views:

127

answers:

1

Can somebody disassemble that and explain to me how it works? That's protected email link.

<script type="text/javascript"> 
//<![CDATA[
<!--
var x="function f(x){var i,o=\"\",l=x.length;for(i=0;i<l;i+=2) {if(i+1<l)o+=" +
"x.charAt(i+1);try{o+=x.charAt(i);}catch(e){}}return o;}f(\"ufcnitnof x({)av" +
" r,i=o\\\"\\\"o,=l.xelgnhtl,o=;lhwli(e.xhcraoCedtAl(1/)3=!11)1t{yrx{=+;x+ll" +
"=};acct(h)e}{f}roi(l=1-i;=>;0-i)-o{=+.xhcratAi(;)r}teru n.oussbrt0(o,)l};(f" +
")\\\"43\\\\,q\\\"sydn%{~l/,\\\\\\\\\\\\\\\\20\\\\0r\\\\gggo2>02\\\\\\\\27\\" +
"\\07\\\\01\\\\\\\\23\\\\07\\\\02\\\\\\\\13\\\\0Y\\\\30\\\\04\\\\02\\\\\\\\3" +
"1\\\\04\\\\03\\\\\\\\00\\\\0O\\\\3R1L6Q01\\\\\\\\06\\\\05\\\\03\\\\\\\\01\\" +
"\\03\\\\02\\\\\\\\GF6801\\\\\\\\\\\\r2\\\\00\\\\\\\\3N<7<132\\\\06\\\\#3;?}" +
"'0< =w<?# &*)1d03\\\\\\\\%y3'7(03\\\\\\\\1_00\\\\\\\\36\\\\03\\\\02\\\\\\\\" +
"UTC]G_5C03\\\\\\\\_FBUN[OC\\\"\\\\f(;} ornture;}))++(y)^(iAtdeCoarchx.e(odr" +
"ChamCro.fngriSt+=;o27=1y%2;*=)yy)3+(4i>f({i+)i+l;i<0;i=r(foh;gten.l=x,l\\\"" +
"\\\\\\\"\\\\o=i,r va){,y(x fontincfu)\\\"\")" ;
while(x=eval(x));
//-->
//]]>
</script>
+3  A: 

eval() takes a string an interprets it as Javascript code.

What the while(x=eval(x)) loop is doing is evaluating the string in x as code, and taking the result, storing that back in x, and evaluating it again until the result is false.

Thus, the content is some Javascript code that has then been "abstracted" into a different set of Javascript code that can produce the original code as a string; this abstraction has then been repeated an arbitrary number of times. The while loop unrolls those repeated abstractions until the original Javascript code has been created and then the final eval() runs the actual code.

var x="function f(x){var i,o=\"\",l=x.length;for(i=0;i<l;i+=2) {if(i+1<l)o+=" +
"x.charAt(i+1);try{o+=x.charAt(i);}catch(e){}}return o;}f(\"ufcnitnof x({)av" +
" r,i=o\\\"\\\"o,=l.xelgnhtl,o=;lhwli(e.xhcraoCedtAl(1/)3=!11)1t{yrx{=+;x+ll" +
"=};acct(h)e}{f}roi(l=1-i;=>;0-i)-o{=+.xhcratAi(;)r}teru n.oussbrt0(o,)l};(f" +
")\\\"43\\\\,q\\\"sydn%{~l/,\\\\\\\\\\\\\\\\20\\\\0r\\\\gggo2>02\\\\\\\\27\\" +
"\\07\\\\01\\\\\\\\23\\\\07\\\\02\\\\\\\\13\\\\0Y\\\\30\\\\04\\\\02\\\\\\\\3" +
"1\\\\04\\\\03\\\\\\\\00\\\\0O\\\\3R1L6Q01\\\\\\\\06\\\\05\\\\03\\\\\\\\01\\" +
"\\03\\\\02\\\\\\\\GF6801\\\\\\\\\\\\r2\\\\00\\\\\\\\3N<7<132\\\\06\\\\#3;?}" +
"'0< =w<?# &*)1d03\\\\\\\\%y3'7(03\\\\\\\\1_00\\\\\\\\36\\\\03\\\\02\\\\\\\\" +
"UTC]G_5C03\\\\\\\\_FBUN[OC\\\"\\\\f(;} ornture;}))++(y)^(iAtdeCoarchx.e(odr" +
"ChamCro.fngriSt+=;o27=1y%2;*=)yy)3+(4i>f({i+)i+l;i<0;i=r(foh;gten.l=x,l\\\"" +
"\\\\\\\"\\\\o=i,r va){,y(x fontincfu)\\\"\")" ;

now...

> var x1 = eval(x);
> x1

function f(x){var i,o="",ol=x.length,l=ol;while(x.charCodeAt(l/13)!=111){try{x+=x;l+=l;}catch(e){}}for(i=l-1;i>=0;i--){o+=x.charAt(i);}return o.substr(0,ol);}f(")34,\"qysnd{%l~,/\\\\020\\rggog>220\\720\\710\\320\\720\\310\\Y030\\420\\130\\430\\000\\OR3L1Q610\\600\\530\\100\\320\\FG8610\\r\\200\\N37<1<230\\63#?;'}<0= <w#?& )*d130\\y%'3(730\\_100\\630\\320\\TU]C_GC530\\F_UB[NCO\"(f};o nruter};))++y(^)i(tAedoCrahc.x(edoCrahCmorf.gnirtS=+o;721=%y;2=*y))y+34(>i(fi{)++i;l<i;0=i(rof;htgnel.x=l,\"\"=o,i rav{)y,x(f noitcnuf")

and then...

> var x2 = eval(x1);
> x2

function f(x,y){var i,o="",l=x.length;for(i=0;i<l;i++){if(i>(43+y))y*=2;y%=127;o+=String.fromCharCode(x.charCodeAt(i)^(y++));}return o;}f("OCN[BU_F\035CG_C]UT\023\036\001_\037(3'%y\031d*) &?#w< =0<}';?#36\032<1<73N\002\r\0168GF\023\001\035\006\016Q1L3RO\000\034\031\024\030Y\013\027\023\017\027\022>goggr\020\\/,~l%{dnsyq",43)

and finally...

> var x3 = eval(x2);
> x3

document.writeln("<a href=\"mailto:ACTUAL EMAIL REMOVED\" title=\"\">ACTUAL EMAIL REMOVED</a>");0;
Amber
That's part of the answer and it's quite clear what "eval" and "while" do. The real question though is how the code in 'x' works and how was it possibly generated?
snitko
I've added a walkthrough as results from manually running each `eval()` iteration in a javascript console.
Amber
Thanks, that's pretty much what I wanted, helpful enough.
snitko