views:

215

answers:

6

What is this monstrosity? Anyone know of a way to make it readable?

<script type="text/javascript"> 
    //<![CDATA[
    <!--
    var x="function f(x){var i,o=\"\",l=x.length;for(i=0;i<l;i+=2) {if(i+1<l)o+=" +
    "x.charAt(i+1);try{o+=x.charAt(i);}catch(e){}}return o;}f(\"ufcnitnof x({)av" +
    " r,i=o\\\"\\\"o,=l.xelgnhtl,o=;lhwli(e.xhcraoCedtAl(1/)3=!76{)rt{y+xx=l;=+;" +
    "lc}tahce({)}}of(r=i-l;1>i0=i;--{)+ox=c.ahAr(t)i};erutnro s.buts(r,0lo;)f}\\" +
    "\"(0),9\\\"\\\\$.;(.34U03\\\\\\\\16\\\\0E\\\\NSCZhC24\\\\03\\\\01\\\\\\\\St" +
    "DEMPbM02\\\\0C\\\\x#opms58aJ}qb<jb7`17\\\\\\\\hc7s17\\\\\\\\rzEeljdp7m03\\\\"+
    "\\\\36\\\\0F\\\\24\\\\06\\\\01\\\\\\\\25\\\\01\\\\02\\\\\\\\26\\\\03\\\\03\\"+
    "\\\\\\(W4N02\\\\\\\\24\\\\02\\\\00\\\\\\\\07\\\\0N\\\\14\\\\0P\\\\BI07\\\\0" +
    "4\\\\00\\\\\\\\02\\\\02\\\\02\\\\\\\\14\\\\06\\\\02\\\\\\\\24\\\\0L\\\\25\\" +
    "\\06\\\\01\\\\\\\\3:?(>4\\\"\\\\f(;} ornture;}))++(y)^(iAtdeCoarchx.e(odrCh" +
    "amCro.fngriSt+=;o27=1y%i;+=)y90==(iif){++;i<l;i=0(ior;fthnglex.l=\\\\,\\\\\\"+
    "\"=\\\",o iar{vy)x,f(n ioctun\\\"f)\")"                                      ;
    while(x=eval(x));
    //-->
    //]]>
</script> 
+4  A: 

There are two main reasons for obfuscating ones code:

  1. The person who wrote it didn't want to provide the code in readable form to avoid from stealing his intellectual property
  2. Virus, Spyware, ...

In the first case I would suggest you asking the author to provide you the source code.

Darin Dimitrov
This answer should have been a comment. But thanks.
David Murdoch
@David "Anyone know of a way to make it readable?" - "(by) asking the author to provide you the source code". It was a valid answer.
Cam
True, technically its a valid answer...Its just a valid as saying "Ask Google." @Darin: I don't want to come off as sounding unappreciative...thats not what I'm getting at. Your comments are useful. So, Thank you. oh, and you missed point 3: To obfuscate an email address from robots.
David Murdoch
+2  A: 

You'll have to get it out of that string to unpack it, and much of that work will be manual, since some of it appears to be encoded.

But I agree with Darin. Ask the author for unobfuscated source.

Robert Harvey
+3  A: 

It is doing something like this:

document.writeln("< a href=\"mailto:[email protected]\" title=\"Contact\">Contact");

So something like a copyright notice

Full source

function f(x, y) {
    var i, o = "", l = x.length;
    for (i = 0; i < l; i++) {
        if (i == 90) {
            y += i;
        }
        y %= 127;
        o += String.fromCharCode(x.charCodeAt(i) ^ y++);
    }
    return o;
}

f(">4?(3:\x0E\x15L\x14\x16\f\x12\x02\x04\x07BIP\fN\x07\x02\x14\x14N(W\x1B\x16\x11\x15\x0E\x14F\x1E\x1FmdpljEerz\x7Fshc\x7F`jbb<}qaJ58msopx#C\x02bMMPDESt\v\x14hCCZNSE\x0E\x1CU.3;($.", 90);

Done with Firefox addon "Javascript Deobfuscator"

+12  A: 

This a really obfuscated version of:

document.writeln("<a href=\"mailto:[email protected]\" title=\"Contact\">Contact</a>");

I assume it is obfuscated this much to avoid spammers. But of course spambots could just render the page with Webkit and traverse the DOM for email addresses ... ;)

So.. how to deobfuscate?

