;
    for (i = 0; i < l; i++) {
        if (i == 90) {
            y += i;
        }
        y %= 127;
        o += String.fromCharCode(x.charCodeAt(i) ^ y++);
    }
    return o;
}

f(">4?(3:\x0E\x15L\x14\x16\f\x12\x02\x04\x07BIP\fN\x07\x02\x14\x14N(W\x1B\x16\x11\x15\x0E\x14F\x1E\x1FmdpljEerz\x7Fshc\x7F`jbb<}qaJ58msopx#C\x02bMMPDESt\v\x14hCCZNSE\x0E\x1CU.3;($.", 90);

Done with Firefox addon "Javascript Deobfuscator"

Answer

Edit: Looks like some people beat me to it after all. Thanks!


After the unhelpful "Answers" received from some of the big guns (5 digit rep score) I decided to de-obfuscate it myself:

document.writeln("<a href=\"mailto:[email protected]\" title=\"Contact\">Contact</a>");0;

The whole shebang is just a very over-the-top way of hiding an email address.


To do this go to your firebug console and execute this:

    var x="function f(x){var i,o=\"\",l=x.length;for(i=0;i<l;i+=2) {if(i+1<l)o+=" +
    "x.charAt(i+1);try{o+=x.charAt(i);}catch(e){}}return o;}f(\"ufcnitnof x({)av" +
    " r,i=o\\\"\\\"o,=l.xelgnhtl,o=;lhwli(e.xhcraoCedtAl(1/)3=!76{)rt{y+xx=l;=+;" +
    "lc}tahce({)}}of(r=i-l;1>i0=i;--{)+ox=c.ahAr(t)i};erutnro s.buts(r,0lo;)f}\\" +
    "\"(0),9\\\"\\\\$.;(.34U03\\\\\\\\16\\\\0E\\\\NSCZhC24\\\\03\\\\01\\\\\\\\St" +
    "DEMPbM02\\\\0C\\\\x#opms58aJ}qb<jb7`17\\\\\\\\hc7s17\\\\\\\\rzEeljdp7m03\\\\"+
    "\\\\36\\\\0F\\\\24\\\\06\\\\01\\\\\\\\25\\\\01\\\\02\\\\\\\\26\\\\03\\\\03\\"+
    "\\\\\\(W4N02\\\\\\\\24\\\\02\\\\00\\\\\\\\07\\\\0N\\\\14\\\\0P\\\\BI07\\\\0" +
    "4\\\\00\\\\\\\\02\\\\02\\\\02\\\\\\\\14\\\\06\\\\02\\\\\\\\24\\\\0L\\\\25\\" +
    "\\06\\\\01\\\\\\\\3:?(>4\\\"\\\\f(;} ornture;}))++(y)^(iAtdeCoarchx.e(odrCh" +
    "amCro.fngriSt+=;o27=1y%i;+=)y90==(iif){++;i<l;i=0(ior;fthnglex.l=\\\\,\\\\\\"+
    "\"=\\\",o iar{vy)x,f(n ioctun\\\"f)\")"                                      ;
    while(x=eval(x)){
        console.log(x);
    }
Answer

You'll have to get it out of that string to unpack it, and much of that work will be manual, since some of it appears to be encoded.

But I agree with Darin. Ask the author for unobfuscated source.

Tags

Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.