Secure Email with Javascript - How Does the Code Work?

Question

Secure Email with Javascript - How Does the Code Work?

Can someone make out this and explain to me how it works? This is a secure email link.

<script type="text/javascript"> //<![CDATA[ <!-- var x="function f(x){var i,o=\"\",l=x.length;for(i=0;i<l;i+=2) {if(i+1<l)o+=" + "x.charAt(i+1);try{o+=x.charAt(i);}catch(e){}}return o;}f(\"ufcnitnof x({)av" + " r,i=o\\\"\\\"o,=l.xelgnhtl,o=;lhwli(e.xhcraoCedtAl(1/)3=!11)1t{yrx{=+;x+ll" + "=};acct(h)e}{f}roi(l=1-i;=>;0-i)-o{=+.xhcratAi(;)r}teru n.oussbrt0(o,)l};(f" + ")\\\"43\\\\,q\\\"sydn%{~l/,\\\\\\\\\\\\\\\\20\\\\0r\\\\gggo2>02\\\\\\\\27\\" + "\\07\\\\01\\\\\\\\23\\\\07\\\\02\\\\\\\\13\\\\0Y\\\\30\\\\04\\\\02\\\\\\\\3" + "1\\\\04\\\\03\\\\\\\\00\\\\0O\\\\3R1L6Q01\\\\\\\\06\\\\05\\\\03\\\\\\\\01\\" + "\\03\\\\02\\\\\\\\GF6801\\\\\\\\\\\\r2\\\\00\\\\\\\\3N<7<132\\\\06\\\\#3;?}" + "'0< =w<?# &*)1d03\\\\\\\\%y3'7(03\\\\\\\\1_00\\\\\\\\36\\\\03\\\\02\\\\\\\\" + "UTC]G_5C03\\\\\\\\_FBUN[OC\\\"\\\\f(;} ornture;}))++(y)^(iAtdeCoarchx.e(odr" + "ChamCro.fngriSt+=;o27=1y%2;*=)yy)3+(4i>f({i+)i+l;i<0;i=r(foh;gten.l=x,l\\\"" + "\\\\\\\"\\\\o=i,r va){,y(x fontincfu)\\\"\")" ; while(x=eval(x)); //--> //]]> </script>

+4

javascript email

snitko Feb 12 '10 at 7:38

source share

3 answers

The javascript code generated by the HiveLogic Enkoder looks ugly, but actually quite simple. It can be easily undone.

he uses 3 levels of obfuscation.

SHORT ANSWER

This code means something like:

eval(swapLetters_2by2(reverse_text(XOR_decode(document.write("some HTML")))));

swapLetters_2by2 () will split the text into blocks of two letters and flip them. for example: "function" => fu nc ti on => uf cn it no => "ufcnitno" .
reverse_text () will simply cancel the text (just like strrev in php or [:: - 1] in python).
Finally, XOR_decode () decodes some XOR-encoded text

LONG RESPONSE

Here are three algorithms used by the HiveLogic Enkoder to decode some encoded HTML:

XOR: Third Level Obfuscation

The javascipt function used by Enkoder to decode XOR is as follows:

 function f(x,y)//x is the encoded text. y is the key for decoding (it a number who increase) { var i,o="",//o will be the decoded text l=x.length; for(i=0;i<l;i++)//for all letters of the text { y%=127;//127 because a char is a number from [-128;127]. o+=String.fromCharCode(x.charCodeAt(i)^(y));// o+=x^y . o is a string, xa char y++; } return o; } f("the encoded text",A_RANDOM_NUMBER);

This is the basic XOR () decoding / encoding function. (I say decode / encode because, as you probably know, its XOR(XOR(x))=x . The function for encoding is the same as for decoding)

However, sometimes separate "protections" are added to the for loop, for example

 if(i>A_RANDOM_NUMBER+y) { y*=SOMEVALUE or y+=SOMEVALUE; }

Reverse Text: Second Level Obfuscation

The inverse text algorithm simply inverts the string: Hello world => dlrow olleH .

 function f(x) { var i,o="",l=x.length; for(i=l-1;i>=0;i--)//for all letters from last to first. { o+=x.charAt(i);//and adding them into a new variable, from last to first } return o; } f("the XOR encoded AND reversed text");

I simplified the function because sometimes additional code is added, surrounded by "if", which never run. this code is only for brain people who analyze the hiveLogic encoder.

