www.webdeveloper.com
Results 1 to 2 of 2

Thread: decoding very difficult encrytion

  1. #1
    Join Date
    Apr 2010
    Posts
    1

    Red face decoding very difficult encrytion

    hello!

    I am studying applied computer science im hamburg germany, since you wonder why I've tried this on my own. And "on my own" isn't even completely true, because I've already assigned my boyfriend with the job to do it, but he couldn't finish it.
    My problem: I was trying to read and slightly edit a sourcecode of a encoded program.


    the encoded string reads like this...
    HTML Code:
    eval(unescape("%66%75%6E%63%74%69%6F%6
    which we could translate into
    HTML Code:
    <script language="JavaScript" type="text / javascript">
    function hp_d11(s){var o="",ar=new Array(),os="",ic=0;for(i=0;i<s.length;i++){c=s.charCodeAt(i);if(c<128)c=c^2;os+=String.fromCharCode(c);if(os.length>80){ar[ic++]=os;os=""}}o=ar.join("")+os;return o}
    </script>
    this seems to be a function with which the rest is encoded
    the second part reads like this
    HTML Code:
    eval(hp_d11(unescape("gtcn*dwlavkml*r.c.a.i.g.p+yg?dwlavkml*a+ypgvwpl*a>c=%25%258g*rcpqgKlv*a-c+
    that is pretty much as far as we were getting.

    since I couldn't attach any files, here is a link, where the html-file can be downloaded: http://www.speedshare.org/download.php?id=54FE64E611
    can anybody help decode it?


    Edit by admin: no contact info permitted on the forum, thank you

  2. #2
    Join Date
    Oct 2008
    Location
    U.S.
    Posts
    726
    Yet another stupid use of javascript... 4431 characters of so-called 'encrypted' code which actually provides 2781 characters of uncompressed actually used code.
    You've apparently already figured out that it is two blocks of code and decrypted the first block. The second block is really just a matter of doing the same thing, just about. You use the result of the first block:
    function hp_d11(s){var o="",ar=new Array(),os="",ic=0;for(i=0;i<s.length;i++){c=s.charCodeAt(i);if(c<128)c=c^2;os+=String.fromCharCode( c);if(os.length>80){ar[ic++]=os;os=""}}o=ar.join("")+os;return o}
    To decrypt the second block, where the second block starts with 'eval(hp_d11(unescape("tcp%22' yada yada yada, so on and so forth... change that to: 'txt2 = unescape("tcp%22 yada yada yada, so on and so forth...' then remove two of the ')' characters from the very end of that block. Then do: 'AAAAA = hp_d11(txt2);' which returns the result of the second block as a string. Then do: 'document.write('<pre>'+AAAAA+'</pre>');' resulting in:
    Code:
    var loadfilelink = {
     // private property
     _keyStr : "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
     // public method for encoding
     encode : function (input) {
      var output = "";
      var chr1, chr2, chr3, enc1, enc2, enc3, enc4;
      var i = 0;
      input = loadfilelink._utf8_encode(input);
      while (i < input.length) {
       chr1 = input.charCodeAt(i++);
       chr2 = input.charCodeAt(i++);
       chr3 = input.charCodeAt(i++);
       enc1 = chr1 >> 2;
       enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
       enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
       enc4 = chr3 & 63;
       if (isNaN(chr2)) {
        enc3 = enc4 = 64;
       } else if (isNaN(chr3)) {
        enc4 = 64;
       }
       output = output +
       this._keyStr.charAt(enc1) + this._keyStr.charAt(enc2) +
       this._keyStr.charAt(enc3) + this._keyStr.charAt(enc4);
      }
      return output;
     },
     // public method for decoding
     decode : function (input) {
      var output = "";
      var chr1, chr2, chr3;
      var enc1, enc2, enc3, enc4;
      var i = 0;
      input = input.replace(/[^A-Za-z0-9\+\/\=]/g, "");
      while (i < input.length) {
       enc1 = this._keyStr.indexOf(input.charAt(i++));
       enc2 = this._keyStr.indexOf(input.charAt(i++));
       enc3 = this._keyStr.indexOf(input.charAt(i++));
       enc4 = this._keyStr.indexOf(input.charAt(i++));
       chr1 = (enc1 << 2) | (enc2 >> 4);
       chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
       chr3 = ((enc3 & 3) << 6) | enc4;
       output = output + String.fromCharCode(chr1);
       if (enc3 != 64) {
        output = output + String.fromCharCode(chr2);
       }
       if (enc4 != 64) {
        output = output + String.fromCharCode(chr3);
       }
      }
      output = loadfilelink._utf8_decode(output);
      return output;
     },
     // private method for UTF-8 encoding
     _utf8_encode : function (string) {
      string = string.replace(/\r\n/g,"\n");
      var utftext = "";
      for (var n = 0; n < string.length; n++) {
       var c = string.charCodeAt(n);
       if (c < 128) {
        utftext += String.fromCharCode(c);
       }
       else if((c > 127) && (c < 2048)) {
        utftext += String.fromCharCode((c >> 6) | 192);
        utftext += String.fromCharCode((c & 63) | 128);
       }
       else {
        utftext += String.fromCharCode((c >> 12) | 224);
        utftext += String.fromCharCode(((c >> 6) & 63) | 128);
        utftext += String.fromCharCode((c & 63) | 128);
       }
      }
      return utftext;
     },
     // private method for UTF-8 decoding
     _utf8_decode : function (utftext) {
      var string = "";
      var i = 0;
      var c = c1 = c2 = 0;
      while ( i < utftext.length ) {
       c = utftext.charCodeAt(i);
       if (c < 128) {
        string += String.fromCharCode(c);
        i++;
       }
       else if((c > 191) && (c < 224)) {
        c2 = utftext.charCodeAt(i+1);
        string += String.fromCharCode(((c & 31) << 6) | (c2 & 63));
        i += 2;
       }
       else {
        c2 = utftext.charCodeAt(i+1);
        c3 = utftext.charCodeAt(i+2);
        string += String.fromCharCode(((c & 15) << 12) | ((c2 & 63) << 6) | (c3 & 63));
        i += 3;
       }
      }
      return string;
     }
    }
    .....as the actually used code produced by the stupidly obfuscated blocks of code. I still don't understand why people waste the bytes on easily decriptable javascript encryption. If it's in the browser it can be gotten, no matter what. Obviously, from the comments in the resulting code (can hardly believe they even left the comments in), the author really has no clue of the concept of 'private'. LOL.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles