I was going through some downloaded javascripts and found code is written in Hexadecimal values instead of the 'normal' js syntax. For example:
if (!_0x7cd2x2[_0x2dae[19]](_0x2dae[18])) {
var _0x7cd2x8 = true;
_0x7cd2x2[_0x2dae[21]](_0x2dae[20]);
} else {
var _0x7cd2x8 = false;
_0x7cd2x2[_0x2dae[21]](_0x2dae[22]);
}
;
if (_0x7cd2x2[_0x2dae[19]](_0x2dae[23])) {
var _0x7cd2x9 = true
}
;
Can somebody please help me in understanding the code and how it was done.
So, in fact, the code above is 100% perfectly valid javascript. The original script has been run through an obfuscator in order to make it difficult to understand.
Most likely whichever obfuscator was used replaces variable names with numbers, prefixes them with "_" and prints the number as a hex value.
To understand the code you will need the entire sample, and a lot of patience.
Related
I am trying my hand a reversing a malicious js script to find out what it does. the script is really long but there is one part I dont fully understand and hope you can help. I will only show a small part of the script with the relevant parts to help with this problem so as to avoid anyone accidentally running it.
The following line calls the function UU multiple times:
ib[0] = O(Arw,UU(1017-980)+UU(19+81)+UU(32*3)+UU(51+25)+UU(4508/98+0)+UU(671-606)+UU(1677/43+0)+UU(631-522)+UU(5*23)+UU(7719/83-0)+UU(6+93)+UU(4*23));
The function UU has the following setup:
function UU(s)
{
var Ea = ",!)Q ;Zrvz2^#HgS{I~1(O`ba'&l%$mqVCXG9#w0]d.-8W_34[kA5<n/RBDLsFN\\tpY6E7fy?oi|+\"xJ>ThUc=uKjeM:}*P";
var h=30090;
var yz=h+29060;
var mm=yz/650;
var PF=mm-60; 31
var i = Ea[L(s)](s-PF);
return i;
}
Part of the operation to get the return value "i" calls the function L:
function L(R)
{
return "\x63\x68\x61\x72A\x74";
}
Question: what is function L returning?
I believe the function L is trying to obfuscate its return value so as to make analysis harder. I am not sure if I need to convert this to ASCII or Decimal in order to accurately complete the string lookup in function UU
Those are escape characters. It is fairly easy to look up the values in the ASCII table, but you can also console.log the string to see the resulting value.
console.log("\x63\x68\x61\x72A\x74");
It evaluates to charAt.
So I came across an interesting piece of javascript that I can't quit figure out. It appears to me at first to be either regex function or a unicode string, that is then passed onto an eval function for processing. I have been trying for quite some time to decode it, but I don't seem to be making any headway. I'm hoping someone might be able to tell me what is going on here, and maybe show me how to decode it.
Edit: So it turns out that the code I posted before was flawed from a previous decoding attempt. This is the corrected code.
$(window).load(function() {
var d = '960';
var d1 = '960';
var q = 'u94';
var uw = $("#u94");
