dcsimg
www.webdeveloper.com
Results 1 to 10 of 10

Thread: is this script encoded ?

  1. #1
    Join Date
    Jul 2014
    Posts
    1

    is this script encoded ?

    var msg1 = 'You will receive';

    var hideref = 2;
    var rs_key = 'W6DhjcqWosUa';
    eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('6 4;6 L=M.y/2-1q;6 N=M.O/2-1r;6 z=\'1s=f,1t=f,1u=f,1v=f,1w=f,1x=P,1y=P,1z=f,y=1A,O=1B,1C=\'+N+\',1D=\'+L;3 1E(){7(4){Q()}g{R();A()}}3 R(){4=S.T(\'1F:1G\',"U",z);B()}3 B(){7(!4||4.C){}g{$.j({k:"D",8:"l/V/E/W.m",n:h,F:"1H=1",o:3(a){X(a){G\'1I\':Y();i;Z:6 b=1J.1K(a);6 c=b[\'8\'];7(p==1){c=\'10://p.11/?\'+b[\'8\']}g 7(p==2&&12!=\'0\'){c=\'10://1L.p.11/r/\'+12+\'/\'+b[\'8\']}4=S.T(c,"U",z);13(b[\'H\'],b[\'14\']);$(\'#q\').15();$(\'#q\').9(\'<5 16="1M:#1N;1O:1P 1Q;17:#18;y:1R;1S:1T;19-1U:1V"><1a 1b="I">\'+b[\'14\']+\'</1a> <a 1c="\'+b[\'8\']+\'" 1W="1X" 16="17:#18"><b>\'+b[\'1d\']+\'</b></a> <a 1c="1Y:1Z(0);" 20="1e(\\\'\'+b[\'H\']+\'\\\',\\\'\'+b[\'21\']+\'\\\',\\\'E\\\');"><1f 22="1f/1g.23" 24="1h" 1d="1h" 19="0" /></a><25 />\'+26+\' \'+b[\'27\']+\' \'+28+\'</5>\');i}}});$(\'#s\').9(29)}}6 t;3 13(b,c){t=J(3(){$.j({k:"D",8:"l/V/E/W.m",n:h,F:"2a=1&H="+b,o:3(a){B()}})},(c*1i));u((c-1),1);1j()}3 v(){u(0,0);t=1k(t);4=h}6 w;3 u(a,b){7(a>0){$(\'#I\').9(a);w=J(\'u(\'+(a-1)+\', 1);\',1i)}g{$(\'#I\').9(\'0\')}7(b==0){w=1k(w)}}3 Y(){4.1l();$(\'#q\').1m();$(\'#s\').1m();$(\'#1n\').15();$(\'#1n\').9(\'<5 x="1o"><5 x="2b">\'+2c+\'</5></5>\');v()}3 Q(){7(4){4.1l();$(\'#s\').9(1p);v()}}3 A(){7(!4||4.C||4.C==\'2d\'){$(\'#q\').9(\'<5 x="1o"><5 x="2e">\'+2f+\'</5></5>\');$(\'#s\').9(1p);v()}g{J(3(){A()},2g)}}3 1j(){$.j({k:"2h",8:"l/2i.m",n:h,o:3(a){$("#2j").9(a)}})}3 1e(a,b,c){6 e=2k(2l);7(e){$.j({k:"D",8:"l/1g.m",n:h,F:"1b="+a+"&8="+b+"&2m="+c+"&2n="+e,o:3(d){X(d){G\'1\':K(2o);2p(a,\'1\');i;G\'2\':K(2q);i; Z:K(2r);i}}})}}',62,152,'|||function|surfWindow|div|var|if|url|html||||||no|else|false|break|ajax|ty pe|system|php|cache|success|hideref|surfInfo||surfButton|exe_count|displayCountdown|stopExec|exe_cd| class|width|surfWindowParams|checkWin|openWin|closed|POST|surf|data|case|sid|countDown|setTimeout|al ert|aLeft|screen|aTop|height|yes|closeWin|emptyWindow|window|open|TrafficExchange|modules|process|sw itch|noSites|default|http|org|rs_key|startExec|time|show|style|color|171717|border|span|id|href|titl e|report_page|img|report|Report|1000|refresh_coins|clearTimeout|close|hide|surfHint|msg|msg2|400|300 |toolbar|location|directories|status|menubar|scrollbars|resizable|copyhistory|800|600|top|left|start Surf|about|blank|get|NO_SITE|jQuery|parseJSON|rs|background|efefef|margin|2px|auto|280px|padding|4px |radius|3px|target|_blank|javascript|void|onclick|eurl|src|png|alt|br|msg1|cpc|msg6|msg3|complete|in fo|msg4|undefined|error|msg5|200|GET|uCoins|c_coins|prompt|report_msg1|module|reason|report_msg2|ski puser|report_msg4|report_msg3'.split('|'),0,{}))

