What types of javascript encryption?

Asked

Viewed 230 times

0

I was going through some code on the net and I saw that some scripts were encrypted.

I couldn’t get Code right by Hexdecoder, because there’s probably more than one kind of encryption in the code.

var _0x4a00=["\x31\x64\x28\x72\x29\x2E\x53\x28\x31\x28\x24\x29\x7B\x24\x28\x22\x71\x2E\x31\x46\x2D\x39\x22\x29\x2E\x31\x66\x28\x22\x31\x75\x22\x29\x2E\x31\x45\x28\x22\x39\x2D\x58\x2D\x4B\x2D\x4F\x22\x29\x3B\x24\x28\x27\x23\x36\x2D\x32\x20\x2E\x39\x2D\x58\x2D\x4B\x2D\x4F\x20\x3E\x20\x61\x27\x29\x2E\x78\x28\x27\x3C\x38\x20\x62\x3D\x22\x31\x7A\x2D\x31\x43\x22\x3E\x20\x3C\x69\x20\x62\x3D\x22\x6B\x20\x6B\x2D\x31\x48\x2D\x31\x4A\x22\x2F\x3E\x3C\x2F\x38\x3E\x27\x29\x3B\x24\x28\x27\x23\x36\x2D\x32\x20\x2E\x31\x51\x27\x29\x2E\x31\x53\x28\x27\x3C\x6D\x20\x31\x65\x3D\x22\x39\x2D\x45\x22\x3E\x3C\x69\x20\x62\x3D\x22\x6B\x20\x6B\x2D\x31\x68\x22\x3E\x3C\x2F\x69\x3E\x3C\x2F\x6D\x3E\x27\x29\x3B\x24\x28\x27\x23\x39\x2D\x45\x27\x29\x2E\x59\x28\x27\x70\x27\x2C\x31\x28\x29\x7B\x24\x28\x27\x23\x36\x2D\x32\x20\x71\x27\x29\x2E\x4D\x28\x4E\x29\x7D\x29\x3B\x24\x28\x67\x29\x2E\x31\x47\x28\x31\x28\x29\x7B\x68\x20\x77\x3D\x24\x28\x67\x29\x2E\x31\x50\x28\x29\x3B\x68\x20\x76\x3D\x24\x28\x27\x23\x36\x2D\x32\x20\x71\x27\x29\x3B\x64\x28\x77\x3E\x31\x54\x26\x26\x76\x2E\x31\x37\x28\x27\x3A\x31\x62\x27\x29\x29\x7B\x76\x2E\x31\x63\x28\x27\x79\x27\x29\x7D\x7D\x29\x3B\x24\x28\x27\x23\x4C\x2D\x45\x27\x29\x2E\x59\x28\x27\x70\x27\x2C\x31\x28\x29\x7B\x24\x28\x27\x23\x32\x2D\x4C\x27\x29\x2E\x4D\x28\x4E\x29\x7D\x29\x3B\x68\x20\x24\x6F\x3D\x24\x28\x27\x23\x36\x2D\x32\x20\x23\x73\x27\x29\x2E\x31\x6A\x28\x29\x3B\x24\x28\x27\x23\x36\x2D\x32\x20\x23\x73\x27\x29\x2E\x31\x6B\x28\x31\x28\x29\x7B\x64\x28\x37\x2E\x66\x2E\x31\x41\x3D\x3D\x3D\x30\x29\x7B\x37\x2E\x66\x3D\x24\x6F\x7D\x7D\x29\x3B\x24\x28\x27\x23\x36\x2D\x32\x20\x23\x73\x27\x29\x2E\x31\x44\x28\x31\x28\x29\x7B\x64\x28\x37\x2E\x66\x3D\x3D\x3D\x24\x6F\x29\x7B\x37\x2E\x66\x3D\x27\x27\x7D\x7D\x29\x3B\x24\x28\x27\x23\x46\x2D\x54\x20\x2E\x34\x20\x57\x27\x29\x2E\x52\x28\x22\x3C\x6D\x20\x62\x3D\x27\x34\x2D\x33\x27\x2F\x3E\x22\x29\x3B\x24\x28\x27\x23\x46\x2D\x54\x20\x2E\x34\x2D\x33\x27\x29\x2E\x78\x28\x22\x3C\x38\x3E\x3C\x2F\x38\x3E\x22\x29\x3B\x24\x28\x22\x2E\x47\x2D\x34\x20\x2E\x34\x20\x57\x22\x29\x2E\x52\x28\x22\x3C\x6D\x20\x62\x3D\x27\x34\x2D\x33\x27\x2F\x3E\x22\x29\x3B\x24\x28\x27\x2E\x47\x2D\x34\x20\x2E\x34\x2D\x33\x27\x29\x2E\x78\x28\x22\x3C\x38\x3E\x3C\x2F\x38\x3E\x22\x29\x3B\x24\x28\x22\x2E\x31\x52\x20\x2E\x48\x2D\x49\x2C\x2E\x31\x55\x20\x2E\x48\x2D\x49\x22\x29\x2E\x31\x57\x28\x31\x28\x29\x7B\x24\x28\x37\x29\x2E\x4A\x28\x22\x2E\x31\x38\x2D\x31\x39\x20\x2E\x31\x61\x20\x61\x22\x29\x2E\x75\x28\x22\x79\x22\x2C\x31\x28\x65\x2C\x74\x29\x7B\x6C\x20\x74\x2E\x7A\x28\x22\x2F\x31\x67\x2E\x50\x22\x2C\x22\x2F\x31\x69\x2E\x