How to decrypt garbled javascript?

Discussion in 'Javascript' started by John Dalberg, Oct 27, 2005.

  1. John Dalberg

    John Dalberg Guest

    I have a js file that is encrypted or garbled, See example below. Does it
    need a decrypter or does Javascript know how to deal with it right off?

    This js file is causing an error under IE. Any ideas on how to convert it
    into human readable Javascript so I can debug it?

    sample:

    \x3E","\x3C/strong\x3E","\x3C/b\x3E","\x3Cem\x3E","\x3Ci\x3E","\x3C/em\x3E","\x3C/i\x3E","\x3Cbody
    contentEditable=true","\x3Cbody
    contentEditable=false","\x3Cp\x3E\x3C/p\x3E","\x3Cdiv\x3E\x3C/div\x3E","$1","\x3Chead\x3E\x0A","\x3Cbase
    href=\x22","\x22 /\x3E","\x3Cstyle\x3E body
    {padding:0px;margin:0px;","}\x3C/style\x3E\x0A","\x3C/head\x3E\x0A","\x3Cbody\x3E\x0A","\x3C/body\x3E\x0A","\x3C/html\x3E","text/html","replace","base","\x3CBASE
    href=\x22","\x22
    \x3E","EncodeHiddenValue","sthlastval","sthlasttab","attachEvent","on","addEventListener","detachEvent","removeEventListener","string","-1","ok","yes","true","BUTTON","initcomplete","statectrl","%3b","s:","n:","b:","boolean","number","=","controls","bookmark",".","firstChild","multiline","ownerDocument","
    "," "," "," "," ","
    "," ","function","function
    anonymous()","}","{","\x26lt;","\x26gt;","\x26quot;","\x26#39;","\x26#","\x26#160;","UNICODE","_","_UL_OL_LI_FIELDSET_LEGEND_DIV_P_TABLE_THEAD_TBODY_TFOOT_TR_TD_SELECT_OBJECT_","nodeType","BGSOUND","META","/","scopeName","_SELECT_OPTION_INPUT_FORM_TEXTAREA_CAPTION_FIELDSET_LEGEND_BR_P_DIV_DIR_UL_OL_MENU_LI_SELECT_TABLE_THEAD_TBODY_TFOOT_TR_TD_TH_OBJECT_PARAM_","_INPUT_FORM_TEXTAREA_SELECT_OPTION_","start","loop","#","src","contenteditable","inherit","colspan","rowspan","
    style=\x22","\x3C/scr","ipt\x3E\x0A","IFRAME","\x3E\x3C/iframe


    --
    John Dalberg
    John Dalberg, Oct 27, 2005
    #1
    1. Advertising

  2. John Dalberg

    web.dev Guest

    John Dalberg wrote:
    > I have a js file that is encrypted or garbled, See example below. Does it
    > need a decrypter or does Javascript know how to deal with it right off?
    >
    > This js file is causing an error under IE. Any ideas on how to convert it
    > into human readable Javascript so I can debug it?
    >
    > sample:
    >
    > \x3E","\x3C/strong\x3E","\x3C/b\x3E","\x3Cem\x3E","\x3Ci\x3E","\x3C/em\x3E","\x3C/i\x3E","\x3Cbody
    > contentEditable=true","\x3Cbody
    > contentEditable=false","\x3Cp\x3E\x3C/p\x3E","\x3Cdiv\x3E\x3C/div\x3E","$1","\x3Chead\x3E\x0A","\x3Cbase
    > href=\x22","\x22 /\x3E","\x3Cstyle\x3E body
    > {padding:0px;margin:0px;","}\x3C/style\x3E\x0A","\x3C/head\x3E\x0A","\x3Cbody\x3E\x0A","\x3C/body\x3E\x0A","\x3C/html\x3E","text/html","replace","base","\x3CBASE
    > href=\x22","\x22
    > \x3E","EncodeHiddenValue","sthlastval","sthlasttab","attachEvent","on","addEventListener","detachEvent","removeEventListener","string","-1","ok","yes","true","BUTTON","initcomplete","statectrl","%3b","s:","n:","b:","boolean","number","=","controls","bookmark",".","firstChild","multiline","ownerDocument","
    > "," "," "," "," ","
    > "," ","function","function
    > anonymous()","}","{","\x26lt;","\x26gt;","\x26quot;","\x26#39;","\x26#","\x26#160;","UNICODE","_","_UL_OL_LI_FIELDSET_LEGEND_DIV_P_TABLE_THEAD_TBODY_TFOOT_TR_TD_SELECT_OBJECT_","nodeType","BGSOUND","META","/","scopeName","_SELECT_OPTION_INPUT_FORM_TEXTAREA_CAPTION_FIELDSET_LEGEND_BR_P_DIV_DIR_UL_OL_MENU_LI_SELECT_TABLE_THEAD_TBODY_TFOOT_TR_TD_TH_OBJECT_PARAM_","_INPUT_FORM_TEXTAREA_SELECT_OPTION_","start","loop","#","src","contenteditable","inherit","colspan","rowspan","
    > style=\x22","\x3C/scr","ipt\x3E\x0A","IFRAME","\x3E\x3C/iframe
    >
    >
    > --
    > John Dalberg


