@Sanguinarious - Jester Blog JS - 9/17/2012

1. -----BEGIN PGP SIGNED MESSAGE-----
2. Hash: RIPEMD160
3.  
4. So, people found this obfuscated javascript on J's site, I took an all of 15 minutes to crack it with my morning coffee.
5.  
6. So, first step is making it pretty http://jsbeautifier.org/ .
7.  
8. ~ Beautified code with commentary ~
9. <script language="javascript" type="text/javascript">
10. var lOI = '==wOpkSZwF2YzV2XoUGchN2cl5WdoUGdpJ3duQnbl1Wdj9GZ7kSMxwGKkxWaoNEZuVGcwFmLslUSKsTXwsVKnQWYlh2JoUWbh50ZhRVeCNHduVWblxWR0V2ZuQnbl1Wdj9GZg0DIslUSgIXY2pwOpwkUV5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0DbyVnJnsSKyVmcyVmZlJnL05WZtV3YvRGK05WZu9Gct92QJJVVlR2bj5WZrcSPmVmcmcyKns2b9MmczRXZn9zLt92YuI3b0F2YzVnZi9GbtRHaukGch9yL6AHd0h2Jg0DIjJ3cuETMspwOpcCdwlmcjN3JoQnbl1WZsVUZ0FWZyNmL05WZtV3YvRGI9ASMxwGIyFmd7cSRzUCdwlmcjN3LDNTJCNTJ5ITJ4ITJ5ITJEdTJBBTJCNTJ5ITJzhjMlQGbph2Qk5WZwBXYuQUNlAjQ1USOyUiMyUCZhVGayITJ4ITJl1WYOdWYUlnQzRnbl1WZsVEdldmL05WZtV3YvRWQwUiQzUiMyUycq5iYhR3LzVnLn5WdtFmLzRXZnRWa39yLBNTJwRHdoJjMlQ0MlMmcz5ycBBTJCNTJlVnc0R0MlMmb5NXYuMHMyUiQzUSOyUiMyUCdwlmcjNnMyUCOyUCduVWblxWRlRXYlJ3YuQnbl1Wdj9GZENTJzBjMlIXY2J0NlAjMlkjMlgjMl42bpR3YuVnZ4ITJBBTJCNTJ5ITJEVTJyITJxN2ayITJwITJDJTJyITJsBHbnhneyMne38GNyITJwITJDJTJyITJiFGdyITJCVTJ4ITJoNXdw5Sdhd3XwITJCNTJEVTJCVTJwITJDdTJDdTJwITJ1F2dfBjMlQ0MlAjMlUXY39FMyUichZXRzUiMyUCdpVTdhd3XyITJENTJklGMyUCdwlmcjN3QzUyJ9UGchN2cl9FIyFmd';
11. var _0x84de = ["ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=", "", "charAt", "indexOf", "fromCharCode", "length"]; // Lol Lookup table obvious fail
12.  
13. function OlO(data) { // This is a basic Base64 decoder, enough said here
14. var OlIlOI = _0x84de[0]; // Base64 decode table
15. var o1, o2, o3, h1, h2, h3, h4, bits, i = 0,
16. enc = _0x84de[1]; // a ""
17. do {
18. h1 = OlIlOI[_0x84de[3]](data[_0x84de[2]](i++));
19. h2 = OlIlOI[_0x84de[3]](data[_0x84de[2]](i++));
20. h3 = OlIlOI[_0x84de[3]](data[_0x84de[2]](i++));
21. h4 = OlIlOI[_0x84de[3]](data[_0x84de[2]](i++));
22. bits = h1 << 18 | h2 << 12 | h3 << 6 | h4;
23. o1 = bits >> 16 & 0xff;
24. o2 = bits >> 8 & 0xff;
25. o3 = bits & 0xff;
26. if (h3 == 64) {
27. enc += String[_0x84de[4]](o1); // indexOf(o1)
28. } else {
29. if (h4 == 64) {
30. enc += String[_0x84de[4]](o1, o2); // indexOf(o1, o2)
31. } else {
32. enc += String[_0x84de[4]](o1, o2, o3); // indexOf(o1, o2, o3)
33. };
34. };
35. } while (i < data[_0x84de[5]]);; // data[length]
36. return enc;
37. };
38.  
39. function OlI(string) { // This function un-reverses the base64 string above, so supa sekret
40. var ret = _0x84de[1], // set ret to ""
41. i = 0;
42. for (i = string[_0x84de[5]] - 1; i >= 0; i--) { // 5 = length if u not figured it out
43. ret += string[_0x84de[2]](i); // charAt
44. };
45. return ret;
46. };
47. eval(OlO(OlI(lOI))); // reverses the base64 back, decrypts base64 string, and executes it via eval
48. </script>
49. ~ Beautified code with commentary ~
50.  
51. ~ Reversed String Fixed ~
52. dmFyIF9lc2NhcGU9JyUzQ3NjcmlwdCUyMGlkJTNEJTIyX3dhdTVpdCUyMiUzRXZhciUyMF93YXUlMjAlM0QlMjBfd2F1JTIwJTdDJTdDJTIwJTVCJTVEJTNCJTIwX3dhdS5wdXNoJTI4JTVCJTIydGFiJTIyJTJDJTIwJTIyNG83enMyenhnbHBsJTIyJTJDJTIwJTIya2NxJTIyJTVEJTI5JTNCJTBBJTI4ZnVuY3Rpb24lMjglMjklMjAlN0J2YXIlMjBzJTNEZG9jdW1lbnQuY3JlYXRlRWxlbWVudCUyOCUyMnNjcmlwdCUyMiUyOSUzQiUyMHMuYXN5bmMlM0R0cnVlJTNCJTBBcy5zcmMlM0QlMjJodHRwJTNBLy93aWRnZXRzLmFtdW5nLnVzL3RhYi5qcyUyMiUzQiUwQWRvY3VtZW50LmdldEVsZW1lbnRzQnlUYWdOYW1lJTI4JTIyaGVhZCUyMiUyOSU1QjAlNUQuYXBwZW5kQ2hpbGQlMjhzJTI5JTNCJTBBJTdEJTI5JTI4JTI5JTNCJTNDL3NjcmlwdCUzRSc7dmFyIGwxMSA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ3NjcmlwdCcpOwpsMTEuc3JjID0gJ2h0dHA6Ly9hcGkuaHRtbG9iZnVzY2F0b3IuY29tLz9nZXRzcmM9b2snKycmcmVmPScrZW5jb2RlVVJJQ29tcG9uZW50KGRvY3VtZW50LnJlZmVycmVyKSsnJnVybD0nK2VuY29kZVVSSUNvbXBvbmVudChkb2N1bWVudC5VUkwpOwp2YXIgSUlsID0gZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoJ2hlYWQnKVswXTsKSUlsLmFwcGVuZENoaWxkKGwxMSk7ZG9jdW1lbnQud3JpdGUodW5lc2NhcGUoX2VzY2FwZSkpOw==
53. ~ Reversed String Fixed ~
54. Used http://textmechanic.com/Reverse-Text-Generator.html
55.  
56. ~ Decoded and beautified ~
57. var _escape = '%3Cscript%20id%3D%22_wau5it%22%3Evar%20_wau%20%3D%20_wau%20%7C%7C%20%5B%5D%3B%20_wau.push%28%5B%22tab%22%2C%20%224o7zs2zxglpl%22%2C%20%22kcq%22%5D%29%3B%0A%28function%28%29%20%7Bvar%20s%3Ddocument.createElement%28%22script%22%29%3B%20s.async%3Dtrue%3B%0As.src%3D%22http%3A//widgets.amung.us/tab.js%22%3B%0Adocument.getElementsByTagName%28%22head%22%29%5B0%5D.appendChild%28s%29%3B%0A%7D%29%28%29%3B%3C/script%3E';
58. var l11 = document.createElement('script');
59. l11.src = 'http://api.htmlobfuscator.com/?getsrc=ok' + '&ref=' + encodeURIComponent(document.referrer) + '&url=' + encodeURIComponent(document.URL);
60. var IIl = document.getElementsByTagName('head')[0];
61. IIl.appendChild(l11);
62. document.write(unescape(_escape));
63. ~ Decoded and beautified ~
64. Used http://online-calculators.appspot.com/base64/
65.  
66. And... That is all... you paranoid fuckers
67.  
68. - - @Sanguinarious
69. -----BEGIN PGP SIGNATURE-----
70. Version: GnuPG v2.0.17 (MingW32)
71.  
72. iQIcBAEBAwAGBQJQVzWlAAoJEA+T4ieeOTwmwzEP/iAKlFKPl/DHNkSzPsucTQun
73. dwV+C4XMGa7TYrKBRz6er6RDFImGqM90f/7UvTmBGmBjq7fYJehw7yRseoe6RJw2
74. plCS926FtjOY/jk0M7q/QgT2yrVzzx6M3dmQ09BqlDcWkRfY76ZeZS7KbGtFaJPh
75. By5GKW5dELBi1MSZ6bHS6lvbTpM5fmWL0SHsDB+oZDagq6eyJ5K1UPpxR4crlqgV
76. y6kox5TDRBDFTvRnLxaXmgk0mK5uoE4j2n/pgZx8Q+Z3l82kMfGtxuF6h0vn4Z1k
77. IUoqGiyqU3KNRPWYAzAGn/xzRDJDvlev5reG8SqIZHNTPVNZCYOrRfIIEwqYA6pt
78. GkjtNbtfVuC9GXy0rUeek+ETj+HzW0N1P56mS9G4QnAwM6kVvo0aXg0pNIFiclQK
79. qYmxXykheq2RgFXn3mkeX+EogWj0k3K46LOQd4tAEHGNu9l2z7u+3+mkfmfH1Xyp
80. CDkDonCanz8g3vnB2LNmLykpWdy+vMARRhIbOfk7zR7nL0r5uM1QLFaHW8l/24Cv
81. OqRNe4rW9Todg1MRVcb+aO27vIHokrO41NVXANvlbx+bosiomD9LxYN2usVXSTtN
82. rERmyvXxd0x4A3SpnOmlNk8T11BypPWYXHY9kwU593fGp6jfY9r4UEWYDVOdhlKU
83. Z7EbJK0SAzf8xRiij0GT
84. =AN9X
85. -----END PGP SIGNATURE-----