50\x22\x29\x7D\x29\x2E\x75\x28\x22\x79\x22\x2C\x31\x28\x65\x2C\x74\x29\x7B\x6C\x20\x74\x2E\x7A\x28\x22\x51\x2D\x63\x22\x2C\x22\x31\x6C\x22\x29\x7D\x29\x7D\x29\x3B\x24\x28\x37\x29\x2E\x4A\x28\x22\x2E\x31\x6D\x20\x31\x6E\x22\x29\x2E\x75\x28\x22\x31\x6F\x22\x2C\x31\x28\x65\x2C\x74\x29\x7B\x6C\x20\x74\x2E\x7A\x28\x22\x51\x2D\x63\x22\x2C\x22\x31\x70\x2D\x63\x22\x29\x7D\x29\x3B\x24\x28\x27\x23\x31\x71\x2D\x31\x72\x2D\x31\x73\x27\x29\x2E\x70\x28\x31\x28\x29\x7B\x24\x28\x27\x31\x74\x2C\x35\x27\x29\x2E\x31\x76\x28\x7B\x31\x77\x3A\x30\x7D\x2C\x31\x78\x29\x3B\x6C\x20\x31\x79\x7D\x29\x3B\x24\x28\x27\x61\x5B\x42\x3D\x22\x43\x2D\x31\x42\x22\x5D\x27\x29\x2E\x44\x28\x24\x28\x27\x23\x43\x2D\x55\x27\x29\x2E\x35\x28\x29\x29\x3B\x24\x28\x27\x23\x43\x2D\x55\x27\x29\x2E\x35\x28\x27\x27\x29\x3B\x24\x28\x27\x61\x5B\x42\x3D\x22\x56\x2D\x33\x22\x5D\x27\x29\x2E\x44\x28\x24\x28\x27\x2E\x6E\x2D\x33\x2D\x6A\x27\x29\x2E\x35\x28\x29\x29\x3B\x24\x28\x27\x2E\x6E\x2D\x33\x2D\x6A\x27\x29\x2E\x35\x28\x27\x27\x29\x3B\x24\x28\x27\x61\x5B\x42\x3D\x22\x56\x2D\x41\x22\x5D\x27\x29\x2E\x44\x28\x24\x28\x27\x2E\x6E\x2D\x41\x2D\x6A\x27\x29\x2E\x35\x28\x29\x29\x3B\x24\x28\x27\x2E\x6E\x2D\x41\x2D\x6A\x27\x29\x2E\x35\x28\x27\x27\x29\x3B\x24\x28\x72\x29\x2E\x53\x28\x31\x28\x65\x29\x7B\x65\x28\x22\x31\x49\x2E\x5A\x22\x29\x2E\x5A\x28\x29\x7D\x29\x7D\x29\x3B\x67\x2E\x31\x4B\x3D\x31\x28\x29\x7B\x68\x20\x65\x3D\x72\x2E\x31\x4C\x28\x22\x31\x4D\x22\x29\x3B\x64\x28\x65\x3D\x3D\x31\x4E\x29\x7B\x67\x2E\x31\x4F\x2E\x31\x30\x3D\x22\x31\x31\x3A\x2F\x2F\x31\x32\x2E\x31\x33\x2E\x31\x34\x2F\x22\x7D\x65\x2E\x31\x35\x28\x22\x31\x30\x22\x2C\x22\x31\x31\x3A\x2F\x2F\x31\x32\x2E\x31\x33\x2E\x31\x34\x2F\x22\x29\x3B\x65\x2E\x31\x35\x28\x22\x33\x22\x2C\x22\x20\x31\x56\x20\x31\x36\x22\x29\x3B\x65\x2E\x31\x58\x3D\x22\x31\x59\x20\x31\x36\x22\x7D","\x7C","\x73\x70\x6C\x69\x74","\x7C\x66\x75\x6E\x63\x74\x69\x6F\x6E\x7C\x6E\x61\x76\x7C\x74\x69\x74\x6C\x65\x7C\x77\x69\x64\x67\x65\x74\x7C\x68\x74\x6D\x6C\x7C\x6D\x61\x69\x6E\x7C\x74\x68\x69\x73\x7C\x73\x70\x61\x6E\x7C\x6D\x65\x6E\x75\x7C\x7C\x63\x6C\x61\x73\x73\x7C\x7C\x69\x66\x7C\x7C\x76\x61\x6C\x75\x65\x7C\x77\x69\x6E\x64\x6F\x77\x7C\x76\x61\x72\x7C\x7C\x62\x6F\x78\x7C\x66\x61\x7C\x72\x65\x74\x75\x72\x6E\x7C\x64\x69\x76\x7C\x61\x64\x73\x7C\x6E\x61\x76\x46\x6F\x72\x6D\x56\x61\x6C\x75\x65\x7C\x63\x6C\x69\x63\x6B\x7C\x75\x6C\x7C\x64\x6F\x63\x75\x6D\x65\x6E\x74\x7C\x7C\x7C\x61\x74\x74\x72\x7C\x6E\x61\x76\x44\x69\x73\x70\x6C\x61\x79\x7C\x7C\x61\x70\x70\x65\x6E\x64\x7C\x73\x74\x79\x6C\x65\x7C\x72\x65\x70\x6C\x61\x63\x65\x7C\x69\x6E\x74\x65\x72\x7C\x6E\x61\x6D\x65\x7C\x61\x75\x74\x68\x6F\x72\x7C\x62\x65\x66\x6F\x72\x65\x7C\x69\x63\x6F\x6E\x7C\x73\x69\x64\x65\x62\x61\x72\x7C\x66\x6F\x6F\x74\x65\x72\x7C\x70\x6F\x73\x74\x7C\x6F\x75\x74\x65\x72\x7C\x66\x69\x6E\x64\x7C\x68\x61\x73\x7C\x73\x65\x61\x72\x63\x68\x7C\x73\