    The syntax \xXX is a character with the Latin-1 encoding specified by
    the two hexadecimal digits XX between 00 and FF. For example, \xA9 is
    the hexadecimal sequence for the copyright symbol. So yes, javascript
    knows how to handle this. Now for you to understand it, I can think of
    two ways at the moment. You can either painstakingly go through and try
    to decode it yourself (which is probably the original intent of the
    author), or you can use the same program the author used to decrypt it.
    web.dev, Oct 27, 2005
    #2
    1. Advertising

  3. John Dalberg

    RobG Guest

    John Dalberg wrote:
    > I have a js file that is encrypted or garbled, See example below. Does it
    > need a decrypter or does Javascript know how to deal with it right off?
    >
    > This js file is causing an error under IE. Any ideas on how to convert it
    > into human readable Javascript so I can debug it?


    There is probably a way to do this in one go, here's a quick 'n dirty
    effort if all you need it for is a bit of debugging:

    <b>Paste code here:</b><br>
    <textarea id="iTA" rows="20" cols="100"></textarea><br>
    <input type="button" value="Decode..." onclick="
    var x = document.getElementById('iTA').value.replace(/\\x/g,'%');
    document.getElementById('oTA').value = decodeURIComponent(x);
    "><br>
    <b>Result:</b><br>
    <textarea id="oTA" rows="20" cols="100"></textarea>


    It replaces '\x' with '%' so that decodeURIComponent() can deal with
    it. Older browsers may not understand decodeURIComponent, if that's
    you then use the depreciated unescape() instead (I think they behave a
    little differently too).

    [...]
    RobG, Oct 28, 2005
    #3
  4. John Dalberg

    RobG Guest

    RobG wrote:
    > John Dalberg wrote:
    > > I have a js file that is encrypted or garbled, See example below. Does it
    > > need a decrypter or does Javascript know how to deal with it right off?
    > >
    > > This js file is causing an error under IE. Any ideas on how to convert it
    > > into human readable Javascript so I can debug it?

    >
    > There is probably a way to do this in one go, here's a quick 'n dirty
    > effort if all you need it for is a bit of debugging:

    [...]

    I didn't think of it before, but if the page displays fine in some
    other browser (which you infer that it does), then you can get the
    decrypted source quite simply. Past this into the address bar of the
    browser that displayes it correctly (all one line, wrapped for
    posting):

    javascript:'<code>'+(document.documentElement ||
    document.body).innerHTML.replace(/&/g,%22&amp;%22).replace(/</g,
    %22&lt;%22).replace(/%20%20/g, %22&nbsp;%20%22).replace(/\n/g,
    %22<br>%22)+'<\/code>';

    And the decrypted page source is revealed (also shows the futility of
    attempting to 'hide' the page source as the author seems to think
    they've done).

    --
    Rob
    RobG, Oct 28, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steve Covert
    Replies:
    2
    Views:
    302
    Steve Covert
    Nov 11, 2003
  2. Peter Row

    cookie value being garbled.

    Peter Row, May 24, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    449
    Peter Row
    May 24, 2004
  3. patrick

    garbled JFrame

    patrick, Dec 5, 2003, in forum: Java
    Replies:
    0
    Views:
    452
    patrick
    Dec 5, 2003
  4. blbmdsmith
    Replies:
    1
    Views:
    643
    Graham Dumpleton
    Dec 14, 2006
  5. Replies:
    1
    Views:
    431
    Daniel Martin
    Jun 16, 2007
Loading...

Share This Page