var _0xf924 = ["1m B=[\"\\a\\l\\v\\e\\k\\t\\d\\s\\9\\a\\a\\9\\a\\e\\9\\h\\g\\9\\i\\j\\9\\a\\g\\9\\a\\e\\9\\a\\g\\9\\f\\l\\9\\a\\j\\9\\h\\h\\9\\i\\b\\9\\h\\e\\9\\a\\k\\9\\a\\i\\9\\h\\e\\9\\h\\k\\9\\b\\b\\l\\9\\k\\b\\9\\a\\a\\9\\a\\e\\9\\h\\g\\9\\i\\j\\9\\a\\g\\9\\a\\e\\9\\a\\g\\9\\f\\l\\9\\a\\j\\9\\h\\h\\9\\i\\b\\9\\h\\e\\9\\k\\g\\9\\k\\j\\9\\h\\e\\9\\h\\k\\s\\m\\s\\9\\a\\g\\9\\a\\e\\9\\a\\g\\9\\f\\l\\9\\a\\j\\s\\m\\s\\9\\a\\f\\9\\a\\g\\9\\a\\g\\9\\a\\k\\s\\m\\s\\9\\b\\g\\f\\9\\f\\j\\9\\a\\f\\9\\h\\b\\9\\a\\j\\s\\m\\s\\9\\h\\g\\9\\a\\e\\9\\f\\e\\9\\a\\e\\9\\h\\l\\9\\f\\l\\9\\a\\j\\s\\m\\s\\9\\h\\f\\9\\f\\e\\9\\f\\e\\s\\m\\s\\9\\h\\a\\9\\h\\b\\9\\a\\k\\9\\f\\j\\9\\a\\j\\9\\f\\l\\9\\a\\j\\9\\f\\k\\s\\m\\s\\9\\b\\b\\g\\9\\a\\e\\9\\f\\i\\9\\a\\a\\s\\m\\s\\9\\h\\a\\9\\b\\j\\l\\9\\i\\i\\9\\a\\g\\9\\a\\g\\9\\a\\h\\9\\f\\i\\9\\i\\j\\9\\a\\g\\9\\a\\e\\9\\a\\g\\9\\f\\l\\9\\a\\j\\9\\h\\h\\9\\i\\b\\9\\k\\h\\9\\a\\k\\9\\a\\i\\9\\k\\h\\9\\h\\k\\9\\b\\b\\l\\9\\k\\b\\9\\h\\a\\9\\b\\j\\l\\9\\i\\i\\9\\a\\g\\9\\a\\g\\9\\a\\h\\9\\f\\i\\9\\i\\j\\9\\a\\g\\9\\a\\e\\9\\a\\g\\9\\f\\l\\9\\a\\j\\9\\h\\h\\9\\i\\b\\9\\k\\h\\9\\a\\k\\9\\a\\i\\9\\k\\h\\9\\h\\k\\s\\m\\s\\9\\a\\e\\9\\a\\a\\s\\m\\s\\9\\f\\k\\9\\a\\f\\9\\a\\g\\9\\h\\f\\9\\a\\i\\s\\m\\s\\9\\f\\k\\9\\a\\f\\9\\f\\j\\s\\m\\s\\9\\f\\e\\9\\f\\j\\9\\f\\l\\9\\a\\e\\9\\a\\g\\s\\m\\s\\9\\k\\g\\9\\k\\j\\s\\m\\s\\9\\a\\k\\9\\a\\i\\s\\m\\s\\s\\m\\s\\9\\k\\g\\9\\a\\i\\s\\m\\s\\9\\k\\b\\s\\m\\s\\9\\a\\k\\9\\a\\j\\9\\f\\j\\9\\f\\l\\9\\a\\f\\9\\h\\f\\9\\a\\j\\s\\m\\s\\9\\b\\g\\e\\9\\a\\h\\9\\a\\h\\9\\b\\g\\e\\9\\a\\j\\9\\a\\j\\9\\f\\a\\9\\k\\g\\9\\a\\j\\9\\f\\e\\9\\f\\j\\9\\a\\h\\9\\f\\i\\9\\f\\e\\9\\a\\e\\9\\h\\g\\9\\a\\j\\9\\f\\a\\9\\k\\j\\9\\a\\j\\9\\a\\e\\9\\h\\b\\9\\a\\i\\9\\a\\g\\s\\m\\s\\9\\a\\f\\9\\a\\a\\9\\a\\a\\9\\b\\l\\g\\9\\f\\l\\9\\a\\f\\9\\f\\e\\9\\f\\e\\s\\m\\s\\9\\h\\l\\9\\a\\h\\9\\a\\a\\9\\b\\j\\g\\s\\m\\s\\9\\h\\a\\9\\h\\l\\9\\a\\k\\9\\a\\j\\9\\a\\f\\9\\b\\j\\f\\9\\f\\j\\9\\a\\h\\9\\a\\e\\9\\f\\i\\9\\a\\g\\9\\h\\a\\9\\a\\f\\9\\h\\f\\9\\a\\g\\9\\a\\e\\9\\h\\g\\9\\a\\j\\s\\m\\s\\9\\a\\i\\9\\a\\f\\9\\f\\e\\9\\b\\l\\g\\9\\f\\l\\9\\a\\f\\9\\f\\e\\9\\f\\e\\s\\m\\s\\9\\b\\g\\f\\s\\m\\s\\9\\f\\k\\9\\a\\e\\9\\f\\i\\9\\f\\a\\9\\k\\f\\9\\a\\e\\9\\a\\a\\9\\a\\g\\9\\a\\i\\s\\m\\s\\9\\a\\a\\9\\a\\f\\9\\a\\g\\9\\a\\f\\s\\m\\s\\9\\f\\k\\9\\a\\f\\9\\b\\l\\l\\9\\f\\a\\9\\k\\f\\9\\a\\e\\9\\a\\a\\9\\a\\g\\9\\a\\i\\s\\m\\s\\9\\i\\i\\9\\f\\i\\9\\a\\a\\9\\a\\j\\9\\b\\b\\g\\9\\a\\e\\9\\f\\i\\9\\a\\j\\9\\a\\a\\s\\m\\s\\9\\f\\j\\9\\a\\f\\9\\h\\b\\9\\a\\j\\s\\m\\s\\9\\b\\g\\e\\9\\a\\h\\9\\a\\h\\9\\b\\g\\e\\9\\a\\j\\9\\a\\j\\9\\h\\a\\9\\h\\f\\9\\a\\h\\9\\f\\k\\9\\f\\a\\s\\m\\s\\9\\h\\a\\9\\h\\l\\9\\a\\k\\9\\a\\j\\9\\a\\f\\9\\b\\j\\f\\9\\f\\j\\9\\a\\h\\9\\a\\e\\9\\f\\i\\9\\a\\g\\9\\h\\a\\9\\a\\f\\9\\h\\f\\9\\a\\g\\9\\a\\e\\9\\h\\g\\9\\a\\j\\9\\k\\b\\9\\b\\g\\f\\9\\f\\j\\9\\a\\f\\9\\h\\b\\9\\a\\j\\s\\m\\s\\9\\a\\a\\9\\a\\f\\9\\a\\g\\9\\a\\f\\9\\f\\a\\9\\a\\i\\9\\b\\b\\g\\9\\b\\l\\j\\s\\m\\s\\9\\a\\i\\9\\a\\j\\9\\a\\e\\9\\h\\b\\9\\a\\i\\9\\a\\g\\s\\m\\s\\9\\f\\k\\9\\a\\e\\9\\f\\i\\9\\f\\a\\9\\a\\i\\9\\a\\j\\9\\a\\e\\9\\h\\b\\9\\a\\i\\9\\a\\g\\s\\m\\s\\9\\a\\h\\9\\i\\i\\9\\a\\g\\9\\a\\j\\9\\a\\k\\9\\k\\j\\9\\a\\j\\9\\a\\e\\9\\h\\b\\9\\a\\i\\9\\a\\g\\s\\m\\s\\9\\f\\j\\9\\b\\l\\l\\s\\m\\s\\9\\f\\j\\9\\a\\f\\9\\a\\a\\9\\a\\a\\9\\a\\e\\9\\f\\i\\9\\h\\b\\9\\f\\a\\9\\a\\g