Deobfuscating Javascript [closed]

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center. Closed 9 years ago.

What is this monstrosity? Anyone know of a way to make it readable?

<script type="text/javascript"> 
    //<![CDATA[
    <!--
    var x="function f(x){var i,o=\"\",l=x.length;for(i=0;i<l;i+=2) {if(i+1<l)o+=" +
    "x.charAt(i+1);try{o+=x.charAt(i);}catch(e){}}return o;}f(\"ufcnitnof x({)av" +
    " r,i=o\\\"\\\"o,=l.xelgnhtl,o=;lhwli(e.xhcraoCedtAl(1/)3=!76{)rt{y+xx=l;=+;" +
    "lc}tahce({)}}of(r=i-l;1>i0=i;--{)+ox=c.ahAr(t)i};erutnro s.buts(r,0lo;)f}\\" +
    "\"(0),9\\\"\\\\$.;(.34U03\\\\\\\\16\\\\0E\\\\NSCZhC24\\\\03\\\\01\\\\\\\\St" +
    "DEMPbM02\\\\0C\\\\x#opms58aJ}qb<jb7`17\\\\\\\\hc7s17\\\\\\\\rzEeljdp7m03\\\\"+
    "\\\\36\\\\0F\\\\24\\\\06\\\\01\\\\\\\\25\\\\01\\\\02\\\\\\\\26\\\\03\\\\03\\"+
开发者_如何学Go    "\\\\\\(W4N02\\\\\\\\24\\\\02\\\\00\\\\\\\\07\\\\0N\\\\14\\\\0P\\\\BI07\\\\0" +
    "4\\\\00\\\\\\\\02\\\\02\\\\02\\\\\\\\14\\\\06\\\\02\\\\\\\\24\\\\0L\\\\25\\" +
    "\\06\\\\01\\\\\\\\3:?(>4\\\"\\\\f(;} ornture;}))++(y)^(iAtdeCoarchx.e(odrCh" +
    "amCro.fngriSt+=;o27=1y%i;+=)y90==(iif){++;i<l;i=0(ior;fthnglex.l=\\\\,\\\\\\"+
    "\"=\\\",o iar{vy)x,f(n ioctun\\\"f)\")"                                      ;
    while(x=eval(x));
    //-->
    //]]>
</script> 

---

This a really obfuscated version of:

document.writeln("<a href=\"mailto:cameron@curvycorners.net\" title=\"Contact\">Contact</a>");

I assume it is obfuscated this much to avoid spammers. But of course spambots could just render the page with Webkit and traverse the DOM for email addresses ... ;)

So.. how to deobfuscate?

1. Go to http://jsbeautifier.org/
2. Paste the source and beautify it
3. Edit the function f(x) so it does console.log(o) instead of return o
4. Execute the modified code and beautify its output.
5. Repeat steps 2-4 until it is readable.

---

There are two main reasons for obfuscating ones code:

1. The person who wrote it didn't want to provide the code in readable form to avoid from stealing his intellectual property
2. Virus, Spyware, ...

In the first case I would suggest you asking the author to provide you the source code.

---

It is doing something like this:

document.writeln("< a href=\"mailto:cameron@curvycorners.net\" title=\"Contact\">Contact</a>");

So something like a copyright notice

Full source

function f(x, y) {
    var i, o = "", l = x.length;
    for (i = 0; i < l; i++) {
        if (i == 90) {
            y += i;
        }
        y %= 127;
        o += String.fromCharCode(x.charCodeAt(i) ^ y++);
    }
    return o;
}

f(">4?(3:\x0E\x15L\x14\x16\f\x12\x02\x04\x07BIP\fN\x07\x02\x14\x14N(W\x1B\x16\x11\x15\x0E\x14F\x1E\x1FmdpljEerz\x7Fshc\x7F`jbb<}qaJ58msopx#C\x02bMMPDESt\v\x14hCCZNSE\x0E\x1CU.3;($.", 90);

Done with Firefox addon "Javascript Deobfuscator"

---

Edit: Looks like some people beat me to it after all. Thanks!

---

After the unhelpful "Answers" received from some of the big guns (5 digit rep score) I decided to de-obfuscate it myself:

document.writeln("<a href=\"mailto:cameron@curvycorners.net\" title=\"Contact\">Contact</a>");0;

The whole shebang is just a very over-the-top way of hiding an email address.

---

To do this go to your firebug console and execute this:

    var x="function f(x){var i,o=\"\",l=x.length;for(i=0;i<l;i+=2) {if(i+1<l)o+=" +
    "x.charAt(i+1);try{o+=x.charAt(i);}catch(e){}}return o;}f(\"ufcnitnof x({)av" +
    " r,i=o\\\"\\\"o,=l.xelgnhtl,o=;lhwli(e.xhcraoCedtAl(1/)3=!76{)rt{y+xx=l;=+;" +
    "lc}tahce({)}}of(r=i-l;1>i0=i;--{)+ox=c.ahAr(t)i};erutnro s.buts(r,0lo;)f}\\" +
    "\"(0),9\\\"\\\\$.;(.34U03\\\\\\\\16\\\\0E\\\\NSCZhC24\\\\03\\\\01\\\\\\\\St" +
    "DEMPbM02\\\\0C\\\\x#opms58aJ}qb<jb7`17\\\\\\\\hc7s17\\\\\\\\rzEeljdp7m03\\\\"+
    "\\\\36\\\\0F\\\\24\\\\06\\\\01\\\\\\\\25\\\\01\\\\02\\\\\\\\26\\\\03\\\\03\\"+
    "\\\\\\(W4N02\\\\\\\\24\\\\02\\\\00\\\\\\\\07\\\\0N\\\\14\\\\0P\\\\BI07\\\\0" +
    "4\\\\00\\\\\\\\02\\\\02\\\\02\\\\\\\\14\\\\06\\\\02\\\\\\\\24\\\\0L\\\\25\\" +
    "\\06\\\\01\\\\\\\\3:?(>4\\\"\\\\f(;} ornture;}))++(y)^(iAtdeCoarchx.e(odrCh" +
    "amCro.fngriSt+=;o27=1y%i;+=)y90==(iif){++;i<l;i=0(ior;fthnglex.l=\\\\,\\\\\\"+
    "\"=\\\",o iar{vy)x,f(n ioctun\\\"f)\")"                                      ;
    while(x=eval(x)){
        console.log(x);
    }

---

You'll have to get it out of that string to unpack it, and much of that work will be manual, since some of it appears to be encoded.

But I agree with Darin. Ask the author for unobfuscated source.