Decompress JavaScript compressed by /packer/ and other Compressors
Posted 2008-06-09 in JavaScript by Johann.
JavaScript code is frequently compressed. This is done to
- transmit JavaScript faster,
- make pages load faster by
- reducing the number of HTTP requests and
- making the JavaScript harder to read (obfuscate it).
It is often helpful to be able to uncompress JavaScript again. You could want to regain access to compressed code where the original code does no longer exist or you might want to understand what vulnerabilities crackers are exploiting.
JavaScript compressors
All JavaScript packers consist of two parts:
- A decompressor that uncompresses and loads the original JavaScript.
- A data segment that contains the compressed JavaScript code.
Dynamic JavaScript
JavaScript can be loaded dynamically using the following methods:
eval
. Theeval
function evaluates a string argument that contains JavaScript.- Writing a new
<script>
element to the page usingdocument.write
. new Function(string)
. TheFunction
constructor can be used to evaluate JavaScript code, in a similar way toeval
.
In most packers, eval
is used, followed by document.write
.
Decompressing
To decompress JavaScript, simply replace the methods described above by one of the following:
alert
. Thealert
will simply print the code in a popup-window.- If the JavaScript appears after the
<body>
element, you can add a<textarea>
like so:
<textarea id="code"></textarea>
Then, replaceeval(…);
bydocument.getElementById("code").value=…;
.
/packer/
A typical JavaScript compressed with /packer/ starts with the following code:
eval(function(p,a,c,k,e,r)…
eval
can simply be replaced by alert
.
JavaScript Utility
The JavaScript Utility decompressor/loader code looks like this:
eval((function(s){var a,c,e,i,j,o=""…
Again, eval
can be replaced.
PSA
PSA by JSIntegration is another packer. It also uses the eval
function which can be replaced by one of the methods described above.
eval(function(E,I,A,D,J,K,L,H)…
A Malware example
I found this code on a Ukrainian site that serves malware through Internet Explorer exploits.
function WKOOOz34(OrPv){… document.write(PWS);}WKOOOz34(unescape('…
Here, <textarea id="code"></textarea>
can be added to the page and the document.write(PWS)
be replaced by document.getElementById("code").value=PWS
.
Summary
There is no way to encrypt JavaScript so compressed JavaScript code can always be uncompressed again.
4 comments
xslt.js version 3.2 released
Posted 2008-08-30 in JavaScript by Johann.
Version 3.2 of xslt.js, my JavaScript library to perform client-side XML transformations, is now available for download.
New Feature
I’ve added the often requested ability to use inline XML and XSLT as arguments in addition to using URIs to this version. Here’s an example.
// If using the regular code new Transformation() .setXml('<?xml version="1.0"?><bla/>') .setXslt('<?xml version="1.0"?><xsl:stylesheet …') .transform('rofl'); // If using the jQuery plugin $('#rofl').xslt('<?xml version="1.0"?><bla/>', '<?xml version="1.0"?><xsl:stylesheet …');
Thanks to a number of optimizations, the size of xslt.js has stayed pretty much the same.
Gotchas
One thing I spent considerable amounts of time on is on the way Gecko (the rendering engine behind Firefox) handles the MIME types in XMLHttpRequest
s. By default, my web server sent XSLT files as text/xsl
, however, Gecko expects them to be delivered as text/xml
(and possibly application/xml
). If the MIME type doesn’t match, Gecko returns a null
XMLResponse
object.
6 comments
How to include a page onclick on the client side
Posted 2007-11-03 in JavaScript by Johann.
Here’s a simple example on how to include another page on the clientside using the inc clientside include plugin:
<div id="bla"></div> <p onclick="$('#bla').inc('blob.txt')">Include stuff</p>
I’m using the onclick
event handler here but you could use javascript:
-URIs like <a href="javascript:">
as well.
Clientside includes have some limitations.
- You can only include resources from the current domain (or sub-domain).
- Mozilla-based browsers seem to only load content with MIME types
text/*
though I have to look this up.
Demo
Click here to include my robots.txt
.
Google Translate bookmarklet: remove Translate links
Posted 2008-02-24 in JavaScript by Johann.
Google Translate is useful to read foreign websites. The only problem I have with the service is that all links are routed through Google Translate. Sometimes, this is not necessary.
I wrote a little bookmarklet that lets you remove the Google Translate link from all of the links on a web page.
Installing this bookmarklet
- Windows users: Right-click on the link below and chose “Bookmark this link.”
- Apple users: Do the same but restrict yourself to just one mouse button.
Google Translate: Remove links
Pages
Page 1 · Page 2 · Page 3 · Page 4 · Page 5 · Next Page »
Subscribe
RSS 2.0, Atom or subscribe by Email.
Top Posts
- DynaCloud - a dynamic JavaScript tag/keyword cloud with jQuery
- 6 fast jQuery Tips: More basic Snippets
- xslt.js version 3.2 released
- xslt.js version 3.0 released XML XSLT now with jQuery plugin
- Forum Scanners - prevent forum abuse
- Automate JavaScript compression with YUI Compressor and /packer/