Deobfuscating js code


#1

Hello everyone!
I am learning about web security and have run into the following problem.
Haven’t been able to decode this js code:

Does anyone know how this code works?


#2

Looks like bunch of emojis :stuck_out_tongue:


#3

My best bet would be those parts are XOR.
From what I gathered this code actually contains just two variables with values.


#4

I’ve only looked briefly, but this code seems incomplete.

It is setting: _x='64f1067a0f83b27973d4064a7962cb98' and _y='25e61163213e2721ce91adedeea4f26f'.

Is there supposed to be more to this?


#5

Maybe not. Care to provide some insight into how did you get those values from this?


(N M ) #6

Its using JJencode, have a google you will find some encoders and decoders

Decoding will get you
((function $anonymous$(){return"ale\162t(\"\110ello,\40\112a\166a\123c\162\151\160t\"\40)"}))

Replacing the escaped characters (oct numbers) you get
((function $anonymous$(){return"alert(\"Hello, JavaScript)"}))


#7

Oh so its a known encoder! Ok I’m going to look into jjencode and try to decrypt it.

Thank you for the tip!


#8

By looking at it it seems its not only jjencode because the decryptors don’t work for me.
Also by examining jjencode encoded code I can see it doesn’t use parts like (c^^o)+(o^^o).

@Towel managed to post the solution in under 10 minutes. Perhaps he can shed some light on this.


#9

@N.M This is false. That is the output Hackvertor gives you by default, even if there is an error with the decoding.


(system) #10

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.