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    20,080
    If you did not write this and don't know where it came from, get rid of it. Malicious hackers often try to inject eval()'d stuff like that to make it harder to detect. (Of course, if you just scan for "eval" you can find that stuff, as there are very, very few good reasons for using it.)
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

  3. #3
    Join Date
    Apr 2014
    Posts
    34
    It looks like it might be minified

    ----------------
    webdev_monkey
    www.online-webdev-tools.com

  4. #4
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    20,080
    Quote Originally Posted by webdev_monkey View Post
    It looks like it might be minified

    ----------------
    webdev_monkey
    www.online-webdev-tools.com
    Does minify use eval()? If so: yuck! (I'm admittedly mainly a PHP specialist, so don't know -- but I do know that eval() in PHP is almost always a no-no.)
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

  5. #5
    Join Date
    Oct 2012
    Location
    Croatia
    Posts
    255
    It's definitely not encoded but it's not formatted to look good!

  6. #6
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,882
    It looks like it is for decoding a page that has some payload (encoded material).
    STOP using $ prefix on JavaScript variable names...
    Please remember to wrap any code you have in forum tags:-

    [CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]

    If you can't think outside the box, you will be trapped forever with no escape...

  7. #7
    It's compressed using Base62 akin to what Dean Edward's Packer 3.1 does. The uncompressed version of that script looks something like this:

    Code:
    var surfWindow;
    var aLeft = screen.width / 2 - 400;
    var aTop = screen.height / 2 - 300;
    var surfWindowParams = 'toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no,width=800,height=600,top=' + aTop + ',left=' + aLeft;
    
    function start Surf() {
    	if (surfWindow) {
    		closeWin()
    	} else {
    		emptyWindow();
    		checkWin()
    	}
    }
    
    function emptyWindow() {
    	surfWindow = window.open('about:blank', "TrafficExchange", surfWindowParams);
    	openWin()
    }
    
    function openWin() {
    	if (!surfWindow || surfWindow.closed) {} else {
    		$.ajax({
    			type: "POST",
    			url: "system/modules/surf/process.php",
    			cache: false,
    			data: "get=1",
    			success: function (a) {
    				switch(a) {
    				case 'NO_SITE':
    					noSites();
    					break;
    				default:
    					var b = jQuery.parseJSON(a);
    					var c = b['url'];
    					if (hideref == 1) {
    						c = 'http://hideref.org/?' + b['url']
    					} else if (hideref == 2 && rs_key != '0') {
    						c = 'http://rs.hideref.org/r/' + rs_key + '/' + b['url']
    					}
    					surfWindow = window.open(c, "TrafficExchange", surfWindowParams);
    					startExec(b['sid'], b['time']);
    					$('#surfInfo').show();
    					$('#surfInfo').html('<div style="background:#efefef;margin:2px auto;color:#171717;width:280px;padding:4px ;border-radius:3px"><span id="countDown">' + b['time'] + '</span> <a href="' + b['url'] + '" target="_blank" style="color:#171717"><b>' + b['titl e'] + '</b></a> <a href="javascript:void(0);" onclick="report_page(\'' + b['sid'] + '\',\'' + b['eurl'] + '\',\'surf\');"><img src="img/report.png" alt="Report" titl e="Report" border="0" /></a><br />' + msg1 + ' ' + b['cpc'] + ' ' + msg6 + '</div>');
    					break
    				}
    			}
    		});
    		$('#surfButton').html(msg3)
    	}
    }
    
    var exe_count;
    
    function startExec(b, c) {
    	exe_count = setTimeout(function () {
    		$.ajax({
    			type: "POST",
    			url: "system/modules/surf/process.php",
    			cache: false,
    			data: "complete=1&sid=" + b,
    			success: function (a) {
    				openWin()
    			}
    		})
    	},
    	(c * 1000));
    	displayCountdown((c - 1), 1);
    	refresh_coins()
    }
    
    function stopExec() {
    	displayCountdown(0, 0);
    	exe_count = clearTimeout(exe_count);
    	surfWindow = false
    }
    
    var exe_cd;
    
    function displayCountdown(a, b) {
    	if (a > 0) {
    		$('#countDown').html(a);
    		exe_cd = setTimeout('displayCountdown(' + (a - 1) + ', 1);', 1000)
    	} else {
    		$('#countDown').html('0')
    	}
    	if (b == 0) {
    		exe_cd = clearTimeout(exe_cd)
    	}
    }
    function noSites() {
    	surfWindow.close();
    	$('#surfInfo').hide();
    	$('#surfButton').hide();
    	$('#surfHint').show();
    	$('#surfHint').html('<div  class="msg"><div class="info">' + msg4 + '</div></div>');
    	stopExec()
    }
    function closeWin() {
    	if (surfWindow) {
    		surfWindow.close();
    		$('#surfButton').html(msg2);
    		stopExec()
    	}
    }
    function checkWin() {
    	if (!surfWindow || surfWindow.closed || surfWindow.closed == 'undefined') {
    		$('#surfInfo').html('<div  class="msg"><div  class="error">' + msg5 + '</div></div>');
    		$('#surfButton').html(msg2);
    		stopExec()
    	} else setTimeout(function () { checkWin() }, 200);
    }
    function refresh_coins() {
    	$.ajax({
    		type: "GET",
    		url: "system/uCoins.php",
    		cache: false,
    		success: function (a) {
    			$("#c_coins").html(a)
    		}
    	})
    }
    function report_page(a, b, c) {
    	var e = prompt(report_msg1);
    	if (e) {
    		$.ajax({
    			type: "POST",
    			url: "system/report.php",
    			cache: false,
    			data: "id=" + a + "&url=" + b + "&module=" + c + "&reason=" + e,
    			success: function (d) {
    				switch (d) {
    				case '1':
    					alert(report_msg2);
    					skipuser(a, '1');
    					break;
    				case '2':
    					alert(report_msg4);
    					break;
    				default:
    					alert(report_msg3);
    					break
    				}
    			}
    		})
    	}
    }
    A lot of people go nuts with things like extra compression of their scripting, and much like white-space stripping before it I still say it's more used to sweep poor coding practices under the rug than it is about saving bandwidth.

    ... and yeah, most 'packers' use eval() to function -- in this case it's called BASE63 encoding. Laughably it makes the resulting code slower in the name of making it faster :/

    For laughs, you can compare the results of the major reliable JS compression systems here:
    http://compressorrater.thruhere.net/

    For example I run my elementals.js library through it, and with just packer's "shrink" it goes from 15723 bytes to 11407 bytes -- almost worth it... but you add base62 and privateVars to it and it drops to 8236 bytes -- ALMOST HALF. (too bad it also breaks the codebase)

    But if you compare those same files served gzipped via mod_deflate, it becomes a lot less impressive. The original code being 4627 bytes, the 'shrink' being 3805 bytes, and the base62+privateVars actually being BIGGER than just the shrink at 4129 bytes.

    Base62 is really just a case of trying too hard, especially since in most cases it makes the gzipped version bigger than just a normal whitespace stripping.

    Hope this helps.

  8. #8
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,882
    Well its more a case of people go nuts with extra obfuscation of "Their Code" because they want to protect something that can't be hidden or compiled.

    The reality is that if you want to write a web based program that runs in a web browser, you use Java and not JavaScript.
    STOP using $ prefix on JavaScript variable names...
    Please remember to wrap any code you have in forum tags:-

    [CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]

    If you can't think outside the box, you will be trapped forever with no escape...

  9. #9
    Quote Originally Posted by \\.\ View Post
    Well its more a case of people go nuts with extra obfuscation of "Their Code" because they want to protect something that can't be hidden or compiled.
    Not entirely, though that is indeed often the case. Really though if it's a web technology that runs client side, there is no obfuscation that will stop anyone.

    There are cases though where I get the feeling that people are using bandwidth as an excuse for obfuscation. It's not why they are doing it, it's why they CLAIM they are doing it.

  10. #10
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,882
    That is what I am saying, you can't hide code or protect it and the main fear is that people don't want what they have written copied and pasted in to someone elses work.

    If JavaScript could be compiled like JScript can, then this would be a whole new ball game.

    If people want to properly copyright and protect, they need a compiled language which JavaScript is not.
    STOP using $ prefix on JavaScript variable names...
    Please remember to wrap any code you have in forum tags:-

    [CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]

    If you can't think outside the box, you will be trapped forever with no escape...

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles