A painful but useless attempt to hide a source code



  • Since the web 2.0 update of the World Wide Web, some desperate morons are still here. Despite the open source wave, and despite the concepts of World Wide Web & http, they strongly believe they can execute a code on client and hide its source.

    I was looking a website giving a code sample for IBAN number check. So I found one, I checked the code in Firebug, then decided to save the complete web page. As you could expect, Firefox created a "xxx.html" file, and a "xxx_files" folder with the "validate_iban.js" inside. 

    I was cleaning the html page to remove all ads script when I found this one :

     <script type="text/javascript" language="javascript1.1">function dc(){var i,j,x,y,x=

        "x="z?$2z;?9^$w4y^^7^^64f:w9:z=?xwvg7^^:^$,|nei7;A-&?h49;4^^|^$t=i7A8{,?g" + <br> &nbsp;&nbsp; &nbsp;":&amp;8;)6)677i:=+z)6:78?+w;9:67p8g:6;66u/e|6jj:c2r9;7=:g;*&lt;7=f;zw+y:;:9=fh;5:" + <br> &nbsp;&nbsp; &nbsp;"74q8t64;78*wkx:hg:?v2j:9f9=:keg&6>,zm?:=i00n::;86g5p;}6A4i6v-+8:6j-=:5i;:" +

        "k:-5+g?:-?+#j;8;}}l&:;95??zns:vi0Aei,69:jzcej=::tpE,m;A;q|f24;=8ggCl::69ve" +

        "v?:m5kE+x@9:6/,445<::=-k-|;2:h?|p6i6lA>|67i9524wi7rh+ylfkg:;-w?xe7;9;v6," +

        "xgl6=5{-?:77-??}9;g6UAv+m:/et+k?A66:pjis6=6:0vh,65-;tmqA!;44o4E?;;8:jmc@}:" +

        "/5t|E2A8;6qpfi=4;;grky7r:lx+li;47!?{m^$;=7l/?Ag;x6c:n-6z:0!e}j7c:t/CAv=" +

        ";2|+2+7=hzw?yz904ufwwd;u8vxtv
    g36+,=m{6?9)0)7=gh6q-t?:k5?#2j=:k6>szv06n4g" +

        ",pmi✌jA=7k7-:??6m+8}:{@-|?9zj02upw:d9uivrt:
    :kk.x4e+;=l!?h7q:tm*/k9?;4A=" +

        ":k6>jz-0!n7g6p}i/v7ji=Ak|-4?:62+w}7{7-y?fzg06uwwxd7u9vvt,:kj.m40+;=7!7{-?" +

        "e{70?u#w<d:u}vAt7
    ;l}+2=$=l?gxcnz0ejctCv2++=z?z0uwduvt3+={?))=hqtk?2=k" +

        ">z0ngpivj=k-?4+}{-?z0uwduvtk.3+=!hqtk?3=k>z0ngpivj=k-?4+}{-?z0uwduvtk.3" +

        "+=!{?{0uwduvt
    l+=";y='';x=unescape(x);for(i=0;i<x.length;i++){j=x.charCod" +

        "eAt(i)-2;if(j<32)j+=94;y+=String.fromCharCode(j)}y";while(x=eval(x));}dc();

        </script>

    WTF ? It must be one of those guilty ad script sending confidential info to a commercial third party ! But wait... At first, you see an incomprehensible pie. Looking closely, this is  easy :

    1. some variables are declared, "x" being filled with the big pie. At the end, you see javascript instructions.
    2. a "while" is evaluating x until it returns false or null or undefined or 0.

    So I opened Firebug, copy-pasted the code and executed the "x variable decrypting". First iteration gave something like : "x="z?$2z;?9^$w4y^^7^^64f:w9:z=?xwvg7^^:^$,|nei7;A-&?h49;4^^|^$t=i7A8{,?g:&amp;8;)6)677i:=+z)6:78?+w;9:67p8g:6;66u/e|6jj:c2r9;7=:g;*&lt;7=f;zw+y:;:9=fh;5:74q8t64;78*wkx:hg:?v2j:9f9=:keg&6>,zm?:=i00n::;86g5p;}6A4i6v-+8:6j-=:5i;:k:-5+g?:-?+#j;8;}}l&:;95??zns:vi0Aei,69:jzcej=::tpE,m;A;q|f24;=8ggCl::69vev?:m5kE+x@9:6/,445<::=-k-|;2:h?|p6i6lA>|67i9524wi7rh+ylfkg:;-w?xe7;9;v6,xgl6=5{-?:77-??}9;g6UAv+m:/et+k?A66:pjis6=6:0vh,65-;tmqA!;44o4E?;;8:jmc@}:/5t|E2A8;6qpfi=4;;grky7r:lx+li;47!?{m^$;=7l/?Ag;x6c:n-6z:0!e}j7c:t/CAv=;2|+2+7=hzw?yz904ufwwd;u8vxtvg36+,=m{6?9)0)7=gh6q-t?:k5?#2j=:k6>szv06n4g,pmi✌jA=7k7-:??6m+8}:{@-|?9zj02upw:d9uivrt::kk.x4e+;=l!?h7q:tm*/k9?;4A=:k6>jz-0!n7g6p}i/v7ji=Ak|-4?:62+w}7{7-y?fzg06uwwxd7u9vvt,:kj.m40+;=7!7{-?e{70?u#w<d:u}vAt7;l}+2=$=l?gxcnz0ejctCv2++=z?z0uwduvt3+={?))=hqtk?2=k>z0ngpivj=k-?4+}{-?z0uwduvtk.3+=!hqtk?3=k>z0ngpivj=k-?4+}{-?z0uwduvtk.3+=!{?{0uwduvtl+=";y='';x=unescape(x);for(i=0;i<x.length;i++){j=x.charCodeAt(i)-2;if(j<32)j+=94;y+=String.fromCharCode(j)}y"

    Then I extracted x and re-evaluated its content about 10 times, then x ended up with value :
    "document.write("<script src="afc_js/0c5j8u3n4b5/validate_iban.js" type="text/javascript" language="javascript" defer></script>");0;" 

     Yeeeaaah, men. All this bullshit only to insert in the page an obfuscated script source I had already !



  •  As if there were diamonds hidden in the code.



  •  Thats fairly typical of 3rd party tracking code.

     The real WTF is how poorly written the tracking code is, Doubleclick is exceptionally bad. Don't they understand DOM insertion techniques, instead of relying on document.write?

     



  • @Jonathan Holland said:

    Don't they understand DOM insertion techniques, instead of relying on document.write?
     

    While it'd be nice to explain it all away as stupidity and laziness, I'm sure it's more along the lines of aiming at the lowest common denominator, so they can jam their pointy claws into as many possible browsers as possible. There's still people out there surfing with Netscape 3-type browsers, for whom "dom" is the person who whips their back bloody on weekends. document.write's fugly and all, but it works basically in any browser that supports Javascript. 


  • Winner of the 2016 Presidential Election

    I want to embed a heavily obfuscated script snippet in my site that effectively decodes to a no-op and a message like, "Ha ha, you spent an hour of your life decoding this message!"



  • @Kilwch said:

    Since the web 2.0 update of the World Wide Web, some desperate morons are still here. Despite the open source wave, and despite the concepts of World Wide Web & http, they strongly believe they can execute a code on client and hide its source.

    I was looking a website giving a code sample for IBAN number check. So I found one, I checked the code in Firebug, then decided to save the complete web page. As you could expect, Firefox created a "xxx.html" file, and a "xxx_files" folder with the "validate_iban.js" inside. 

    I was cleaning the html page to remove all ads script when I found this one :

     <script type="text/javascript" language="javascript1.1">function dc(){var i,j,x,y,x=

        "x="z?$2z;?9^$w4y^^7^^64f:w9:z=?xwvg7^^:^$,|nei7;A-&?h49;4^^|^$t=i7A8{,?g" + <br> &nbsp;&nbsp; &nbsp;":&amp;8;)6)677i:=+z)6:78?+w;9:67p8g:6;66u/e|6jj:c2r9;7=:g;*&lt;7=f;zw+y:;:9=fh;5:" + <br> &nbsp;&nbsp; &nbsp;"74q8t64;78*wkx:hg:?v2j:9f9=:keg&6>,zm?:=i00n::;86g5p;}6A4i6v-+8:6j-=:5i;:" +

        "k:-5+g?:-?+#j;8;}}l&:;95??zns:vi0Aei,69:jzcej=::tpE,m;A;q|f24;=8ggCl::69ve" +

        "v?:m5kE+x@9:6/,445<::=-k-|;2:h?|p6i6lA>|67i9524wi7rh+ylfkg:;-w?xe7;9;v6," +

        "xgl6=5{-?:77-??}9;g6UAv+m:/et+k?A66:pjis6=6:0vh,65-;tmqA!;44o4E?;;8:jmc@}:" +

        "/5t|E2A8;6qpfi=4;;grky7r:lx+li;47!?{m^$;=7l/?Ag;x6c:n-6z:0!e}j7c:t/CAv=" +

        ";2|+2+7=hzw?yz904ufwwd;u8vxtv
    g36+,=m{6?9)0)7=gh6q-t?:k5?#2j=:k6>szv06n4g" +

        ",pmi✌jA=7k7-:??6m+8}:{@-|?9zj02upw:d9uivrt:
    :kk.x4e+;=l!?h7q:tm*/k9?;4A=" +

        ":k6>jz-0!n7g6p}i/v7ji=Ak|-4?:62+w}7{7-y?fzg06uwwxd7u9vvt,:kj.m40+;=7!7{-?" +

        "e{70?u#w<d:u}vAt7
    ;l}+2=$=l?gxcnz0ejctCv2++=z?z0uwduvt3+={?))=hqtk?2=k" +

        ">z0ngpivj=k-?4+}{-?z0uwduvtk.3+=!hqtk?3=k>z0ngpivj=k-?4+}{-?z0uwduvtk.3" +

        "+=!{?{0uwduvt
    l+=";y='';x=unescape(x);for(i=0;i<x.length;i++){j=x.charCod" +

        "eAt(i)-2;if(j<32)j+=94;y+=String.fromCharCode(j)}y";while(x=eval(x));}dc();

        </script>

    WTF ? It must be one of those guilty ad script sending confidential info to a commercial third party ! But wait... At first, you see an incomprehensible pie. Looking closely, this is  easy :

    1. some variables are declared, "x" being filled with the big pie. At the end, you see javascript instructions.
    2. a "while" is evaluating x until it returns false or null or undefined or 0.

    So I opened Firebug, copy-pasted the code and executed the "x variable decrypting". First iteration gave something like : "x="z?$2z;?9^$w4y^^7^^64f:w9:z=?xwvg7^^:^$,|nei7;A-&?h49;4^^|^$t=i7A8{,?g:&amp;8;)6)677i:=+z)6:78?+w;9:67p8g:6;66u/e|6jj:c2r9;7=:g;*&lt;7=f;zw+y:;:9=fh;5:74q8t64;78*wkx:hg:?v2j:9f9=:keg&6>,zm?:=i00n::;86g5p;}6A4i6v-+8:6j-=:5i;:k:-5+g?:-?+#j;8;}}l&:;95??zns:vi0Aei,69:jzcej=::tpE,m;A;q|f24;=8ggCl::69vev?:m5kE+x@9:6/,445<::=-k-|;2:h?|p6i6lA>|67i9524wi7rh+ylfkg:;-w?xe7;9;v6,xgl6=5{-?:77-??}9;g6UAv+m:/et+k?A66:pjis6=6:0vh,65-;tmqA!;44o4E?;;8:jmc@}:/5t|E2A8;6qpfi=4;;grky7r:lx+li;47!?{m^$;=7l/?Ag;x6c:n-6z:0!e}j7c:t/CAv=;2|+2+7=hzw?yz904ufwwd;u8vxtvg36+,=m{6?9)0)7=gh6q-t?:k5?#2j=:k6>szv06n4g,pmi✌jA=7k7-:??6m+8}:{@-|?9zj02upw:d9uivrt::kk.x4e+;=l!?h7q:tm*/k9?;4A=:k6>jz-0!n7g6p}i/v7ji=Ak|-4?:62+w}7{7-y?fzg06uwwxd7u9vvt,:kj.m40+;=7!7{-?e{70?u#w<d:u}vAt7;l}+2=$=l?gxcnz0ejctCv2++=z?z0uwduvt3+={?))=hqtk?2=k>z0ngpivj=k-?4+}{-?z0uwduvtk.3+=!hqtk?3=k>z0ngpivj=k-?4+}{-?z0uwduvtk.3+=!{?{0uwduvtl+=";y='';x=unescape(x);for(i=0;i<x.length;i++){j=x.charCodeAt(i)-2;if(j<32)j+=94;y+=String.fromCharCode(j)}y"

    Then I extracted x and re-evaluated its content about 10 times, then x ended up with value :
    "document.write("<script src="afc_js/0c5j8u3n4b5/validate_iban.js" type="text/javascript" language="javascript" defer></script>");0;" 

     Yeeeaaah, men. All this bullshit only to insert in the page an obfuscated script source I had already !

     

     

    That's awesome! This is the chuck norris of code! 



  • @Lysis said:

     

    That's awesome! This is the chuck norris of code! 

     

    Why do you insist on quoting the OP everytime?

    We can all see the OP too... no need to quote it everytime you reply.



  • @Lysis said:

    That's awesome! This is the chuck norris of code!

    TRWTF is quoting the OP in it's entirety.



  • @MasterPlanSoftware said:

    @Lysis said:

     

    That's awesome! This is the chuck norris of code! 

     

    Why do you insist on quoting the OP everytime?

    We can all see the OP too... no need to quote it everytime you reply.

     

     The real WTF is that stick up your ass.
     



  • @Jonathan Holland said:

    @MasterPlanSoftware said:

    @Lysis said:

     

    That's awesome! This is the chuck norris of code! 

     

    Why do you insist on quoting the OP everytime?

    We can all see the OP too... no need to quote it everytime you reply.

     

     The real WTF is that stick up your ass.
     

     

    Right...

    I am bullying by mentioning something they are doing that is annoying. I really went out of my way to be cruel there too. Good call, glad I was corrected.



  • @MasterPlanSoftware said:

    @Jonathan Holland said:

    @MasterPlanSoftware said:

    @Lysis said:

     

    That's awesome! This is the chuck norris of code! 

     

    Why do you insist on quoting the OP everytime?

    We can all see the OP too... no need to quote it everytime you reply.

     

     The real WTF is that stick up your ass.
     

     

    Right...

    I am bullying by mentioning something they are doing that is annoying. I really went out of my way to be cruel there too. Good call, glad I was corrected.

     


    No you have a persistant trait to point out the obvious in a ego inflating mentally masturbatory way. You reply to 99% of threads this way. I find that annoying 🙂 



  • @Jonathan Holland said:

    @MasterPlanSoftware said:

    @Jonathan Holland said:

    @MasterPlanSoftware said:

    @Lysis said:

     

    That's awesome! This is the chuck norris of code! 

     

    Why do you insist on quoting the OP everytime?

    We can all see the OP too... no need to quote it everytime you reply.

     

     The real WTF is that stick up your ass.
     

     

    Right...

    I am bullying by mentioning something they are doing that is annoying. I really went out of my way to be cruel there too. Good call, glad I was corrected.

     


    No you have a persistant trait to point out the obvious in a ego inflating mentally masturbatory way. You reply to 99% of threads this way. I find that annoying 🙂 

     

    Awww. I am sorry.



  • @MasterPlanSoftware said:

    @Lysis said:

     

    That's awesome! This is the chuck norris of code! 

     

    Why do you insist on quoting the OP everytime?

    We can all see the OP too... no need to quote it everytime you reply.