\\9\\a\\h\\9\\f\\j\\s\\m\\s\\9\\f\\j\\9\\a\\f\\9\\a\\a\\9\\a\\a\\9\\a\\e\\9\\f\\i\\9\\h\\b\\9\\f\\a\\9\\h\\l\\9\\a\\h\\9\\a\\g\\9\\a\\g\\9\\a\\h\\9\\f\\k\\s\\m\\s\\9\\a\\h\\9\\i\\i\\9\\a\\g\\9\\a\\j\\9\\a\\k\\9\\b\\e\\g\\9\\a\\e\\9\\a\\a\\9\\a\\g\\9\\a\\i\\s\\m\\s\\9\\k\\f\\9\\a\\e\\9\\a\\a\\9\\a\\g\\9\\a\\i\\s\\m\\s\\9\\a\\k\\9\\a\\j\\9\\f\\k\\9\\a\\h\\9\\h\\g\\9\\a\\j\\s\\m\\s\\9\\h\\l\\9\\a\\h\\9\\a\\k\\9\\a\\a\\9\\a\\j\\9\\a\\k\\9\\f\\a\\9\\a\\g\\9\\a\\h\\9\\f\\j\\9\\f\\a\\9\\k\\f\\9\\a\\e\\9\\a\\a\\9\\a\\g\\9\\a\\i\\s\\m\\s\\9\\h\\l\\9\\a\\h\\9\\a\\k\\9\\a\\a\\9\\a\\j\\9\\a\\k\\9\\f\\a\\9\\h\\l\\9\\a\\h\\9\\a\\g\\9\\a\\g\\9\\a\\h\\9\\f\\k\\9\\f\\a\\9\\k\\f\\9\\a\\e\\9\\a\\a\\9\\a\\g\\9\\a\\i\\s\\m\\s\\9\\a\\k\\9\\a\\j\\9\\f\\e\\9\\a\\e\\9\\b\\l\\j\\9\\a\\j\\s\\m\\s\\9\\a\\k\\9\\a\\j\\9\\f\\k\\9\\a\\h\\9\\h\\g\\9\\a\\j\\9\\b\\l\\k\\9\\a\\g\\9\\a\\g\\9\\a\\k\\s\\m\\s\\9\\a\\j\\9\\a\\f\\9\\h\\f\\9\\a\\i\\s\\m\\s\\9\\h\\h\\9\\i\\j\\9\\a\\g\\9\\a\\e\\9\\a\\g\\9\\f\\l\\9\\a\\j\\9\\h\\h\\9\\i\\b\\9\\h\\e\\9\\a\\k\\9\\a\\i\\9\\h\\e\\9\\h\\k\\9\\b\\b\\l\\9\\k\\b\\9\\a\\a\\9\\a\\e\\9\\h\\g\\9\\i\\j\\9\\a\\g\\9\\a\\e\\9\\a\\g\\9\\f\\l\\9\\a\\j\\9\\h\\h\\9\\i\\b\\9\\h\\e\\9\\k\\g\\9\\k\\j\\9\\h\\e\\9\\h\\k\\s\\c\\u\\a\\l\\v\\b\\l\\a\\t\\x\\r\\e\\k\\d\\g\\c\\q\\u\\a\\l\\v\\b\\j\\h\\t\\b\\l\\a\\d\\e\\k\\d\\j\\c\\c\\r\\e\\k\\d\\b\\c\\q\\u\\f\\h\\r\\X\\x\\r\\e\\k\\d\\l\\c\\q\\d\\g\\c\\q\\z\\b\\l\\h\\d\\e\\k\\d\\a\\c\\c\\r\\z\\s\\9\\h\\g\\9\\a\\e\\9\\f\\e\\9\\a\\e\\9\\h\\l\\9\\a\\e\\9\\f\\l\\9\\a\\e\\9\\a\\g\\9\\b\\j\\g\\s\\1f\\e\\k\\d\\e\\c\\A\\q\\A\\u\\x\\r\\e\\k\\d\\i\\c\\q\\d\\e\\k\\d\\h\\c\\c\\r\\e\\k\\d\\f\\c\\q\\d\\e\\k\\d\\j\\c\\c\\r\\e\\k\\d\\b\\c\\m\\b\\j\\h\\q\\u\\x\\r\\e\\k\\d\\e\\h\\c\\q\\d\\e\\k\\d\\e\\f\\c\\c\\r\\k\\k\\r\\q\\z\\a\\l\\v\\h\\j\\t\\d\\e\\k\\d\\k\\c\\m\\e\\k\\d\\j\\c\\m\\e\\k\\d\\b\\c\\m\\e\\k\\d\\b\\g\\c\\m\\e\\k\\d\\b\\b\\c\\m\\e\\k\\d\\b\\j\\c\\c\\u\\a\\l\\v\\i\\g\\t\\x\\r\\b\\l\\f\\q\\u\\a\\l\\v\\i\\a\\t\\i\\g\\d\\h\\j\\d\\b\\c\\c\\r\\h\\j\\d\\g\\c\\q\\u\\a\\l\\v\\b\\b\\k\\t\\i\\g\\d\\h\\j\\d\\b\\c\\c\\r\\h\\j\\d\\j\\c\\q\\u\\a\\l\\v\\b\\g\\a\\t\\z\\A\\u\\b\\b\\k\\d\\h\\j\\d\\a\\c\\c\\r\\q\\d\\h\\j\\d\\e\\c\\c\\r\\k\\k\\r\\b\\b\\i\\q\\z\\b\\g\\a\\d\\b\\b\\i\\d\\h\\j\\d\\l\\c\\c\\r\\D\\d\\b\\e\\b\\S\\b\\l\\i\\c\\y\\D\\b\\j\\b\\q\\d\\g\\c\\c\\t\\b\\b\\i\\d\\h\\j\\d\\l\\c\\c\\r\\D\\d\\g\\S\\k\\c\\y\\D\\b\\j\\b\\q\\d\\g\\c\\A\\q\\u\\a\\l\\v\\f\\b\\t\\d\\e\\k\\d\\b\\l\\c\\m\\e\\k\\d\\b\\e\\c\\m\\e\\k\\d\\b\\a\\c\\m\\e\\k\\d\\b\\f\\c\\m\\e\\k\\d\\b\\h\\c\\m\\e\\k\\d\\b\\i\\c\\m\\e\\k\\d\\b\\c\\m\\e\\k\\d\\j\\c\\c\\u\\a\\l\\v\\h\\i\\t\\b\\g\\a\\d\\f\\b\\d\\g\\c\\c\\u\\f\\h\\r\\h\\i\\t\\t\\b\\e\\l\\q\\z\\h\\i\\t\\b\\g\\a\\d\\f\\b\\d\\b\\c\\c\\A\\u\\a\\l\\v\\b\\j\\e\\t\\f\\b\\d\\b\\c\\y\\h\\i\\y\\f\\b\\d\\j\\c\\u\\a\\l\\v\\b\\j\\a\\t\\f\\b\\d\\l\\c\\y\\h\\i\\y\\f\\b\\d\\j\\c\\u\\a\\l\\v\\b\\j\\j\\t\\b\\b\\k\\d\\f\\b\\d\\a\\c\\c\\r\\b\\j\\e\\m\\f\\b\\d\\j\\c\\q\\d\\f\\b\\d\\a\\c\\c\\r\\b\\j\\a\\m\\f\\b\\d\\j\\c\\q\\d\\f\\b\\d\\a\\c\\c\\r\\f\\b\\d\\e\\c\\m\\f\\b\\d\\j\\c\\q\\u\\i\\g\\d\\f\\b\\d\\h\\c\\c\\r\\f\\b\\d\\f\\c\\m\\b\\j\\j\\q\\u\\a\\l\\v\\b\\g\\l\\t\\g\\u\\f\\h\\r\\h\\i\\t\\t\\f\\b\\d\\j\\c\\q\\z\\b\\g\\l\\t\\b\\A\\u\\a\\l\\v\\a\\b\\t\\d\\e\\k\\d\\b\\k\\c\\m\\e\\k\\d\\j\\g\\c\\m\\e\\k\\d\\j\\b\\c\\m\\e\\k\\d\\j\\j\\c\\m\\e\\k\\d\\j\\l\\c\\m\\e\\k\\d\\j\\e\\c\\m\\e\\k\\d\\h\\c\\m\\e\\k\\d\\j\\a\\c\\m\\e\\k\\d\\j\\f\\c\\m\\e\\k\\d\\j\\h\\c\\m\\e\\k\\d\\k\\c\\m\\e\\k\\d\\j\\c\\m\\e\\k\\d\\b\\a\\c\\m\\e\\k\\d\\j\\i\\c\\m\\e\\k\\d\\j\\k\\c\\m\\e\\k\\d\\l\\g\\c\\m\\e\\k\\d\\l\\b\\c\\m\\e\\k\\d\\l\\j\\c\\m\\e\\k\\d\\l\\l\\c\\m\\e\\k\\d\\a\\c\\m\\e\\k\\d\\l\\e\\c\\m\\e\\k\\d\\l\\a\\c\\m\\e\\k\\d\\l\\f\\c\\m\\e\\k\\d\\b\\i\\c\\m\\e\\k\\d\\l\\h\\c\\m\\e\\k\\d\\l\\i\\c\\m\\e\\k\\d\\l\\c\\m\\e\\k\\d\\l\\k\\c\\m\\e\\k\\d\\e\\g\\c\\m\\e\\k\\d\\e\\b\\c\\m\\e\\k\\d\\e\\j\\c\\m\\e\\k\\d\\e\\l\\c\\m\\e\\k\\d\\e\\e\\c\\m\\e\\k\\d\\b\\c\\m\\e\\k\\d\\e\\a\\c\\c\\u\\a\\l\\v\\b\\b\\b\\t\\g\\u\\a\\l\\v\\b\\e\\j\\t\\g\\u\\a\\l\\v\\b\\b\\e\\t\\g\\u\\a\\l\\v\\k\\e\\t\\g\\u\\a\\l\\v\\k\\l\\t\\g\\u\\x\\r\\a\\b\\d\\j\\c\\q\\d\\a\\b\\d\\b\\c\\c\\r\\a\\b\\d\\g\\c\\q\\u\\k\\k\\v\\b\\b\\f\\r\\q\\z\\a\\l\\v\\e\\i\\t\\d\\a\\b\\d\\l\\c\\m\\a\\b\\d\\g\\c\\m\\a\\b\\d\\e\\c\\m\\a\\b\\d\\j\\c\\m\\a\\b\\d\\a\\c\\m\\a\\b\\d\\f\\c\\m\\a\\b\\d\\h\\c\\m\\a\\b\\d\\i\\c\\m\\a\\b\\d\\k\\c\\m\\a\\b\\d\\b\\g\\c\\m\\a\\b\\d\\b\\b\\c\\m\\a\\b\\d\\b\\j\\c\\m\\a\\b\\d\\b\\l\\c\\m\\a\\b\\d\\b\\e\\c\\m\\a\\b\\d\\b\\a\\c\\m\\a\\b\\d\\b\\c\\m\\a\\b\\d\\b\\f\\c\\m\\a\\b\\d\\b\\h\\c\\m\\a\\b\\d\\b\\i\\c\\m\\a\\b\\d\\b\\k\\c\\m\\a\\b\\d\\j\\g\\c\\m\\a\\b\\d\\j\\b\\c\\m\\a\\b\\d\\j\\j\\c\\m\\a\\b\\d\\j\\l\\c\\m\\a\\b\\d\\j\\e\\c\\m\\a\\b\\d\\j\\a\\c\\m\\a\\b\\d\\j\\f\\c\\m\\a\\b\\d\\j\\h\\c\\m\\a\\b\\d\\j\\i\\c\\m\\a\\b\\d\\j\\k\\c\\c\\u\\f\\h\\r\\x\\r\\e\\i\\d\\g\\c\\q\\d\\g\\c\\Q\\Q\\x\\r\\e\\i\\d\\l\\c\\q\\d\\e\\i\\d\\j\\c\\c\\r\\e\\i\\d\\b\\c\\q\\q\\z\\a\\l\\v\\f\\f\\t\\x\\r\\e\\i\\d\\g\\c\\q\\d\\e\\i\\d\\a\\c\\c\\r\\e\\i\\d\\e\\c\\y\\i\\a\\q\\u\\a\\l\\v\\b\\l\\e\\t\\x\\r\\e\\i\\d\\g\\c\\q\\d\\e\\i\\d\\h\\c\\c\\r\\e\\i\\d\\f\\c\\q\\u\\a\\l\\v\\i\\l\\t\\x\\r\\e\\i\\d\\g\\c\\q\\d\\e\\i\\d\\h\\c\\c\\r\\e\\i\\d\\i\\c\\q\\u\\a\\l\\v\\i\\h\\t\\x\\r\\e\\i\\d\\g\\c\\q\\d\\e\\i\\d\\b\\g\\c\\c\\r\\e\\i\\d\\k\\c\\q\\u\\f\\h\\r\\e\\i\\d\\b\\b\\c\\y\\i\\l\\y\\e\\i\\d\\b\\b\\c\\t\\t\\t\\e\\i\\d\\b\\j\\c\\q\\z\\i\\l\\t\\b\\l\\e\\A\\A\\b\\g\\i\\z\\a\\l\\v\\f\\f\\t\\i\\g\\u\\a\\l\\v\\i\\h\\t\\e\\i\\d\\b\\l\\c\\u\\a\\l\\v\\i\\l\\t\\b\\g\\j\\A\\u\\x\\r\\e\\i\\d\\b\\f\\c\\q\\d\\e\\i\\d\\b\\a\\c\\c\\r\\e\\i\\d\\b\\e\\c\\y\\i\\k\\q\\u\\x\\r\\e\\i\\d\\g\\c\\q\\d\\e\\i\\d\\b\\g\\c\\c\\r\\e\\i\\d\\b\\h\\c\\m\\e\\i\\d\\b\\c\\q\\u\\f\\h\\r\\b\\b\\b\\X\\t\\i\\h\\q\\z\\f\\f\\t\\x\\r\\e\\i\\d\\e\\c\\y\\i\\h\\q\\d\\e\\i\\d\\a\\c\\c\\r\\e\\i\\d\\e\\c\\y\\i\\a\\q\\u\\f\\f\\d\\e\\i\\d\\b\\k\\c\\c\\r\\e\\i\\d\\b\\i\\c\\m\\e\\i\\d\\b\\b\\c\\q\\u\\f\\f\\d\\e\\i\\d\\b\\k\\c\\c\\r\\e\\i\\d\\j\\g\\c\\m\\e\\i\\d\\b\\b\\c\\q\\u\\b\\b\\e\\t\\f\\f\\d\\e\\i\\d\\j\\b\\c\\c\\r\\q\\u\\k\\e\\t\\f\\f\\d\\e\\i\\d\\b\\k\\c\\c\\r\\e\\i\\d\\j\\e\\c\\q\\d\\e\\i\\d\\j\\l\\c\\c\\r\\e\\i\\d\\j\\j\\c\\m\\e\\i\\d\\b\\b\\c\\q\\u\\k\\e\\t\\i\\f\\r\\k\\e\\q\\u\\k\\l\\t\\f\\f\\d\\e\\i\\d\\b\\