decoding very difficult encrytion

[jule1980]

hello!

I am studying applied computer science im hamburg germany, since you wonder why I've tried this on my own. And "on my own" isn't even completely true, because I've already assigned my boyfriend with the job to do it, but he couldn't finish it.
My problem: I was trying to read and slightly edit a sourcecode of a encoded program.


the encoded string reads like this...

HTML Code:

eval(unescape("%66%75%6E%63%74%69%6F%6

which we could translate into

HTML Code:

<script language="JavaScript" type="text / javascript">
function hp_d11(s){var o="",ar=new Array(),os="",ic=0;for(i=0;i<s.length;i++){c=s.charCodeAt(i);if(c<128)c=c^2;os+=String.fromCharCode(c);if(os.length>80){ar[ic++]=os;os=""}}o=ar.join("")+os;return o}
</script>

this seems to be a function with which the rest is encoded
the second part reads like this

HTML Code:

eval(hp_d11(unescape("gtcn*dwlavkml*r.c.a.i.g.p+yg?dwlavkml*a+ypgvwpl*a>c=%25%258g*rcpqgKlv*a-c+

that is pretty much as far as we were getting.

since I couldn't attach any files, here is a link, where the html-file can be downloaded: http://www.speedshare.org/download.php?id=54FE64E611
can anybody help decode it?


Edit by admin: no contact info permitted on the forum, thank you

[astupidname]

Yet another stupid use of javascript... 4431 characters of so-called 'encrypted' code which actually provides 2781 characters of uncompressed actually used code.
You've apparently already figured out that it is two blocks of code and decrypted the first block. The second block is really just a matter of doing the same thing, just about. You use the result of the first block:

function hp_d11(s){var o="",ar=new Array(),os="",ic=0;for(i=0;i<s.length;i++){c=s.charCodeAt(i);if(c<128)c=c^2;os+=String.fromCharCode( c);if(os.length>80){ar[ic++]=os;os=""}}o=ar.join("")+os;return o}

To decrypt the second block, where the second block starts with 'eval(hp_d11(unescape("tcp%22' yada yada yada, so on and so forth... change that to: 'txt2 = unescape("tcp%22 yada yada yada, so on and so forth...' then remove two of the ')' characters from the very end of that block. Then do: 'AAAAA = hp_d11(txt2);' which returns the result of the second block as a string. Then do: 'document.write('<pre>'+AAAAA+'</pre>');' resulting in:

Code:

var loadfilelink = {
 // private property
 _keyStr : "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
 // public method for encoding
 encode : function (input) {
  var output = "";
  var chr1, chr2, chr3, enc1, enc2, enc3, enc4;
  var i = 0;
  input = loadfilelink._utf8_encode(input);
  while (i < input.length) {
   chr1 = input.charCodeAt(i++);
   chr2 = input.charCodeAt(i++);
   chr3 = input.charCodeAt(i++);
   enc1 = chr1 >> 2;
   enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
   enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
   enc4 = chr3 & 63;
   if (isNaN(chr2)) {
    enc3 = enc4 = 64;
   } else if (isNaN(chr3)) {
    enc4 = 64;
   }
   output = output +
   this._keyStr.charAt(enc1) + this._keyStr.charAt(enc2) +
   this._keyStr.charAt(enc3) + this._keyStr.charAt(enc4);
  }
  return output;
 },
 // public method for decoding
 decode : function (input) {
  var output = "";
  var chr1, chr2, chr3;
  var enc1, enc2, enc3, enc4;
  var i = 0;
  input = input.replace(/[^A-Za-z0-9\+\/\=]/g, "");
  while (i < input.length) {
   enc1 = this._keyStr.indexOf(input.charAt(i++));
   enc2 = this._keyStr.indexOf(input.charAt(i++));
   enc3 = this._keyStr.indexOf(input.charAt(i++));
   enc4 = this._keyStr.indexOf(input.charAt(i++));
   chr1 = (enc1 << 2) | (enc2 >> 4);
   chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
   chr3 = ((enc3 & 3) << 6) | enc4;
   output = output + String.fromCharCode(chr1);
   if (enc3 != 64) {
    output = output + String.fromCharCode(chr2);
   }
   if (enc4 != 64) {
    output = output + String.fromCharCode(chr3);
   }
  }
  output = loadfilelink._utf8_decode(output);
  return output;
 },
 // private method for UTF-8 encoding
 _utf8_encode : function (string) {
  string = string.replace(/\r\n/g,"\n");
  var utftext = "";
  for (var n = 0; n < string.length; n++) {
   var c = string.charCodeAt(n);
   if (c < 128) {
    utftext += String.fromCharCode(c);
   }
   else if((c > 127) && (c < 2048)) {
    utftext += String.fromCharCode((c >> 6) | 192);
    utftext += String.fromCharCode((c & 63) | 128);
   }
   else {
    utftext += String.fromCharCode((c >> 12) | 224);
    utftext += String.fromCharCode(((c >> 6) & 63) | 128);
    utftext += String.fromCharCode((c & 63) | 128);
   }
  }
  return utftext;
 },
 // private method for UTF-8 decoding
 _utf8_decode : function (utftext) {
  var string = "";
  var i = 0;
  var c = c1 = c2 = 0;
  while ( i < utftext.length ) {
   c = utftext.charCodeAt(i);
   if (c < 128) {
    string += String.fromCharCode(c);
    i++;
   }
   else if((c > 191) && (c < 224)) {
    c2 = utftext.charCodeAt(i+1);
    string += String.fromCharCode(((c & 31) << 6) | (c2 & 63));
    i += 2;
   }
   else {
    c2 = utftext.charCodeAt(i+1);
    c3 = utftext.charCodeAt(i+2);
    string += String.fromCharCode(((c & 15) << 12) | ((c2 & 63) << 6) | (c3 & 63));
    i += 3;
   }
  }
  return string;
 }
}

.....as the actually used code produced by the stupidly obfuscated blocks of code. I still don't understand why people waste the bytes on easily decriptable javascript encryption. If it's in the browser it can be gotten, no matter what. Obviously, from the comments in the resulting code (can hardly believe they even left the comments in), the author really has no clue of the concept of 'private'. LOL.