CODEWITHSUNDEEP
javascriptobfuscation
Victor
Victor

Reputation: 9

Javascript obfuscation help

I need some help to understand how this code was obfuscated. The code is:

<a id="suggest" href="#" ajaxify="/ajax/social_graph/invite_dialog.php?class=FanManager&amp;node_id=108463912505356" class=" profile_action actionspro_a" rel="dialog-post">Suggest to Friends</a>

And the obfuscation is:

\x3c\x61\x20\x69\x64\x3d\x22\x73\x75\x67\x67\x65\x73\x74\x22\x20\x68\x72\x65\x66\x3d\x22\x23\x22\x20\x61\x6a\x61\x78\x69\x66\x79\x3d\x22\x2f\x61\x6a\x61\x78\x2f\x73\x6f\x63\x69\x61\x6c\x5f\x67\x72\x61\x70\x68\x2f\x69\x6e\x76\x69\x74\x65\x5f\x64\x69\x61\x6c\x6f\x67\x2e\x70\x68\x70\x3f\x63\x6c\x61\x73\x73\x3d\x46\x61\x6e\x4d\x61\x6e\x61\x67\x65\x72\x26\x61\x6d\x70\x3b\x6e\x6f\x64\x65\x5f\x69\x64\x3d\x31\x30\x38\x34\x36\x33\x39\x31\x32\x35\x30\x35\x33\x35\x36\x22\x20\x63\x6c\x61\x73\x73\x3d\x22\x20\x70\x72\x6f\x66\x69\x6c\x65\x5f\x61\x63\x74\x69\x6f\x6e\x20\x61\x63\x74\x69\x6f\x6e\x73\x70\x72\x6f\x5f\x61\x22\x20\x72\x65\x6c\x3d\x22\x64\x69\x61\x6c\x6f\x67\x2d\x70\x6f\x73\x74\x22\x3e\x53\x75\x67\x67\x65\x73\x74\x20\x74\x6f\x20\x46\x72\x69\x65\x6e\x64\x73\x3c\x2f\x61\x3e","\x73\x75\x67\x67\x65\x73\x74

Now I used unescape on the above obfuscated code to read it. What I want to know is what exactly was used to obfuscate the code like that? Basically, I need to customize the readable code to the same obfuscation.

Any help would be greatly appreciated.

Upvotes: 0

Views: 1207

Answers (3)

user313594
user313594

Reputation: 31

If you are using unicode characters above 255, you will need some special handling. You will also need to make sure the hex codes are padded with 0s correctly, or the function will break for characters below 16 (such as \n and \t):

function obfuscate(str) {
  var escaped = [];
  for (var i = 0; i < str.length; i++) {
    var c = str.charCodeAt(i);
    var cs = "0000" + c.toString(16);
    if (c < 256) {
      cs = "\\x" + cs.substr(-2);
    } else {
      cs = "\\u" + cs.substr(-4);
    }
    escaped.push(cs);
  }
  return escaped.join('');
}

var ob = obfuscate("Hello world!");
alert(ob);

Upvotes: 2

Matthew Flaschen
Matthew Flaschen

Reputation: 284786

You shouldn't use obfuscation for anything serious, but it can be fun to play around with:

var readable = '<a id="suggest" href="#" ajaxify="/ajax/social_graph/invite_dialog.php?class=FanManager&amp;node_id=108463912505356" class=" profile_action actionspro_a" rel="dialog-post">Suggest to Friends</a>';

Array.prototype.map.call(readable,
function(c){
  return "\\x" + c.charCodeAt().toString(16);
}).join("");

Upvotes: 1

Ming-Tang
Ming-Tang

Reputation: 17651

Type the following code in the address bar:

javascript:alert("\x3c\x61\x20\x69\x64\x3d\x22\x73\x75\x67\x67\x65\x73\x74\x22\x20\x68\x72\x65\x66\x3d\x22\x23\x22\x20\x61\x6a\x61\x78\x69\x66\x79\x3d\x22\x2f\x61\x6a\x61\x78\x2f\x73\x6f\x63\x69\x61\x6c\x5f\x67\x72\x61\x70\x68\x2f\x69\x6e\x76\x69\x74\x65\x5f\x64\x69\x61\x6c\x6f\x67\x2e\x70\x68\x70\x3f\x63\x6c\x61\x73\x73\x3d\x46\x61\x6e\x4d\x61\x6e\x61\x67\x65\x72\x26\x61\x6d\x70\x3b\x6e\x6f\x64\x65\x5f\x69\x64\x3d\x31\x30\x38\x34\x36\x33\x39\x31\x32\x35\x30\x35\x33\x35\x36\x22\x20\x63\x6c\x61\x73\x73\x3d\x22\x20\x70\x72\x6f\x66\x69\x6c\x65\x5f\x61\x63\x74\x69\x6f\x6e\x20\x61\x63\x74\x69\x6f\x6e\x73\x70\x72\x6f\x5f\x61\x22\x20\x72\x65\x6c\x3d\x22\x64\x69\x61\x6c\x6f\x67\x2d\x70\x6f\x73\x74\x22\x3e\x53\x75\x67\x67\x65\x73\x74\x20\x74\x6f\x20\x46\x72\x69\x65\x6e\x64\x73\x3c\x2f\x61\x3e","\x73\x75\x67\x67\x65\x73\x74")

and it will get decoded.

Upvotes: 0

Related Questions