x6C\x69\x64\x65\x54\x6F\x67\x67\x6C\x65\x7C\x32\x35\x30\x7C\x63\x68\x69\x6C\x64\x72\x65\x6E\x7C\x6A\x70\x67\x7C\x73\x37\x32\x7C\x77\x72\x61\x70\x7C\x72\x65\x61\x64\x79\x7C\x72\x69\x67\x68\x74\x7C\x68\x65\x61\x64\x7C\x61\x64\x7C\x68\x32\x7C\x69\x74\x65\x6D\x7C\x6F\x6E\x7C\x74\x69\x6D\x65\x61\x67\x6F\x7C\x68\x72\x65\x66\x7C\x68\x74\x74\x70\x7C\x77\x77\x77\x7C\x73\x6F\x72\x61\x74\x65\x6D\x70\x6C\x61\x74\x65\x73\x7C\x63\x6F\x6D\x7C\x73\x65\x74\x41\x74\x74\x72\x69\x62\x75\x74\x65\x7C\x54\x65\x6D\x70\x6C\x61\x74\x65\x73\x7C\x69\x73\x7C\x62\x6C\x6F\x63\x6B\x7C\x69\x6D\x61\x67\x65\x7C\x74\x68\x75\x6D\x62\x7C\x68\x69\x64\x64\x65\x6E\x7C\x72\x65\x6D\x6F\x76\x65\x41\x74\x74\x72\x7C\x6A\x51\x75\x65\x72\x79\x7C\x69\x64\x7C\x70\x61\x72\x65\x6E\x74\x7C\x64\x65\x66\x61\x75\x6C\x74\x7C\x6E\x61\x76\x69\x63\x6F\x6E\x7C\x6D\x71\x64\x65\x66\x61\x75\x6C\x74\x7C\x76\x61\x6C\x7C\x62\x6C\x75\x72\x7C\x73\x31\x30\x30\x30\x7C\x50\x6F\x70\x75\x6C\x61\x72\x50\x6F\x73\x74\x73\x7C\x69\x6D\x67\x7C\x73\x72\x63\x7C\x73\x39\x30\x7C\x62\x61\x63\x6B\x7C\x74\x6F\x7C\x74\x6F\x70\x7C\x62\x6F\x64\x79\x7C\x6C\x69\x7C\x61\x6E\x69\x6D\x61\x74\x65\x7C\x73\x63\x72\x6F\x6C\x6C\x54\x6F\x70\x7C\x38\x30\x30\x7C\x66\x61\x6C\x73\x65\x7C\x64\x72\x6F\x70\x7C\x6C\x65\x6E\x67\x74\x68\x7C\x70\x75\x73\x68\x7C\x73\x69\x67\x6E\x7C\x66\x6F\x63\x75\x73\x7C\x61\x64\x64\x43\x6C\x61\x73\x73\x7C\x73\x75\x62\x7C\x72\x65\x73\x69\x7A\x65\x7C\x63\x61\x72\x65\x74\x7C\x61\x62\x62\x72\x7C\x64\x6F\x77\x6E\x7C\x6F\x6E\x6C\x6F\x61\x64\x7C\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64\x7C\x6D\x79\x63\x6F\x6E\x74\x65\x6E\x74\x7C\x6E\x75\x6C\x6C\x7C\x6C\x6F\x63\x61\x74\x69\x6F\x6E\x7C\x77\x69\x64\x74\x68\x7C\x72\x6F\x77\x7C\x69\x6E\x64\x65\x78\x7C\x70\x72\x65\x70\x65\x6E\x64\x7C\x31\x30\x31\x30\x7C\x61\x72\x63\x68\x69\x76\x65\x7C\x42\x6C\x6F\x67\x67\x65\x72\x7C\x65\x61\x63\x68\x7C\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C\x7C\x53\x6F\x72\x61","","\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65","\x72\x65\x70\x6C\x61\x63\x65","\x5C\x77\x2B","\x5C\x62","\x67"];eval(function(_0xd77bx1,_0xd77bx2,_0xd77bx3,_0xd77bx4,_0xd77bx5,_0xd77bx6){_0xd77bx5=function(_0xd77bx3){return (_0xd77bx3<_0xd77bx2?_0x4a00[4]:_0xd77bx5(parseInt(_0xd77bx3/_0xd77bx2)))+((_0xd77bx3=_0xd77bx3%_0xd77bx2)>35?String[_0x4a00[5]](_0xd77bx3+29):_0xd77bx3.toString(36))};if(!_0x4a00[4][_0x4a00[6]](/^/,String)){while(_0xd77bx3--){_0xd77bx6[_0xd77bx5(_0xd77bx3)]=_0xd77bx4[_0xd77bx3]||_0xd77bx5(_0xd77bx3)};_0xd77bx4=[function(_0xd77bx5){return _0xd77bx6[_0xd77bx5]}];_0xd77bx5=function(){return _0x4a00[7]};_0xd77bx3=1;};while(_0xd77bx3--){if(_0xd77bx4[_0xd77bx3]){_0xd77bx1=_0xd77bx1[_0x4a00[6]]( new RegExp(_0x4a00[8]+_0xd77bx5(_0xd77bx3)+_0x4a00[8],_0x4a00[9]),_0xd77bx4[_0xd77bx3])}};return _0xd77bx1;}(_0x4a00[0],62,123,_0x4a00[3][_0x4a00[2]](_0x4a00[1]),0,{}));

