Deobfuscating js code


Hello everyone!
I am learning about web security and have run into the following problem.
Haven’t been able to decode this js code:

Does anyone know how this code works?


Looks like bunch of emojis :stuck_out_tongue:


My best bet would be those parts are XOR.
From what I gathered this code actually contains just two variables with values.


I’ve only looked briefly, but this code seems incomplete.

It is setting: _x='64f1067a0f83b27973d4064a7962cb98' and _y='25e61163213e2721ce91adedeea4f26f'.

Is there supposed to be more to this?


Maybe not. Care to provide some insight into how did you get those values from this?

(N M ) #6

Its using JJencode, have a google you will find some encoders and decoders

Decoding will get you
((function $anonymous$(){return"ale\162t(\"\110ello,\40\112a\166a\123c\162\151\160t\"\40)"}))

Replacing the escaped characters (oct numbers) you get
((function $anonymous$(){return"alert(\"Hello, JavaScript)"}))


Oh so its a known encoder! Ok I’m going to look into jjencode and try to decrypt it.

Thank you for the tip!


By looking at it it seems its not only jjencode because the decryptors don’t work for me.
Also by examining jjencode encoded code I can see it doesn’t use parts like (c^^o)+(o^^o).

@Towel managed to post the solution in under 10 minutes. Perhaps he can shed some light on this.


@N.M This is false. That is the output Hackvertor gives you by default, even if there is an error with the decoding.

(system) #10

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.