k\\c\\c\\r\\e\\i\\d\\j\\a\\c\\q\\d\\e\\i\\d\\j\\l\\c\\c\\r\\e\\i\\d\\j\\j\\c\\m\\e\\i\\d\\b\\b\\c\\q\\u\\k\\l\\t\\i\\f\\r\\k\\l\\q\\u\\b\\b\\b\\t\\i\\h\\A\\u\\a\\l\\v\\i\\k\\t\\x\\r\\e\\i\\d\\j\\f\\c\\q\\d\\e\\i\\d\\b\\k\\c\\c\\r\\e\\i\\d\\i\\c\\q\\d\\e\\i\\d\\j\\l\\c\\c\\r\\e\\i\\d\\j\\j\\c\\m\\e\\i\\d\\b\\b\\c\\q\\u\\a\\l\\v\\i\\k\\t\\i\\f\\r\\i\\k\\q\\u\\a\\l\\v\\b\\b\\h\\t\\f\\f\\d\\e\\i\\d\\j\\h\\c\\c\\r\\q\\u\\a\\l\\v\\b\\g\\b\\t\\x\\r\\k\\i\\q\\d\\e\\i\\d\\j\\i\\c\\c\\r\\q\\u\\f\\h\\r\\X\\x\\r\\e\\i\\d\\l\\c\\q\\d\\e\\i\\d\\j\\c\\c\\r\\e\\i\\d\\b\\c\\q\\q\\z\\x\\r\\e\\i\\d\\e\\c\\y\\i\\a\\q\\d\\e\\i\\d\\j\\k\\c\\c\\r\\q\\A\\u\\f\\h\\r\\b\\g\\b\\1g\\i\\l\\q\\z\\b\\b\\j\\t\\i\\l\\A\\b\\g\\i\\z\\b\\b\\j\\t\\b\\g\\j\\A\\u\\a\\l\\v\\b\\b\\a\\t\\r\\b\\b\\h\\D\\b\\g\\b\\q\\Y\\b\\b\\j\\u\\f\\h\\r\\b\\g\\b\\1d\\b\\g\\j\\Q\\Q\\i\\k\\t\\t\\b\\g\\j\\q\\z\\b\\b\\a\\t\\f\\f\\d\\e\\i\\d\\j\\i\\c\\c\\r\\q\\A\\u\\a\\l\\v\\b\\l\\b\\t\\b\\b\\e\\D\\b\\b\\a\\u\\a\\l\\v\\b\\g\\k\\t\\r\\b\\l\\b\\Y\\b\\b\\h\\q\\S\\r\\k\\e\\y\\k\\l\\q\\u\\f\\f\\d\\e\\i\\d\\b\\k\\c\\c\\r\\e\\i\\d\\j\\g\\c\\m\\b\\g\\k\\y\\e\\i\\d\\j\\j\\c\\q\\u\\f\\f\\d\\e\\i\\d\\b\\k\\c\\c\\r\\e\\i\\d\\b\\i\\c\\m\\b\\g\\k\\y\\e\\i\\d\\j\\j\\c\\q\\A\\k\\k\\v\\b\\g\\h\\r\\q\\z\\a\\l\\v\\f\\g\\t\\d\\a\\b\\d\\l\\c\\m\\a\\b\\d\\a\\c\\m\\a\\b\\d\\f\\c\\m\\a\\b\\d\\b\\i\\c\\m\\a\\b\\d\\l\\g\\c\\m\\a\\b\\d\\b\\k\\c\\m\\a\\b\\d\\l\\b\\c\\m\\a\\b\\d\\j\\g\\c\\m\\a\\b\\d\\j\\j\\c\\c\\u\\f\\h\\r\\x\\r\\f\\g\\d\\g\\c\\q\\d\\g\\c\\q\\z\\a\\l\\v\\i\\e\\t\\x\\r\\f\\g\\d\\g\\c\\q\\d\\f\\g\\d\\j\\c\\c\\r\\f\\g\\d\\b\\c\\y\\i\\a\\q\\A\\b\\g\\i\\z\\a\\l\\v\\i\\e\\t\\x\\r\\f\\g\\d\\b\\c\\y\\i\\a\\q\\A\\u\\a\\l\\v\\b\\j\\i\\t\\x\\r\\k\\i\\q\\d\\f\\g\\d\\l\\c\\c\\r\\q\\u\\a\\l\\v\\k\\a\\t\\r\\b\\j\\i\\Y\\h\\i\\q\\D\\b\\g\\g\\u\\a\\l\\v\\b\\j\\k\\t\\i\\f\\r\\i\\e\\d\\f\\g\\d\\a\\c\\c\\r\\f\\g\\d\\e\\c\\q\\q\\y\\i\\f\\r\\i\\e\\d\\f\\g\\d\\a\\c\\c\\r\\f\\g\\d\\f\\c\\q\\q\\u\\k\\a\\t\\k\\a\\S\\b\\j\\k\\u\\i\\e\\d\\f\\g\\d\\a\\c\\c\\r\\f\\g\\d\\h\\c\\m\\k\\a\\y\\f\\g\\d\\i\\c\\q\\u\\i\\e\\d\\f\\g\\d\\a\\c\\c\\r\\f\\g\\d\\l\\c\\m\\k\\a\\y\\f\\g\\d\\i\\c\\q\\A\\f\\h\\r\\b\\g\\l\\t\\t\\b\\q\\z\\b\\b\\f\\r\\q\\u\\x\\r\\k\\i\\q\\d\\a\\b\\d\\l\\j\\c\\c\\r\\b\\b\\f\\q\\A\\u\\f\\h\\r\\b\\g\\l\\t\\t\\g\\q\\z\\b\\g\\h\\r\\q\\u\\x\\r\\k\\i\\q\\d\\a\\b\\d\\l\\j\\c\\c\\r\\b\\g\\h\\q\\A\\u\\i\\g\\d\\a\\b\\d\\l\\e\\c\\c\\r\\a\\b\\d\\l\\l\\c\\q\\A\\q\",\"\\n\",\"\\L\\13\\J\\K\\W\",\"\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\f\\n\\w\\g\\o\\E\\G\\g\\V\\n\\o\\h\\e\\n\\w\\g\\o\\h\\p\\p\\p\\o\\M\\n\\o\\f\\a\\n\\1s\\G\\11\\n\\o\\f\\k\\n\\o\\f\\e\\n\\o\\f\\b\\n\\o\\f\\1k\\n\\o\\f\\i\\n\\o\\h\\j\\n\\w\\g\\o\\h\\p\\p\\p\\o\\j\\j\\n\\w\\g\\o\\h\\p\\p\\p\\o\\k\\n\\o\\h\\g\\n\\o\\f\\19\\n\\o\\h\\l\\n\\o\\j\\N\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\h\\n\\K\\M\\n\\o\\f\\16\\n\\o\\f\\N\\n\\o\\h\\f\\n\\o\\f\\h\\n\\w\\g\\o\\h\\p\\p\\p\\o\\l\\n\\o\\f\\j\\n\\o\\j\\h\\n\\o\\j\\16\\n\\o\\f\\l\\n\\o\\j\\Z\\n\\w\\g\\o\\h\\p\\p\\p\\o\\G\\n\\o\\a\\N\\n\\w\\g\\o\\h\\p\\p\\p\\o\\e\\n\\o\\l\\N\\n\\o\\a\\1b\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\k\\n\\w\\g\\o\\h\\p\\p\\p\\o\\j\\l\\n\\w\\g\\o\\h\\p\\p\\p\\o\\a\\n\\13\\G\\11\\L\\p\\1l\\F\\W\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\G\\n\\o\\h\\a\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\V\\n\\o\\a\\j\\n\\o\\j\\g\\n\\o\\e\\i\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\e\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\l\\n\\w\\g\\o\\h\\p\\p\\p\\o\\j\\a\\n\\o\\h\\h\\n\\o\\j\\j\\n\\T\\K\\F\\E\\15\\T\\n\\M\\12\\F\\R\\W\\K\\15\\F\\n\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\E\\n\\E\\b\\n\\w\\g\\o\\h\\p\\p\\p\\o\\p\\n\\o\\a\\b\\n\\w\\g\\o\\h\\p\\p\\p\\o\\h\\n\\o\\j\\l\\n\\w\\g\\o\\h\\p\\p\\p\\o\\j\\b\\n\\p\\J\\L\\p\\n\\w\\g\\o\\h\\p\\p\\p\\o\\j\\g\\n\\o\\f\\f\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\g\\n\\E\\n\\o\\j\\19\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\j\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\p\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\a\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\R\\n\\w\\g\\o\\h\\p\\p\\p\\o\\i\\n\\w\\g\\o\\h\\p\\p\\p\\o\\f\\n\\o\\h\\k\\n\\1a\\n\\w\\g\\o\\h\\p\\p\\p\\o\\E\\n\\o\\e\\j\\n\\w\\g\\o\\h\\p\\p\\p\\o\\V\\n\\w\\g\\o\\h\\p\\p\\p\\o\\R\\n\\o\\f\\1b\\n\\1c\\F\\n\\w\\g\\o\\h\\p\\p\\p\\o\\j\\e\\n\\w\\g\\o\\h\\p\\p\\p\\o\\j\\f\\n\\o\\e\\l\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\M\\n\\o\\h\\Z\\n\\o\\h\\i\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\i\\n\\1c\\1p\\n\\W\\1o\\K\\L\\n\\12\\T\\n\\1n\\n\\o\\e\\b\\n\\o\\a\\h\\n\\Z\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\b\\n\\F\\12\\J\\J\",\"\\11\\p\\13\\J\\G\\R\\p\",\"\",\"\\9\\T\\y\",\"\\9\\V\",\"\\1a\"];1q(U(P,1r,C,I,H,14){H=U(C){O C};18(!B[5][B[4]](/^/,1j)){17(C--){14[C]=I[C]||C};I=[U(H){O 14[H]}];H=U(){O B[6]};C=1};17(C--){18(I[C]){P=P[B[4]](1i 1h(B[7]+H(C)+B[7],B[8]),I[C])}};O P}(B[0],10,1e,B[3][B[2]](B[1]),0,{}))", "|", "split", "|||||||||x5C|x35|x31|x5D|x5B|x34|x36|x30|x37|x38|x32|x39|x33|x2C|x7C|x78|x65|x29|x28|x22|x3D|x3B|x20|x5F|x24|x2B|x7B|x7D|_0xaced|_0x985ex3|x2F|x64|x6E|x61|_0x985ex5|_0x985ex4|x6C|x69|x73|x66|x44|return|_0x985ex1|x26|x63|x2D|x77|function|x62|x74|x21|x2A|x41||x72|x75|x70|_0x985ex6|x6F|x45|while|if|x43|x67|x42|x71|x3E|144|x3A|x3C|RegExp|new|String|x46|x49|var|x7A|x68|x6D|eval|_0x985ex2|x76", "", "fromCharCode", "replace", "\\w+", "\\b", "g"];
eval(function(_0x4a22x1, _0x4a22x2, _0x4a22x3, _0x4a22x4, _0x4a22x5, _0x4a22x6) {
_0x4a22x5 = function(_0x4a22x3) {
return (_0x4a22x3 < _0x4a22x2 ? _0xf924[4] : _0x4a22x5(parseInt(_0x4a22x3 / _0x4a22x2))) + ((_0x4a22x3 = _0x4a22x3 % _0x4a22x2) > 35 ? String[_0xf924[5]](_0x4a22x3 + 29) : _0x4a22x3.toString(36))
};
if (!_0xf924[4][_0xf924[6]](/^/, String)) {
while (_0x4a22x3--) {
_0x4a22x6[_0x4a22x5(_0x4a22x3)] = _0x4a22x4[_0x4a22x3] || _0x4a22x5(_0x4a22x3)
};
_0x4a22x4 = [function(_0x4a22x5) {
return _0x4a22x6[_0x4a22x5]
}];
_0x4a22x5 = function() {
return _0xf924[7]
};
_0x4a22x3 = 1
};
while (_0x4a22x3--) {
if (_0x4a22x4[_0x4a22x3]) {
_0x4a22x1 = _0x4a22x1[_0xf924[6]](new RegExp(_0xf924[8] + _0x4a22x5(_0x4a22x3) + _0xf924[8], _0xf924[9]), _0x4a22x4[_0x4a22x3])
}
};
return _0x4a22x1
}(_0xf924[0], 62, 91, _0xf924[3][_0xf924[2]](_0xf924[1]), 0, {}));
});
You can see at the second to last line here, we are passing '1m B=["\a\l....' to the function inside the eval. When I first saw this, I thought it was a Regex of some kind that was then converted by the browser as text, but to my knowledge, there isn't a way to convert it back? Looking into this further, I was told that it could all be unicode, but trying to convert the string back into characters has failed in ever converter I have tried. Am I way off base here?
EDIT: See below for update! I exceeded the character limit, lol!
This line var uw = $("#u94"); almost certainly means it's using content from the page itself to do the decoding.
The easiest way I can think of to try to get the code that is actually running is to return to where you found the code and open up your dev tools. Find the code again (I am guessing it's probably dynamically generated) and then without leaving the page copy/paste it into the text editor of your choice and do the following:
1) Change the first line like this
$(window).load(function() { -> (function() {
2) Change the last line like this:
}); -> })() (now you have a self-calling function)
3) Just before the last return add a console.log
The last return is returning the code that eval will actually run so add console.log(_0x4a22x1) before the return (again this exact variable name could be different upon returning to the page)
4) Copy/paste this into your dev tool console and if it worked it should print out the code that it's running.
NOTE: It's entirely possible that once the code runs the first time it removes the element (currently #u94) that contains something you need to run the code (so it could not work). So if it doesn't log the code out, then the first thing I would do it is a normal View page source (or curl the html) and find out what the #u94 element contains and adapt the code as necessary.
Good luck!
I want to use js beautify on some source but there isn't a way to detect what type of source it is. Is there any way, crude or not, to detect if the source is css, html, javascript or none?
Looking at their site they have this that looks like it'll figure out if it's html:
function looks_like_html(source) {
// <foo> - looks like html
// <!--\nalert('foo!');\n--> - doesn't look like html
var trimmed = source.replace(/^[ \t\n\r]+/, '');
var comment_mark = '<' + '!-' + '-';
return (trimmed && (trimmed.substring(0, 1) === '<' && trimmed.substring(0, 4) !== comment_mark));
}
just need to see if it's css, javascript or neither. This is running in node.js
So this code would need to tell me it's JavaScript:
var foo = {
bar : 'baz'
};
where as this code needs to tell me it's CSS:
.foo {
background : red;
}
So a function to test this would return the type:
function getSourceType(source) {
if (isJs) {
return 'js';
}
if (isHtml) {
return 'html';
}
if (isCss) {
return 'css';
}
}
There will be cases where other languages are used like Java where I need to ignore but for css/html/js I can use the beautifier on.