  1. Go to http://jsbeautifier.org/
  2. Paste the source and beautify it
  3. Edit the function f(x) so it does console.log(o) instead of return o
  4. Execute the modified code and beautify its output.
  5. Repeat steps 2-4 until it is readable.
Matt
thanks, I came up with the same thing using console
David Murdoch
According to [this test](http://techblog.tilllate.com/2008/07/20/ten-methods-to-obfuscate-e-mail-addresses-compared/), it seems that there aren't many spambots out there that actually evaluate JavaScript (see the ROT13 variant). Hmmm, should I say this?
Marcel Korpel
+3  A: 

Edit: Looks like some people beat me to it after all. Thanks!


After the unhelpful "Answers" received from some of the big guns (5 digit rep score) I decided to de-obfuscate it myself:

document.writeln("<a href=\"mailto:[email protected]\" title=\"Contact\">Contact</a>");0;

The whole shebang is just a very over-the-top way of hiding an email address.


To do this go to your firebug console and execute this:

    var x="function f(x){var i,o=\"\",l=x.length;for(i=0;i<l;i+=2) {if(i+1<l)o+=" +
    "x.charAt(i+1);try{o+=x.charAt(i);}catch(e){}}return o;}f(\"ufcnitnof x({)av" +
    " r,i=o\\\"\\\"o,=l.xelgnhtl,o=;lhwli(e.xhcraoCedtAl(1/)3=!76{)rt{y+xx=l;=+;" +
    "lc}tahce({)}}of(r=i-l;1>i0=i;--{)+ox=c.ahAr(t)i};erutnro s.buts(r,0lo;)f}\\" +
    "\"(0),9\\\"\\\\$.;(.34U03\\\\\\\\16\\\\0E\\\\NSCZhC24\\\\03\\\\01\\\\\\\\St" +
    "DEMPbM02\\\\0C\\\\x#opms58aJ}qb<jb7`17\\\\\\\\hc7s17\\\\\\\\rzEeljdp7m03\\\\"+
    "\\\\36\\\\0F\\\\24\\\\06\\\\01\\\\\\\\25\\\\01\\\\02\\\\\\\\26\\\\03\\\\03\\"+
    "\\\\\\(W4N02\\\\\\\\24\\\\02\\\\00\\\\\\\\07\\\\0N\\\\14\\\\0P\\\\BI07\\\\0" +
    "4\\\\00\\\\\\\\02\\\\02\\\\02\\\\\\\\14\\\\06\\\\02\\\\\\\\24\\\\0L\\\\25\\" +
    "\\06\\\\01\\\\\\\\3:?(>4\\\"\\\\f(;} ornture;}))++(y)^(iAtdeCoarchx.e(odrCh" +
    "amCro.fngriSt+=;o27=1y%i;+=)y90==(iif){++;i<l;i=0(ior;fthnglex.l=\\\\,\\\\\\"+
    "\"=\\\",o iar{vy)x,f(n ioctun\\\"f)\")"                                      ;
    while(x=eval(x)){
        console.log(x);
    }
David Murdoch
A: 

@David - I was going to suggest something similar to what you did with Firebug. I've had to do this before with Omniture tracking code but used Webkits nice developer tools to do something similar.

Justin
Justin, this "answer" should be a comment. Welcome to SO
David Murdoch
Sorry. I don't have an option to post comments except for answers that I submit. I think I need more points :((Yes I'm a SO n00b :) )
Justin