www.webdeveloper.com
Results 1 to 10 of 10

Thread: is this script encoded ?

  1. #1
    Join Date
    Jul 2014
    Posts
    1

    is this script encoded ?

    var msg1 = 'You will receive';

    var hideref = 2;
    var rs_key = 'W6DhjcqWosUa';
    eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('6 4;6 L=M.y/2-1q;6 N=M.O/2-1r;6 z=\'1s=f,1t=f,1u=f,1v=f,1w=f,1x=P,1y=P,1z=f,y=1A,O=1B,1C=\'+N+\',1D=\'+L;3 1E(){7(4){Q()}g{R();A()}}3 R(){4=S.T(\'1F:1G\',"U",z);B()}3 B(){7(!4||4.C){}g{$.j({k:"D",8:"l/V/E/W.m",n:h,F:"1H=1",o:3(a){X(a){G\'1I\':Y();i;Z:6 b=1J.1K(a);6 c=b[\'8\'];7(p==1){c=\'10://p.11/?\'+b[\'8\']}g 7(p==2&&12!=\'0\'){c=\'10://1L.p.11/r/\'+12+\'/\'+b[\'8\']}4=S.T(c,"U",z);13(b[\'H\'],b[\'14\']);$(\'#q\').15();$(\'#q\').9(\'<5 16="1M:#1N;1O:1P 1Q;17:#18;y:1R;1S:1T;19-1U:1V"><1a 1b="I">\'+b[\'14\']+\'</1a> <a 1c="\'+b[\'8\']+\'" 1W="1X" 16="17:#18"><b>\'+b[\'1d\']+\'</b></a> <a 1c="1Y:1Z(0);" 20="1e(\\\'\'+b[\'H\']+\'\\\',\\\'\'+b[\'21\']+\'\\\',\\\'E\\\');"><1f 22="1f/1g.23" 24="1h" 1d="1h" 19="0" /></a><25 />\'+26+\' \'+b[\'27\']+\' \'+28+\'</5>\');i}}});$(\'#s\').9(29)}}6 t;3 13(b,c){t=J(3(){$.j({k:"D",8:"l/V/E/W.m",n:h,F:"2a=1&H="+b,o:3(a){B()}})},(c*1i));u((c-1),1);1j()}3 v(){u(0,0);t=1k(t);4=h}6 w;3 u(a,b){7(a>0){$(\'#I\').9(a);w=J(\'u(\'+(a-1)+\', 1);\',1i)}g{$(\'#I\').9(\'0\')}7(b==0){w=1k(w)}}3 Y(){4.1l();$(\'#q\').1m();$(\'#s\').1m();$(\'#1n\').15();$(\'#1n\').9(\'<5 x="1o"><5 x="2b">\'+2c+\'</5></5>\');v()}3 Q(){7(4){4.1l();$(\'#s\').9(1p);v()}}3 A(){7(!4||4.C||4.C==\'2d\'){$(\'#q\').9(\'<5 x="1o"><5 x="2e">\'+2f+\'</5></5>\');$(\'#s\').9(1p);v()}g{J(3(){A()},2g)}}3 1j(){$.j({k:"2h",8:"l/2i.m",n:h,o:3(a){$("#2j").9(a)}})}3 1e(a,b,c){6 e=2k(2l);7(e){$.j({k:"D",8:"l/1g.m",n:h,F:"1b="+a+"&8="+b+"&2m="+c+"&2n="+e,o:3(d){X(d){G\'1\':K(2o);2p(a,\'1\');i;G\'2\':K(2q);i; Z:K(2r);i}}})}}',62,152,'|||function|surfWindow|div|var|if|url|html||||||no|else|false|break|ajax|ty pe|system|php|cache|success|hideref|surfInfo||surfButton|exe_count|displayCountdown|stopExec|exe_cd| class|width|surfWindowParams|checkWin|openWin|closed|POST|surf|data|case|sid|countDown|setTimeout|al ert|aLeft|screen|aTop|height|yes|closeWin|emptyWindow|window|open|TrafficExchange|modules|process|sw itch|noSites|default|http|org|rs_key|startExec|time|show|style|color|171717|border|span|id|href|titl e|report_page|img|report|Report|1000|refresh_coins|clearTimeout|close|hide|surfHint|msg|msg2|400|300 |toolbar|location|directories|status|menubar|scrollbars|resizable|copyhistory|800|600|top|left|start Surf|about|blank|get|NO_SITE|jQuery|parseJSON|rs|background|efefef|margin|2px|auto|280px|padding|4px |radius|3px|target|_blank|javascript|void|onclick|eurl|src|png|alt|br|msg1|cpc|msg6|msg3|complete|in fo|msg4|undefined|error|msg5|200|GET|uCoins|c_coins|prompt|report_msg1|module|reason|report_msg2|ski puser|report_msg4|report_msg3'.split('|'),0,{}))

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,538
    If you did not write this and don't know where it came from, get rid of it. Malicious hackers often try to inject eval()'d stuff like that to make it harder to detect. (Of course, if you just scan for "eval" you can find that stuff, as there are very, very few good reasons for using it.)
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Apr 2014
    Posts
    34
    It looks like it might be minified

    ----------------
    webdev_monkey
    www.online-webdev-tools.com

  4. #4
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,538
    Quote Originally Posted by webdev_monkey View Post
    It looks like it might be minified

    ----------------
    webdev_monkey
    www.online-webdev-tools.com
    Does minify use eval()? If so: yuck! (I'm admittedly mainly a PHP specialist, so don't know -- but I do know that eval() in PHP is almost always a no-no.)
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  5. #5
    Join Date
    Oct 2012
    Location
    Croatia
    Posts
    255
    It's definitely not encoded but it's not formatted to look good!

  6. #6
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,415
    It looks like it is for decoding a page that has some payload (encoded material).
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

  7. #7
    It's compressed using Base62 akin to what Dean Edward's Packer 3.1 does. The uncompressed version of that script looks something like this:

    Code:
    var surfWindow;
    var aLeft = screen.width / 2 - 400;
    var aTop = screen.height / 2 - 300;
    var surfWindowParams = 'toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no,width=800,height=600,top=' + aTop + ',left=' + aLeft;
    
    function start Surf() {
    	if (surfWindow) {
    		closeWin()
    	} else {
    		emptyWindow();
    		checkWin()
    	}
    }
    
    function emptyWindow() {
    	surfWindow = window.open('about:blank', "TrafficExchange", surfWindowParams);
    	openWin()
    }
    
    function openWin() {
    	if (!surfWindow || surfWindow.closed) {} else {
    		$.ajax({
    			type: "POST",
    			url: "system/modules/surf/process.php",
    			cache: false,
    			data: "get=1",
    			success: function (a) {
    				switch(a) {
    				case 'NO_SITE':
    					noSites();
    					break;
    				default:
    					var b = jQuery.parseJSON(a);
    					var c = b['url'];
    					if (hideref == 1) {
    						c = 'http://hideref.org/?' + b['url']
    					} else if (hideref == 2 && rs_key != '0') {
    						c = 'http://rs.hideref.org/r/' + rs_key + '/' + b['url']
    					}
    					surfWindow = window.open(c, "TrafficExchange", surfWindowParams);
    					startExec(b['sid'], b['time']);
    					$('#surfInfo').show();
    					$('#surfInfo').html('<div style="background:#efefef;margin:2px auto;color:#171717;width:280px;padding:4px ;border-radius:3px"><span id="countDown">' + b['time'] + '</span> <a href="' + b['url'] + '" target="_blank" style="color:#171717"><b>' + b['titl e'] + '</b></a> <a href="javascript:void(0);" onclick="report_page(\'' + b['sid'] + '\',\'' + b['eurl'] + '\',\'surf\');"><img src="img/report.png" alt="Report" titl e="Report" border="0" /></a><br />' + msg1 + ' ' + b['cpc'] + ' ' + msg6 + '</div>');
    					break
    				}
    			}
    		});
    		$('#surfButton').html(msg3)
    	}
    }
    
    var exe_count;
    
    function startExec(b, c) {
    	exe_count = setTimeout(function () {
    		$.ajax({
    			type: "POST",
    			url: "system/modules/surf/process.php",
    			cache: false,
    			data: "complete=1&sid=" + b,
    			success: function (a) {
    				openWin()
    			}
    		})
    	},
    	(c * 1000));
    	displayCountdown((c - 1), 1);
    	refresh_coins()
    }
    
    function stopExec() {
    	displayCountdown(0, 0);
    	exe_count = clearTimeout(exe_count);
    	surfWindow = false
    }
    
    var exe_cd;
    
    function displayCountdown(a, b) {
    	if (a > 0) {
    		$('#countDown').html(a);
    		exe_cd = setTimeout('displayCountdown(' + (a - 1) + ', 1);', 1000)
    	} else {
    		$('#countDown').html('0')
    	}
    	if (b == 0) {
    		exe_cd = clearTimeout(exe_cd)
    	}
    }
    function noSites() {
    	surfWindow.close();
    	$('#surfInfo').hide();
    	$('#surfButton').hide();
    	$('#surfHint').show();
    	$('#surfHint').html('<div  class="msg"><div class="info">' + msg4 + '</div></div>');
    	stopExec()
    }
    function closeWin() {
    	if (surfWindow) {
    		surfWindow.close();
    		$('#surfButton').html(msg2);
    		stopExec()
    	}
    }
    function checkWin() {
    	if (!surfWindow || surfWindow.closed || surfWindow.closed == 'undefined') {
    		$('#surfInfo').html('<div  class="msg"><div  class="error">' + msg5 + '</div></div>');
    		$('#surfButton').html(msg2);
    		stopExec()
    	} else setTimeout(function () { checkWin() }, 200);
    }
    function refresh_coins() {
    	$.ajax({
    		type: "GET",
    		url: "system/uCoins.php",
    		cache: false,
    		success: function (a) {
    			$("#c_coins").html(a)
    		}
    	})
    }
    function report_page(a, b, c) {
    	var e = prompt(report_msg1);
    	if (e) {
    		$.ajax({
    			type: "POST",
    			url: "system/report.php",
    			cache: false,
    			data: "id=" + a + "&url=" + b + "&module=" + c + "&reason=" + e,
    			success: function (d) {
    				switch (d) {
    				case '1':
    					alert(report_msg2);
    					skipuser(a, '1');
    					break;
    				case '2':
    					alert(report_msg4);
    					break;
    				default:
    					alert(report_msg3);
    					break
    				}
    			}
    		})
    	}
    }
    A lot of people go nuts with things like extra compression of their scripting, and much like white-space stripping before it I still say it's more used to sweep poor coding practices under the rug than it is about saving bandwidth.

    ... and yeah, most 'packers' use eval() to function -- in this case it's called BASE63 encoding. Laughably it makes the resulting code slower in the name of making it faster :/

    For laughs, you can compare the results of the major reliable JS compression systems here:
    http://compressorrater.thruhere.net/

    For example I run my elementals.js library through it, and with just packer's "shrink" it goes from 15723 bytes to 11407 bytes -- almost worth it... but you add base62 and privateVars to it and it drops to 8236 bytes -- ALMOST HALF. (too bad it also breaks the codebase)

    But if you compare those same files served gzipped via mod_deflate, it becomes a lot less impressive. The original code being 4627 bytes, the 'shrink' being 3805 bytes, and the base62+privateVars actually being BIGGER than just the shrink at 4129 bytes.

    Base62 is really just a case of trying too hard, especially since in most cases it makes the gzipped version bigger than just a normal whitespace stripping.

    Hope this helps.

  8. #8
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,415
    Well its more a case of people go nuts with extra obfuscation of "Their Code" because they want to protect something that can't be hidden or compiled.

    The reality is that if you want to write a web based program that runs in a web browser, you use Java and not JavaScript.
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

  9. #9
    Quote Originally Posted by \\.\ View Post
    Well its more a case of people go nuts with extra obfuscation of "Their Code" because they want to protect something that can't be hidden or compiled.
    Not entirely, though that is indeed often the case. Really though if it's a web technology that runs client side, there is no obfuscation that will stop anyone.

    There are cases though where I get the feeling that people are using bandwidth as an excuse for obfuscation. It's not why they are doing it, it's why they CLAIM they are doing it.

  10. #10
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,415
    That is what I am saying, you can't hide code or protect it and the main fear is that people don't want what they have written copied and pasted in to someone elses work.

    If JavaScript could be compiled like JScript can, then this would be a whole new ball game.

    If people want to properly copyright and protect, they need a compiled language which JavaScript is not.
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles