How to decrypt garbled javascript?

[John Dalberg]

I have a js file that is encrypted or garbled, See example below. Does it
need a decrypter or does Javascript know how to deal with it right off?

This js file is causing an error under IE. Any ideas on how to convert it
into human readable Javascript so I can debug it?

sample:

\x3E","\x3C/strong\x3E","\x3C/b\x3E","\x3Cem\x3E","\x3Ci\x3E","\x3C/em\x3E","\x3C/i\x3E","\x3Cbody
contentEditable=true","\x3Cbody
contentEditable=false","\x3Cp\x3E\x3C/p\x3E","\x3Cdiv\x3E\x3C/div\x3E","$1","\x3Chead\x3E\x0A","\x3Cbase
href=\x22","\x22 /\x3E","\x3Cstyle\x3E body
{padding:0px;margin:0px;","}\x3C/style\x3E\x0A","\x3C/head\x3E\x0A","\x3Cbody\x3E\x0A","\x3C/body\x3E\x0A","\x3C/html\x3E","text/html","replace","base","\x3CBASE
href=\x22","\x22
\x3E","EncodeHiddenValue","sthlastval","sthlasttab","attachEvent","on","addEventListener","detachEvent","removeEventListener","string","-1","ok","yes","true","BUTTON","initcomplete","statectrl","%3b","s:","n:","b:","boolean","number","=","controls","bookmark",".","firstChild","multiline","ownerDocument","
"," "," "," "," ","
"," ","function","function
anonymous()","}","{","\x26lt;","\x26gt;","\x26quot;","\x26#39;","\x26#","\x26#160;","UNICODE","_","_UL_OL_LI_FIELDSET_LEGEND_DIV_P_TABLE_THEAD_TBODY_TFOOT_TR_TD_SELECT_OBJECT_","nodeType","BGSOUND","META","/","scopeName","_SELECT_OPTION_INPUT_FORM_TEXTAREA_CAPTION_FIELDSET_LEGEND_BR_P_DIV_DIR_UL_OL_MENU_LI_SELECT_TABLE_THEAD_TBODY_TFOOT_TR_TD_TH_OBJECT_PARAM_","_INPUT_FORM_TEXTAREA_SELECT_OPTION_","start","loop","#","src","contenteditable","inherit","colspan","rowspan","
style=\x22","\x3C/scr","ipt\x3E\x0A","IFRAME","\x3E\x3C/iframe

 

[web.dev]

I have a js file that is encrypted or garbled, See example below. Does it
need a decrypter or does Javascript know how to deal with it right off?

This js file is causing an error under IE. Any ideas on how to convert it
into human readable Javascript so I can debug it?

sample:

\x3E","\x3C/strong\x3E","\x3C/b\x3E","\x3Cem\x3E","\x3Ci\x3E","\x3C/em\x3E","\x3C/i\x3E","\x3Cbody
contentEditable=true","\x3Cbody
contentEditable=false","\x3Cp\x3E\x3C/p\x3E","\x3Cdiv\x3E\x3C/div\x3E","$1","\x3Chead\x3E\x0A","\x3Cbase
href=\x22","\x22 /\x3E","\x3Cstyle\x3E body
{padding:0px;margin:0px;","}\x3C/style\x3E\x0A","\x3C/head\x3E\x0A","\x3Cbody\x3E\x0A","\x3C/body\x3E\x0A","\x3C/html\x3E","text/html","replace","base","\x3CBASE
href=\x22","\x22
\x3E","EncodeHiddenValue","sthlastval","sthlasttab","attachEvent","on","addEventListener","detachEvent","removeEventListener","string","-1","ok","yes","true","BUTTON","initcomplete","statectrl","%3b","s:","n:","b:","boolean","number","=","controls","bookmark",".","firstChild","multiline","ownerDocument","
"," "," "," "," ","
"," ","function","function
anonymous()","}","{","\x26lt;","\x26gt;","\x26quot;","\x26#39;","\x26#","\x26#160;","UNICODE","_","_UL_OL_LI_FIELDSET_LEGEND_DIV_P_TABLE_THEAD_TBODY_TFOOT_TR_TD_SELECT_OBJECT_","nodeType","BGSOUND","META","/","scopeName","_SELECT_OPTION_INPUT_FORM_TEXTAREA_CAPTION_FIELDSET_LEGEND_BR_P_DIV_DIR_UL_OL_MENU_LI_SELECT_TABLE_THEAD_TBODY_TFOOT_TR_TD_TH_OBJECT_PARAM_","_INPUT_FORM_TEXTAREA_SELECT_OPTION_","start","loop","#","src","contenteditable","inherit","colspan","rowspan","
style=\x22","\x3C/scr","ipt\x3E\x0A","IFRAME","\x3E\x3C/iframe

The syntax \xXX is a character with the Latin-1 encoding specified by
the two hexadecimal digits XX between 00 and FF. For example, \xA9 is
the hexadecimal sequence for the copyright symbol. So yes, javascript
knows how to handle this. Now for you to understand it, I can think of
two ways at the moment. You can either painstakingly go through and try
to decode it yourself (which is probably the original intent of the
author), or you can use the same program the author used to decrypt it.

 

[RobG]

I have a js file that is encrypted or garbled, See example below. Does it
need a decrypter or does Javascript know how to deal with it right off?

This js file is causing an error under IE. Any ideas on how to convert it
into human readable Javascript so I can debug it?

There is probably a way to do this in one go, here's a quick 'n dirty
effort if all you need it for is a bit of debugging:

<b>Paste code here:</b><br>
<textarea id="iTA" rows="20" cols="100"></textarea><br>
<input type="button" value="Decode..." onclick="
var x = document.getElementById('iTA').value.replace(/\\x/g,'%');
document.getElementById('oTA').value = decodeURIComponent(x);
"><br>
<b>Result:</b><br>
<textarea id="oTA" rows="20" cols="100"></textarea>


It replaces '\x' with '%' so that decodeURIComponent() can deal with
it. Older browsers may not understand decodeURIComponent, if that's
you then use the depreciated unescape() instead (I think they behave a
little differently too).

[...]

 

[RobG]

There is probably a way to do this in one go, here's a quick 'n dirty
effort if all you need it for is a bit of debugging:

[...]

I didn't think of it before, but if the page displays fine in some
other browser (which you infer that it does), then you can get the
decrypted source quite simply. Past this into the address bar of the
browser that displayes it correctly (all one line, wrapped for
posting):

javascript:'<code>'+(document.documentElement ||
document.body).innerHTML.replace(/&/g,%22&amp;%22).replace(/</g,
%22&lt;%22).replace(/%20%20/g, %22&nbsp;%20%22).replace(/\n/g,
%22<br>%22)+'<\/code>';

And the decrypted page source is revealed (also shows the futility of
attempting to 'hide' the page source as the author seems to think
they've done).