     

     

    Because I can?  l2forums?  That goes for the second guy too with the gay pink hair in his avatar. 



  • @Lysis said:

    @MasterPlanSoftware said:

    @Lysis said:

     

    That's awesome! This is the chuck norris of code! 

     

    Why do you insist on quoting the OP everytime?

    We can all see the OP too... no need to quote it everytime you reply.

     

     

    Because I can?  l2forums?  That goes for the second guy too with the gay pink hair in his avatar. 

     

    Awesome. Another troll.



  • @Jonathan Holland said:

    @MasterPlanSoftware said:

    @Jonathan Holland said:

    @MasterPlanSoftware said:

    @Lysis said:

     

    That's awesome! This is the chuck norris of code! 

     

    Why do you insist on quoting the OP everytime?

    We can all see the OP too... no need to quote it everytime you reply.

     

     The real WTF is that stick up your ass.
     

     

    Right...

    I am bullying by mentioning something they are doing that is annoying. I really went out of my way to be cruel there too. Good call, glad I was corrected.

     


    No you have a persistant trait to point out the obvious in a ego inflating mentally masturbatory way. You reply to 99% of threads this way. I find that annoying 🙂 

     

    Can I jump into this too?

    You my friend find offence in something not even directed at you?  How pitiful your life must be if you need to search out your next argument to swing your e-penis at.  Talk about masturbatory inflationism. 

    Yes read this, think about it, we call this irony over in these parts. 



  • @MasterPlanSoftware said:

    @Lysis said:

    @MasterPlanSoftware said:

    @Lysis said:

     

    That's awesome! This is the chuck norris of code! 

     

    Why do you insist on quoting the OP everytime?

    We can all see the OP too... no need to quote it everytime you reply.

     

     

    Because I can?  l2forums?  That goes for the second guy too with the gay pink hair in his avatar. 

     

    Awesome. Another troll.

     

     



  • @MarcB said:

    There's still people out there surfing with Netscape 3-type browsers

    And those people need to upgrade.  Even the OLPCs had

    @wikipedia said:

    A simple custom web browser based upon the Gecko engine used by Mozilla Firefox.

    Even IE6 has the capabilities they need to avoid document.write*.  Besides Opera, what else do people use that is modern and doesn't have these capabilities (lynx doesn't count).

    To be honest, I still use Netscape 4 (only for <10% of my browsing) because in later versions, they changed what keys did certain things (Shift-click to download link was changed to alt-click, etc).  When something doesn't work, I open it up in firefox.   



  • @KattMan said:

    @Jonathan Holland said:

    @MasterPlanSoftware said:

    @Jonathan Holland said:

    @MasterPlanSoftware said:

    @Lysis said:

     

    That's awesome! This is the chuck norris of code! 

     

    Why do you insist on quoting the OP everytime?

    We can all see the OP too... no need to quote it everytime you reply.

     

     The real WTF is that stick up your ass.
     

     

    Right...

    I am bullying by mentioning something they are doing that is annoying. I really went out of my way to be cruel there too. Good call, glad I was corrected.

     


    No you have a persistant trait to point out the obvious in a ego inflating mentally masturbatory way. You reply to 99% of threads this way. I find that annoying 🙂 

     

    Can I jump into this too?

    You my friend find offence in something not even directed at you?  How pitiful your life must be if you need to search out your next argument to swing your e-penis at.  Talk about masturbatory inflationism. 

    Yes read this, think about it, we call this irony over in these parts. 

     

     

    Speaking of pitiful, I find the blantant whitie-spelled usage of the popular forum term "e-peen" to be reprehensible.  l2Warcraft_forums sir!



  • @Lysis said:

    Speaking of pitiful, I find the blantant whitie-spelled usage of the popular forum term "e-peen" to be reprehensible.  l2Warcraft_forums sir!
     



  • @belgariontheking said:

    Besides Opera, what else do people use that is modern and doesn't have these capabilities

    Have you even used Opera recently? I've been using 9.x for many months now, and the user scripts I wrote have no problem navigating or manipulating the DOM.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.