Swap Letters: First Level Obfuscation

Swap swap algorithm just flips two-letter blocks

 function f(x) { var i,o="",l=x.length; for(i=0;i<l;i+=2)//for all 2 letters { if(i+1<l)o+=x.charAt(i+1);//adding first the letter at i+1 in a new var o+=x.charAt(i);//then adding the letter at i } return o; } f("XOR encoded, reversed, and 2 by 2 swapped text");

As you can see the thesis, the three settings are pretty easy to understand.

So for your javascript:

First you have this code:

 //the swaping 2 by 2 letters function function f(x){var i,o="",l=x.length;for(i=0;i<l;i+=2) {if(i+1<l)o+=x.charAt(i+1);try{o+=x.charAt(i);}catch(e){}}return o;} //the XOR, reversed and flipped text f("ufcnitnof x({)av r,i=o\"\"o,=l.xelgnhtl,o=;lhwli(e.xhcraoCedtAl(1/)3=!11)1t{yrx{=+;x+ll=};acct(h)e}{f}roi(l=1-i;=>;0-i)-o{=+.xhcratAi(;)r}teru n.oussbrt0(o,)l};(f)\"43\\,q\"sydn%{~l/,\\\\\\\\20\\0r\\gggo2>02\\\\27\\07\\01\\\\23\\07\\02\\\\13\\0Y\\30\\04\\02\\\\31\\04\\03\\\\00\\0O\\3R1L6Q01\\\\06\\05\\03\\\\01\\03\\02\\\\GF6801\\\\\\r2\\00\\\\3N<7<132\\06\\#3;?}'0< =w<?# &*)1d03\\\\%y3'7(03\\\\1_00\\\\36\\03\\02\\\\UTC]G_5C03\\\\_FBUN[OC\"\\f(;} ornture;}))++(y)^(iAtdeCoarchx.e(odrChamCro.fngriSt+=;o27=1y%2;*=)yy)3+(4i>f({i+)i+l;i<0;i=r(foh;gten.l=x,l\"\\\"\\o=i,r va){,y(x fontincfu)\"")

After performing this result will be:

 //the reverse text function function f(x){var i,o="",ol=x.length,l=ol;while(x.charCodeAt(l/13)!=111){try{x+=x;l+=l;}catch(e){}}for(i=l-1;i>=0;i--){o+=x.charAt(i);}return o.substr(0,ol);} //the XOR encoded and reversed text f(")34,\"qysnd{%l~,/\\\\020\\rggog>220\\720\\710\\320\\720\\310\\Y030\\420\\130\\430\\000\\OR3L1Q610\\600\\530\\100\\320\\FG8610\\r\\200\\N37<1<230\\63#?;'}<0= <w#?& )*d130\\y%'3(730\\_100\\630\\320\\TU]C_GC530\\F_UB[NCO\"(f};o nruter};))++y(^)i(tAedoCrahc.x(edoCrahCmorf.gnirtS=+o;721=%y;2=*y))y+34(>i(fi{)++i;l<i;0=i(rof;htgnel.x=l,\"\"=o,i rav{)y,x(f noitcnuf");

Then you execute it again and you get the following result:

 //the XOR decoding function. //Note that you have one additional encoding in it : if(i>43+y)y*=2; function f(x,y){var i,o="",l=x.length;for(i=0;i<l;i++){if(i>(43+y))y*=2;y%=127;o+=String.fromCharCode(x.charCodeAt(i)^(y++));}return o;} //the XOR encoded text. f("OCN[BU_F\035CG_C]UT\023\036\001_\037(3'%y\031d*) &?#w< =0<}';?#36\032<1<73N\002\r\0168GF\023\001\035\006\016Q1L3RO\000\034\031\024\030Y\013\027\023\017\027\022>goggr\020\\/,~l%{dnsyq",43);

Finally, you execute it again and some javascript containing your email will be printed.:

 document.writeln("<a href=\"mailto:roman.[PROTECTED]@gmail.com\" title=\"\">roman.[PROTECTED]@gmail.com</a>");0;

Congratulations, confusing Javascript is now decoded.

However, I want you to confirm that your code is not a common case: sometimes the code created by HiveLogic Enkoder is just swapLetters_2by2(XOR_decode()) . Or reverse_text(XOR_decode()) (as far as I saw, XOR encoding is always used)

I also want you to warn you and warn all users who read this: yes, Enkoder blocks spam bots that do not understand javascript. But the encoder uses only 3 very fundamental functions to encode your email address, so hackers and scammers will probably write (... probably written) some decoding script for the HiveLogic Enkoder

0

gusfl Jun 15 '16 at 9:52

source share

CRYTPO WALET ACCOUNT PROBLEM SUPPORT TEAM.

Outside of various bitcoin online trading communities

we strictly provide quick assistance to those online investors who are faced with various problems

left SERVICE PROVIDER wallet (support team) unattended.

EG:

BLOCKSTREAM (blockchain)

Blockstream has a number of well-known developers of the Bitcoin core, and it is one of the largest

software financing investors. The company is trying to make this possible.

"break off" transactions from the Bitcoin network,

make the number "BROCHURE REGISTRATION ACCOUNTS" on the network

could cope with less important and most of the time did not even consider how to eat

Millions of “REQUEST TICKETS” in the team supports the cue.

“BE SMART SUFFICIENT” to know that these companies are becoming global and don't even care if ONE of

more than a million customers they received need support

eg

LOST PASSWORD GLUCH!

TWO FACTORS, AUTHORICATOR, GLUCH!

LOST ID OR PASSWORD!

Hacked account DECISION!

Stolen Bitcoin $!

BITCOIN ACCOUNT PHISHING!

ERROR INPUT!

BITCOIN Trading Fraud!

RECOVERY FUNDS

in such cases, your bitcoin is trapped (probably lost forever)

COINBASE / TEAM SUPPORT

BINANCE / TEAM SUPPORT

Kraken / TEAM SUPPORT

BITFINEX / TEAM SUPPORT

HITBTC / TEAM SUPPORT

LOCALBITCOIN / TEAM SUPPORT

BLOCKCHAIN / TEAM SUPPORT

The support team is listed, and those not listed above cannot solve your problem 100%.

how long should you wait for us to provide you with a legitimate evidence hacker

Past work has been reviewed without having to wait long for your problems to be resolved.

CONTACT US NOW TO RECEIVE AN ACCOUNT

CRYPTOACCOUNTS_SUPPORT.ORG@PROTONMAIL.COM

Thanks for reading this article.

-6

cryptoaccounts_supports cooper May 09 '19 at 12:39

source share

Amber · Accepted Answer · 2010-02-12T07:46:41+0000

eval() takes a string, interprets it as Javascript code.

What the while(x=eval(x)) does is to compute the string in x as code and get the result, store it in x and repeat it until the result becomes false.

Thus, the content is some Javascript code, which was then “abstracted” into another set of Javascript code that can create the source code as a string; this abstraction was then repeated an arbitrary number of times. The while unwraps these repeating abstractions until the Javascript source code is created, and then the final eval() runs the actual code.

 var x="function f(x){var i,o=\"\",l=x.length;for(i=0;i<l;i+=2) {if(i+1<l)o+=" + "x.charAt(i+1);try{o+=x.charAt(i);}catch(e){}}return o;}f(\"ufcnitnof x({)av" + " r,i=o\\\"\\\"o,=l.xelgnhtl,o=;lhwli(e.xhcraoCedtAl(1/)3=!11)1t{yrx{=+;x+ll" + "=};acct(h)e}{f}roi(l=1-i;=>;0-i)-o{=+.xhcratAi(;)r}teru n.oussbrt0(o,)l};(f" + ")\\\"43\\\\,q\\\"sydn%{~l/,\\\\\\\\\\\\\\\\20\\\\0r\\\\gggo2>02\\\\\\\\27\\" + "\\07\\\\01\\\\\\\\23\\\\07\\\\02\\\\\\\\13\\\\0Y\\\\30\\\\04\\\\02\\\\\\\\3" + "1\\\\04\\\\03\\\\\\\\00\\\\0O\\\\3R1L6Q01\\\\\\\\06\\\\05\\\\03\\\\\\\\01\\" + "\\03\\\\02\\\\\\\\GF6801\\\\\\\\\\\\r2\\\\00\\\\\\\\3N<7<132\\\\06\\\\#3;?}" + "'0< =w<?# &*)1d03\\\\\\\\%y3'7(03\\\\\\\\1_00\\\\\\\\36\\\\03\\\\02\\\\\\\\" + "UTC]G_5C03\\\\\\\\_FBUN[OC\\\"\\\\f(;} ornture;}))++(y)^(iAtdeCoarchx.e(odr" + "ChamCro.fngriSt+=;o27=1y%2;*=)yy)3+(4i>f({i+)i+l;i<0;i=r(foh;gten.l=x,l\\\"" + "\\\\\\\"\\\\o=i,r va){,y(x fontincfu)\\\"\")" ;

Now...

 > var x1 = eval(x); > x1 function f(x){var i,o="",ol=x.length,l=ol;while(x.charCodeAt(l/13)!=111){try{x+=x;l+=l;}catch(e){}}for(i=l-1;i>=0;i--){o+=x.charAt(i);}return o.substr(0,ol);}f(")34,\"qysnd{%l~,/\\\\020\\rggog>220\\720\\710\\320\\720\\310\\Y030\\420\\130\\430\\000\\OR3L1Q610\\600\\530\\100\\320\\FG8610\\r\\200\\N37<1<230\\63#?;'}<0= <w#?& )*d130\\y%'3(730\\_100\\630\\320\\TU]C_GC530\\F_UB[NCO\"(f};o nruter};))++y(^)i(tAedoCrahc.x(edoCrahCmorf.gnirtS=+o;721=%y;2=*y))y+34(>i(fi{)++i;l<i;0=i(rof;htgnel.x=l,\"\"=o,i rav{)y,x(f noitcnuf")

and then...

 > var x2 = eval(x1); > x2 function f(x,y){var i,o="",l=x.length;for(i=0;i<l;i++){if(i>(43+y))y*=2;y%=127;o+=String.fromCharCode(x.charCodeAt(i)^(y++));}return o;}f("OCN[BU_F\035CG_C]UT\023\036\001_\037(3'%y\031d*) &?#w< =0<}';?#36\032<1<73N\002\r\0168GF\023\001\035\006\016Q1L3RO\000\034\031\024\030Y\013\027\023\017\027\022>goggr\020\\/,~l%{dnsyq",43)

and finally ...

 > var x3 = eval(x2); > x3 document.writeln("<a href=\"mailto:ACTUAL EMAIL REMOVED\" title=\"\">ACTUAL EMAIL REMOVED</a>");0;

Secure Email with Javascript - How Does the Code Work?

SHORT ANSWER

LONG RESPONSE

XOR: Third Level Obfuscation

Reverse Text: Second Level Obfuscation

Swap Letters: First Level Obfuscation

So for your javascript:

More articles: