Decoding JavaScript
|
05-18-2013, 01:28 AM
(This post was last modified: 05-18-2013 02:42 AM by Cyko.)
Post: #1
|
|||
|
|||
Decoding JavaScript
The principle is fairly simple, all encoded JavaScript can be decoded (whether tough or not), simply because:
All encoded JavaScript is using either one or both of the following techniques:
Manual Decoding Caution: Encoded JavaScript is often malicious therefore doing so manually could be dangerous (if done incorrectly). I can not be specific seeing as there are different variations out there, but most seem to follow the same pattern - they generally contain an 'eval'. Therefore to decode you can surround it with 'textarea' tags (to grab the output) and replace the 'eval' with 'document.write' (so it does not execute the code but prints/writes it) - doing this (may need to do it repeatedly until you do not see any encoded code anymore) - should give you the decoded. Note: To all you familiar with decoding PHP you will find similarities when doing this... Below is an example - hoping it will improve your understanding (it might be best if you follow the steps below and give it a go/try!): You will need the following to give it a go:
Here is our encoded JavaScript code (which we will be decoding): Code: http://pastebin.com/BdYkkzda 1. The decoder (the code to actually decode this all) is within the encoded code, in the first part: Code: http://pastebin.com/KUNBat6j 2. Decode the code from step 1 using PHP's urldecode() function (my preferred method, can also be done with JavaScript or via an online function website), as so: PHP Code: http://pastebin.com/tzZNPTaz 3. Run/execute the code from step 2 in your browser, which would output the following (the decode function): Code: http://pastebin.com/2J5YZf2f 4. Overwrite the encoded code in step 1 with the decode function in step 3, and it should now look like the following: Code: http://pastebin.com/ujjAj5fL 5. Wrap script tags around the code from step 4, as follows: Code: http://pastebin.com/tkaABXMM 6. Now we are going to surround the second part of the encoding (the encoded code) with textarea tags (to grab the output) and replace the 'eval' with 'document.write' (so it does not execute the code but prints/writes it), it should now look like the following: Code: http://pastebin.com/krk0dcLS 7. Run/execute the code from step 6 in your browser, and you should see some eval(function.... code within a textarea, right click within the textarea and 'Select All', then once the code is highlighted, right click again and select 'Copy', you should now have copied the following code: Code: http://pastebin.com/1Nhnnc6U 8. Do what you did in step 5 and step 6 to the code in step 7, by now it should look like the following: Code: http://pastebin.com/czvJ9Sgq 9. Run/execute the code from step 8 in your browser and you should see the final decoded code: Code: http://pastebin.com/SJGQKEgL 10. Lastly and optionally to improve readability run the code from step 9 through jsbeautifier (just remember to add the script tags ): Code: http://pastebin.com/7AnzsKq3 Was not so hard after all was it? Automatic Decoding Luckily there are some automated solutions which are not only quick but are also the safest (as they are doing all the work therefore there are no risks on your side).
Do let me know if this helped at all! Note: This is an old article written by me in 2010/2011? (it was originally on my now non-existent website). Sorry about me using paste-bin for all code - forums tend to have character limits. |
|||
« Next Oldest | Next Newest »
|
User(s) browsing this thread: 1 Guest(s)