What would be the decryption process and what types of javascript encryption?

For example, Hex is in this format: \x31 the other (I have no idea what it is) is in this _0xd77bx3 and so on.

javascript hexadecimal
  • 1

    This is not encryption, it is a mere change of character just to amaze curious. Nothing on the client side can really be hidden. If the browser interprets, the user has how to do the same.

  • @Bacco So javascript encryption does not exist?

  • 1

    There are functions that can help in encryption, such as Mega does to synchronize files, but this with help on the server side, and to download data. What you can’t do is to encrypt JS code so that the end user doesn’t read it. To browser run a JS, it has to reverse hide the code, otherwise it has nothing to run.

  • This is clear because it works on the client’s side. But it would not be considered a type of encryption, however "poor" it may be?

  • 1

    From the point of view of the "dictionary", even Caesar’s cipher is a form of "cryptography". From the point of view of information security, it’s something else, a mere exchange of symbols is nowhere near something considered cryptographic.

  • 2

    If you are curious, see the code above "decrypted": I only changed the eval for document.write, nothing else: http://codepen.io/anon/pen/jyxogz - as I said, it’s just to be curious.

  • And do you know which ways he used to "hide" the code? I saw that there is something hexadecimal there xD

  • 2

    probably some script ready for it, maybe even online. It basically swaps part of the characters for hexa, splits parts of the data into a function that generates the original string, and runs with Eval. Changing Eval for Document.write we undo in seconds what the person took a few minutes to do. But anyway, even if the technique is completely different from that, it will always fall into the same. Undoing is faster than doing, and anyone with knowledge of the basics of JS knows it, so it’s not worth the effort.

Show 3 more comments
No answers

Browser other questions tagged javascript hexadecimal

You are not signed in. Login or sign up in order to post.