12

What is this monstrosity? Anyone know of a way to make it readable?

<script type="text/javascript"> 
    //<![CDATA[
    <!--
    var x="function f(x){var i,o=\"\",l=x.length;for(i=0;i<l;i+=2) {if(i+1<l)o+=" +
    "x.charAt(i+1);try{o+=x.charAt(i);}catch(e){}}return o;}f(\"ufcnitnof x({)av" +
    " r,i=o\\\"\\\"o,=l.xelgnhtl,o=;lhwli(e.xhcraoCedtAl(1/)3=!76{)rt{y+xx=l;=+;" +
    "lc}tahce({)}}of(r=i-l;1>i0=i;--{)+ox=c.ahAr(t)i};erutnro s.buts(r,0lo;)f}\\" +
    "\"(0),9\\\"\\\\$.;(.34U03\\\\\\\\16\\\\0E\\\\NSCZhC24\\\\03\\\\01\\\\\\\\St" +
    "DEMPbM02\\\\0C\\\\x#opms58aJ}qb<jb7`17\\\\\\\\hc7s17\\\\\\\\rzEeljdp7m03\\\\"+
    "\\\\36\\\\0F\\\\24\\\\06\\\\01\\\\\\\\25\\\\01\\\\02\\\\\\\\26\\\\03\\\\03\\"+
    "\\\\\\(W4N02\\\\\\\\24\\\\02\\\\00\\\\\\\\07\\\\0N\\\\14\\\\0P\\\\BI07\\\\0" +
    "4\\\\00\\\\\\\\02\\\\02\\\\02\\\\\\\\14\\\\06\\\\02\\\\\\\\24\\\\0L\\\\25\\" +
    "\\06\\\\01\\\\\\\\3:?(>4\\\"\\\\f(;} ornture;}))++(y)^(iAtdeCoarchx.e(odrCh" +
    "amCro.fngriSt+=;o27=1y%i;+=)y90==(iif){++;i<l;i=0(ior;fthnglex.l=\\\\,\\\\\\"+
    "\"=\\\",o iar{vy)x,f(n ioctun\\\"f)\")"                                      ;
    while(x=eval(x));
    //-->
    //]]>
</script>
Improve this question
1
  • Sorry for the close vote. After further consideration I think this question might have enough of a different lilt that it isn't actually a duplicate, but can't find a way to retract the close vote. Commented May 19, 2010 at 15:58

5 Answers 5

Reset to default
23

This a really obfuscated version of:

document.writeln("<a href=\"mailto:[email protected]\" title=\"Contact\">Contact</a>");

I assume it is obfuscated this much to avoid spammers. But of course spambots could just render the page with Webkit and traverse the DOM for email addresses ... ;)

So.. how to deobfuscate?

  1. Go to http://jsbeautifier.org/
  2. Paste the source and beautify it
  3. Edit the function f(x) so it does console.log(o) instead of return o
  4. Execute the modified code and beautify its output.
  5. Repeat steps 2-4 until it is readable.
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

According to this test, it seems that there aren't many spambots out there that actually evaluate JavaScript (see the ROT13 variant). Hmmm, should I say this?
4

There are two main reasons for obfuscating ones code:

  1. The person who wrote it didn't want to provide the code in readable form to avoid from stealing his intellectual property
  2. Virus, Spyware, ...

In the first case I would suggest you asking the author to provide you the source code.

Improve this answer

3 Comments

This answer should have been a comment. But thanks.
@David "Anyone know of a way to make it readable?" - "(by) asking the author to provide you the source code". It was a valid answer.
True, technically its a valid answer...Its just a valid as saying "Ask Google." @Darin: I don't want to come off as sounding unappreciative...thats not what I'm getting at. Your comments are useful. So, Thank you. oh, and you missed point 3: To obfuscate an email address from robots.
4

It is doing something like this:

document.writeln("< a href=\"mailto:[email protected]\" title=\"Contact\">Contact</a>");

So something like a copyright notice

Full source

function f(x, y) {
    var i, o = "", l = x.length;
    for (i = 0; i < l; i++) {
        if (i == 90) {
            y += i;
        }
        y %= 127;
        o += String.fromCharCode(x.charCodeAt(i) ^ y++);
    }
    return o;
}

f(">4?(3:\x0E\x15L\x14\x16\f\x12\x02\x04\x07BIP\fN\x07\x02\x14\x14N(W\x1B\x16\x11\x15\x0E\x14F\x1E\x1FmdpljEerz\x7Fshc\x7F`jbb<}qaJ58msopx#C\x02bMMPDESt\v\x14hCCZNSE\x0E\x1CU.3;($.", 90);

Done with Firefox addon "Javascript Deobfuscator"

Improve this answer

Comments

3

Edit: Looks like some people beat me to it after all. Thanks!

After the unhelpful "Answers" received from some of the big guns (5 digit rep score) I decided to de-obfuscate it myself:

document.writeln("<a href=\"mailto:[email protected]\" title=\"Contact\">Contact</a>");0;

The whole shebang is just a very over-the-top way of hiding an email address.

To do this go to your firebug console and execute this:

    var x="function f(x){var i,o=\"\",l=x.length;for(i=0;i<l;i+=2) {if(i+1<l)o+=" +
    "x.charAt(i+1);try{o+=x.charAt(i);}catch(e){}}return o;}f(\"ufcnitnof x({)av" +
    " r,i=o\\\"\\\"o,=l.xelgnhtl,o=;lhwli(e.xhcraoCedtAl(1/)3=!76{)rt{y+xx=l;=+;" +
    "lc}tahce({)}}of(r=i-l;1>i0=i;--{)+ox=c.ahAr(t)i};erutnro s.buts(r,0lo;)f}\\" +
    "\"(0),9\\\"\\\\$.;(.34U03\\\\\\\\16\\\\0E\\\\NSCZhC24\\\\03\\\\01\\\\\\\\St" +
    "DEMPbM02\\\\0C\\\\x#opms58aJ}qb<jb7`17\\\\\\\\hc7s17\\\\\\\\rzEeljdp7m03\\\\"+
    "\\\\36\\\\0F\\\\24\\\\06\\\\01\\\\\\\\25\\\\01\\\\02\\\\\\\\26\\\\03\\\\03\\"+
    "\\\\\\(W4N02\\\\\\\\24\\\\02\\\\00\\\\\\\\07\\\\0N\\\\14\\\\0P\\\\BI07\\\\0" +
    "4\\\\00\\\\\\\\02\\\\02\\\\02\\\\\\\\14\\\\06\\\\02\\\\\\\\24\\\\0L\\\\25\\" +
    "\\06\\\\01\\\\\\\\3:?(>4\\\"\\\\f(;} ornture;}))++(y)^(iAtdeCoarchx.e(odrCh" +
    "amCro.fngriSt+=;o27=1y%i;+=)y90==(iif){++;i<l;i=0(ior;fthnglex.l=\\\\,\\\\\\"+
    "\"=\\\",o iar{vy)x,f(n ioctun\\\"f)\")"                                      ;
    while(x=eval(x)){
        console.log(x);
    }
Improve this answer

Comments

2

You'll have to get it out of that string to unpack it, and much of that work will be manual, since some of it appears to be encoded.

But I agree with Darin. Ask the author for unobfuscated source.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.