Doubt about "encrypted code" (obfuscated) in Javascript

Asked

Viewed 1,603 times

5

I was wondering if this code is encrypted:

$(document)["\x72\x65\x61\x64\x79"](function(){$("\x23\x6A\x71\x75\x65\x72\x79\x5F\x6A\x70\x6C\x61\x79\x65\x72\x5F\x31")["\x6A\x50\x6C\x61\x79\x65\x72"]({ready:function(event){$(this)["\x6A\x50\x6C\x61\x79\x65\x72"]("\x73\x65\x74\x4D\x65\x64\x69\x61",{oga:"\x68\x74\x74\x70\x3A\x2F\x2F\x36\x34\x2E\x33\x31\x2E\x33\x30\x2E\x39\x31\x3A\x39\x38\x39\x36\x2F\x3B\x73\x74\x72\x65\x61\x6D\x2F\x31"})},swfPath:"\x6A\x73",supplied:"\x6F\x67\x61",wmode:"\x77\x69\x6E\x64\x6F\x77",smoothPlayBar:true,keyEnabled:true})});$(function(){if( typeof playlist==="\x75\x6E\x64\x65\x66\x69\x6E\x65\x64"){playlist=[{artist:"\x6F\x75\x72\x6F",title:"\x54\x65\x63\x68\x6E\x6F\x6C\x6F\x67\x69\x63",mp3:"\x68\x74\x74\x70\x3A\x2F\x2F\x36\x34\x2E\x33\x31\x2E\x33\x30\x2E\x39\x31\x3A\x39\x38\x39\x36\x2F\x3B\x73\x74\x72\x65\x61\x6D\x2F\x31"},{artist:"\x44\x61\x66\x74\x20\x50\x75\x6E\x6B",title:"\x48\x75\x6D\x61\x6E\x20\x41\x66\x74\x65\x72\x20\x41\x6C\x6C",mp3:"\x68\x74\x74\x70\x3A\x2F\x2F\x63\x6F\x6E\x65\x63\x74\x72\x61\x64\x69\x6F\x2E\x63\x6F\x6D\x2E\x62\x72\x2F\x70\x6C\x61\x79"}]};var currentTrack=0;var numTracks=playlist["\x6C\x65\x6E\x67\x74\x68"];$("\x2E\x70\x6C\x61\x79\x65\x72\x2D\x6E\x65\x78\x74")["\x63\x6C\x69\x63\x6B"](function(){player["\x70\x6C\x61\x79\x4E\x65\x78\x74"]()});$("\x2E\x70\x6C\x61\x79\x65\x72\x2D\x70\x72\x65\x76")["\x63\x6C\x69\x63\x6B"](function(){player["\x70\x6C\x61\x79\x50\x72\x65\x76\x69\x6F\x75\x73"]()});player=$("\x2E\x70\x6C\x61\x79\x65\x72")["\x6A\x50\x6C\x61\x79\x65\x72"]({ready:function(){player["\x6A\x50\x6C\x61\x79\x65\x72"]("\x73\x65\x74\x4D\x65\x64\x69\x61",playlist[currentTrack]);player["\x70\x6C\x61\x79\x43\x75\x72\x72\x65\x6E\x74"]();},ended:function(){$(this)["\x70\x6C\x61\x79\x4E\x65\x78\x74"]()},play:function(){$("\x2E\x70\x6C\x61\x79\x65\x72\x2D\x63\x75\x72\x72\x65\x6E\x74\x2D\x74\x72\x61\x63\x6B")["\x74\x65\x78\x74"](playlist[currentTrack]["\x61\x72\x74\x69\x73\x74"]+"\x20\x2D\x20"+playlist[currentTrack]["\x74\x69\x74\x6C\x65"])},swfPath:"\x6A\x73\x2F\x70\x6C\x75\x67\x69\x6E\x73\x2F\x6A\x70\x6C\x61\x79\x65\x72\x2F",supplied:"\x6D\x70\x33",cssSelectorAncestor:"",cssSelector:{play:"\x23\x62\x74\x5F\x70\x6C\x61\x79",pause:"\x23\x62\x74\x5F\x70\x61\x75\x73\x65",stop:"\x23\x62\x74\x5F\x70\x61\x75\x73\x65",seekBar:"\x2E\x70\x6C\x61\x79\x65\x72\x2D\x74\x69\x6D\x65\x6C\x69\x6E\x65",playBar:"\x2E\x70\x6C\x61\x79\x65\x72\x2D\x74\x69\x6D\x65\x6C\x69\x6E\x65\x2D\x63\x6F\x6E\x74\x72\x6F\x6C"},size:{width:"\x31\x70\x78",height:"\x31\x70\x78"}});player["\x70\x6C\x61\x79\x4E\x65\x78\x74"]=function(){currentTrack=(currentTrack==(numTracks-1))?0:++currentTrack;player["\x70\x6C\x61\x79\x43\x75\x72\x72\x65\x6E\x74"]();};player["\x70\x6C\x61\x79\x50\x72\x65\x76\x69\x6F\x75\x73"]=function(){currentTrack=(currentTrack==0)?numTracks-1:--currentTrack;player["\x70\x6C\x61\x79\x43\x75\x72\x72\x65\x6E\x74"]();};player["\x70\x6C\x61\x79\x43\x75\x72\x72\x65\x6E\x74"]=function(){player["\x6A\x50\x6C\x61\x79\x65\x72"]("\x73\x65\x74\x4D\x65\x64\x69\x61",playlist[currentTrack])["\x6A\x50\x6C\x61\x79\x65\x72"]("\x70\x6C\x61\x79")};});

If so, there’s a way I can decrypt it?

  • 2

    As far as I know it is. And no, there’s no way to decrypt.

  • What kind of encryption is this?

  • Encrypted this, but is using Hexadecimal for that, follows this table that can be decrypted.

  • If it’s not too much to ask, optimize the code with this tool, It’s terrible to read long code like this.

4 answers

13

The code is not encrypted, only partially obfuscated. Whoever did this took advantage of the fact that Javascript strings can contain any escaped UTF-16 character in the format \xNN, where NN is the hex code of the character.

If you actually encrypt a JS code, it will no longer be usable, as browsers would not be able to interpret it. So the only solution to try to make it difficult for the code to be unduly appropriate is to obfuscate it, which isn’t much use because it’s easily reversible.

  • 4

    Worse that in that case the person still managed to occupy an absurd more of space than the original code.

4

He’s a kind of obfuscator, can be done through online service also like this: https://javascriptobfuscator.com/

I’ve seen some that work through npm, for example, but I never got the same result from this online. I never really went into the subject too, but I always used this online that always served well, always ran correctly online and everything else.

But I repeat, I’ve never really gone into the subject, and as far as I know, I’ve never found a tool that could reverse that obfuscator.

Edit:

Note that this type of encryption is different from a 'uglify' which will only roughly "rename" its functions.

Edit2:

Based on the other answers, I’ve seen that it doesn’t work the way you’ve learned.

  • Helped Thanks!!!

  • 1

    The real obfuscator is this one: http://www.jsfuck.com/

2

It’s in Hexadecimal. I wondered why they do it.

http://www.rapidtables.com/convert/number/hex-to-ascii.htm

This site above decrypts. From what I saw are the names of the encrypted elements.

Thus remaining:

$(document)["ready"](function() {
    $("#jquery_jplayer_1")["jPlayer"]({
        ready: function(event) {
            $(this)["jPlayer"]("setMedia", {
                oga: "http://64.31.30.91:9896/;stream/1"
            })
        },
        swfPath: "js",
        supplied: "oga",
        wmode: "window",
        smoothPlayBar: true,
        keyEnabled: true
    })
});
$(function() {
    if (typeof playlist === "undefined") {
        playlist = [{
            artist: "ouro",
            title: "Technologic",
            mp3: "http://64.31.30.91:9896/;stream/1"
        }, {
            artist: "Daft Punk",
            title: "Human After All",
            mp3: "http://conectradio.com.br/play"
        }]
    };
    var currentTrack = 0;
    var numTracks = playlist["length"];
    $(".player-next")["click"](function() {
        player["playNext"]()
    });
    $(".player-prev")["click"](function() {
        player["playPrevious"]()
    });
    player = $(".player")["jPlayer"]({
        ready: function() {
            player["jPlayer"]("setMedia", playlist[currentTrack]);
            player["playCurrent"]();
        },
        ended: function() {
            $(this)["playNext"]()
        },
        play: function() {
            $(".player-current-track")["text"](playlist[currentTrack]["artist"] + " - " + playlist[currentTrack]["title"])
        },
        swfPath: "js/plugins/jplayer/",
        supplied: "mp3",
        cssSelectorAncestor: "",
        cssSelector: {
            play: "#bt_play",
            pause: "#bt_pause",
            stop: "#bt_pause",
            seekBar: ".player-timeline",
            playBar: ".player-timeline-control"
        },
        size: {
            width: "1px",
            height: "1px"
        }
    });
    player["playNext"] = function() {
        currentTrack = (currentTrack == (numTracks - 1)) ? 0 : ++currentTrack;
        player["playCurrent"]();
    };
    player["playPrevious"] = function() {
        currentTrack = (currentTrack == 0) ? numTracks - 1 : --currentTrack;
        player["playCurrent"]();
    };
    player["playCurrent"] = function() {
        player["jPlayer"]("setMedia", playlist[currentTrack])["jPlayer"]("play")
    };
});
  • But then, you would have some guidance on JS code encryption?

  • 3

    JS by definition is public. Freshness.

  • 1

    Helped Very Thanks!!!

  • @Taopaipai but why freshness? Let’s say I have a JS code that performs several functions on my site, but I don’t want anyone to catch it, or things like that. Would an attempt to 'protect' not be feasible? I know this is well to say impossible, because JS needs to be read in client.

  • You have answered it yourself. And there are several other reasons. @bfavaretto spoke one of them.

  • 1

    @Celsomtrindade, at most you can protect your scripts on the server, for example by storing them within a DLL or via a dynamic link (for example, the script points to http://localhost/script?uuid=f3f475de-f252-4d25-a3ee-1d1bba72f113, then your page script will decrypt the script and return it to the Browser) even with all this work, the script will be available in the client, for someone with access to the server will not be able to copy all your scripts.

Show 1 more comment

1

Hello. I had never seen coding in javascript, so maybe I’m wrong, but searching quickly I found a possible solution.

The result of the code posted by you and decoded was:

$(document)["ready"](function(){$("#jquery_jplayer_1")["jPlayer"]({ready:function(event){$(this)["jPlayer"]("setMedia",{oga:"http://64.31.30.91:9896/;stream/1"})},swfPath:"js",supplied:"oga",wmode:"window",smoothPlayBar:true,keyEnabled:true})});$(function(){if( typeof playlist==="undefined"){playlist=[{artist:"ouro",title:"Technologic",mp3:"http://64.31.30.91:9896/;stream/1"},{artist:"Daft Punk",title:"Human After All",mp3:"http://conectradio.com.br/play"}]};var currentTrack=0;var numTracks=playlist["length"];$(".player-next")["click"](function(){player["playNext"]()});$(".player-prev")["click"](function(){player["playPrevious"]()});player=$(".player")["jPlayer"]({ready:function(){player["jPlayer"]("setMedia",playlist[currentTrack]);player["playCurrent"]();},ended:function(){$(this)["playNext"]()},play:function(){$(".player-current-track")["text"](playlist[currentTrack]["artist"]+" - "+playlist[currentTrack]["title"])},swfPath:"js/plugins/jplayer/",supplied:"mp3",cssSelectorAncestor:"",cssSelector:{play:"#bt_play",pause:"#bt_pause",stop:"#bt_pause",seekBar:".player-timeline",playBar:".player-timeline-control"},size:{width:"1px",height:"1px"}});player["playNext"]=function(){currentTrack=(currentTrack==(numTracks-1))?0:++currentTrack;player["playCurrent"]();};player["playPrevious"]=function(){currentTrack=(currentTrack==0)?numTracks-1:--currentTrack;player["playCurrent"]();};player["playCurrent"]=function(){player["jPlayer"]("setMedia",playlist[currentTrack])["jPlayer"]("play")};});

source: http://ddecode.com/hexdecoder/

If it is the solution, please signal it.

  • It helped a lot Thanks!!!

Browser other questions tagged

You are not signed in. Login or sign up in order to post.