0

this code has a URL in it, how do i use php to decode the url out of it: 

<script type = 'text/javascript' > eval(function(p, a, c, k, e, d) {
   while(c--)if(k[c])p = p.replace(new RegExp('\\b' + c.toString(a) + '\\b', 'g'), k[c]); return p}
('1l.1k(\'<7 13="1j"1i="1h:1g-1f-1e-1d-1c"p="o"n="m"1b="3://b.5.a/9/1a.19"><2 1="t"0="s"/><2 1="r"0="q"/><2 1="6"0="3://i/l/k.j"/><2 1="f"0="4"><2 1="g"0="4"/><2 1="e"0="c"/><2 1="h"0="4"/><2 1="12"0="3://11.10.z.y:x/d/w/v.u"/><8 13="18"17="16/5"12="3://11.10.z.y:x/d/w/v.u"t="s"r="q"p="o"n="m"6="3://i/l/k.j"h="4"g="4"6=""f="4"e="c"15="3://b.5.a/9/14/"></8></7>\');', 36, 58, 'value|name|param|http|false|divx|previewImage|object|embed|plugin|com|go|Play||previewMessage|allowContextMenu|bannerEnabled|autoPlay||jpg|212fw9jbfz7i|00009|318|height|640|width|transparent|wmode|Stage6|custommode|avi|qdnonvmiasgyh|zvq6lstdylqvn6lrwin6bli5reamli6ry5ewvwlk5mpa|182|51|73|90|66|src|id|download|pluginspage|video|type|np_vid|cab|DivXBrowserPlugin|codebase|CC0F21721616|9C46|41fa|D0AB|67DABFBF|clsid|classid|ie_vid|write|document'.split('|')))

If you could help that would be great !

Improve this question
5
  • Please use the code formatting. Commented Feb 17, 2010 at 0:45
  • Looks like it is designed to be hard to read—a dubious security technique known as obfuscation. Commented Feb 17, 2010 at 0:46
  • @Gazler, I think the point is that the code is obfuscated Commented Feb 17, 2010 at 0:47
  • 1
    I think it decodes to "4 8 15 16 23 42". Commented Feb 17, 2010 at 0:48
  • Wow. javascript compression. I've never seen this before. Commented Feb 17, 2010 at 0:51

3 Answers 3

Reset to default
3

It has been compressed using packer. This page explains how to unpack it.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

According to jsbeautifier.org this unpacks to:

document.write('<object id="ie_vid"classid="clsid:67DABFBF-D0AB-41fa-9C46-CC0F21721616"width="640"height="318"codebase="http://go.divx.com/plugin/DivXBrowserPlugin.cab"><param name="custommode"value="Stage6"/><param name="wmode"value="transparent"/><param name="previewImage"value="http://i/00009/212fw9jbfz7i.jpg"/><param name="allowContextMenu"value="false"><param name="bannerEnabled"value="false"/><param name="previewMessage"value="Play"/><param name="autoPlay"value="false"/><param name="src"value="http://66.90.73.51:182/d/zvq6lstdylqvn6lrwin6bli5reamli6ry5ewvwlk5mpa/qdnonvmiasgyh.avi"/><embed id="np_vid"type="video/divx"src="http://66.90.73.51:182/d/zvq6lstdylqvn6lrwin6bli5reamli6ry5ewvwlk5mpa/qdnonvmiasgyh.avi"custommode="Stage6"wmode="transparent"width="640"height="318"previewImage="http://i/00009/212fw9jbfz7i.jpg"autoPlay="false"bannerEnabled="false"previewImage=""allowContextMenu="false"previewMessage="Play"pluginspage="http://go.divx.com/plugin/download/"></embed></object>')

Improve this answer

Comments

0

What you're looking at is obfuscated code. You can try figuring out what parameters are being passed into it (maybe by using Firebug and that Javascript debugger) and then get the return value out of it. But obfuscated code is called obfuscated for a reason :).

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.