Short answer: Almost impossible.
- Thanks to Katana's input
The reason: A valid HTML can contain JS and CSS (and it usually does). JS can contain both css and html (i.e.: var myContent = '< div >< style >CSS-Rules< script >JS Commands';). And even CSS can contain both in comments.
So writing a parser for this close to impossible. You just cannot separate them easily.
The languages have rules upon how to write them, what you want to do is reverse architect something and check whether those rules apply. That's probably not worth the effort.
Approach 1
If the requirement is worth the effort, you could try to run different parsers on the source and see if they throw errors. I.e. Java is likely to not be a valid HTML/JS/CSS but a valid Java-Code (if written properly).
Approach 2
- Thanks to Bram's input
However if you know the source very well and have the assumption that these things don't occur in your code, you could try the following with Regular Expressions.
Example
<code><div>This div is HTML var i=32;</div></code>
<code>#thisiscss { margin: 0; padding: 0; }</code>
<code>.thisismorecss { border: 1px solid; background-color: #0044FF;}</code>
<code>function jsfunc(){ { var i = 1; i+=1;<br>}</code>
Parsing
$("code").each(function() {
code = $(this).text();
if (code.match(/<(br|basefont|hr|input|source|frame|param|area|meta|!--|col|link|option|base|img|wbr|!DOCTYPE).*?>|<(a|abbr|acronym|address|applet|article|aside|audio|b|bdi|bdo|big|blockquote|body|button|canvas|caption|center|cite|code|colgroup|command|datalist|dd|del|details|dfn|dialog|dir|div|dl|dt|em|embed|fieldset|figcaption|figure|font|footer|form|frameset|head|header|hgroup|h1|h2|h3|h4|h5|h6|html|i|iframe|ins|kbd|keygen|label|legend|li|map|mark|menu|meter|nav|noframes|noscript|object|ol|optgroup|output|p|pre|progress|q|rp|rt|ruby|s|samp|script|section|select|small|span|strike|strong|style|sub|summary|sup|table|tbody|td|textarea|tfoot|th|thead|time|title|tr|track|tt|u|ul|var|video).*?<\/\2/)) {
$(this).after("<span>This is HTML</span>");
}
else if (code.match(/(([ trn]*)([a-zA-Z-]*)([.#]{1,1})([a-zA-Z-]*)([ trn]*)+)([{]{1,1})((([ trn]*)([a-zA-Z-]*)([:]{1,1})((([ trn]*)([a-zA-Z-0-9#]*))+)[;]{1})*)([ trn]*)([}]{1,1})([ trn]*)/)) {
$(this).after("<span>This is CSS</span>");
}
else {
$(this).after("<span>This is JS</span>");
}
});
What does it do: Parse the text.
HTML
If it contains characters like '<' followed by br (or any of the other tags above) and then '>' then it's html. (Include a check as well since you could compare numbers in js as well).
CSS
If it is made out of the pattern name(optional) followed by . or # followed by id or class followed by { you should get it from here... In the pattern above I also included possible spaces and tabs.
JS
Else it is JS.
You could also do Regex like: If it contains '= {' or 'function...' or ' then JS. Also check further for Regular Expressions to check more clearly and/or provide white- and blacklists (like 'var' but no < or > around it, 'function(asdsd,asdsad){assads}' ..)
Bram's Start with what I continued was:
$("code").each(function() {
code = $(this).text();
if (code.match(/^<[^>]+>/)) {
$(this).after("<span>This is HTML</span>");
}
else if (code.match(/^(#|\.)?[^{]+{/)) {
$(this).after("<span>This is CSS</span>");
}
});
For more Information:
http://regexone.com is a good reference.
Also check http://www.sitepoint.com/jquery-basic-regex-selector-examples/ for inspiration.
It depends if you are allowed to mix languages, as mentioned in the comments (i.e. having embedded JS and CSS in your HTML), or if those are separate files that you need to detect for some reason.
A rigorous approach would be to build a tree from the file, where each node would be a statement (in Perl, you can use HTML::TreeBuilder). Then you could parse it and compare with the original source. Then proceed by applying eliminating regexes to weed out chunks of code and split languages.
Another way would be to search for language-specific patterns (I was thinking that CSS only uses " *= " in some situations, therefore if you have " = " by itself, must be JavaScript, embedded or not).
For HTML you for sure can detect the tags with some regex like
if($source =~ m/(<.+>)/){}
Basically then you would need to take into account some fancy cases like if the JavaScript is used to display some HTML code
var code = "<body>";
Then again it really depends on the situation you are facing, and how the codes mix.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
I was wondering if I could get some help on how to analyze an algorithm, my teacher gave us the validation code for some strings. and out project is that we must create a keygen for this validator, and, of course, it must be true when validated. I have been trying by brute force, but I have no luck and It has been working like for 2 hrs. now, so any help, idea, or tip on how to solve this would be perfect.
Thanks in advance.
Here is the code for the validator:
function char2number(chr) {
var code = chr.charCodeAt(0);
if(code<65) code = code-48;
else {
code=code-65+10;
if(code>=11) code++;
if(code>=22) code++;
if(code>=33) code++;
}
return code;
}
function checkdata(code) {
var dig = 0;
var test = 1;
for(var i=0; i<code.length-1;i++) {
dig=dig+(char2number(code.charAt(i))*test);
test*=2;
}
dig = mod(dig,9);
if(dig==code.charAt(code.length-1)) return true;
else return false; }
function mod(X,Y) { var t; t = X % Y; return t < 0 ? t + Y : t; }
function valida() {
var codigo = document.getElementById("code").value;
// Validate the code
if( code == "" || code.length < 15 ) {
alert("Invalid!");
return false;
}
if( ! checkdata(code.toUpperCase()) ) {
alert("Invalid!");
return false;
}
This code is written in Javascript since we have to elaborate our solution in Python and, from python, call the service to validate.
I don't think that making the code is hard, but I 've been thinking on a way to solve this and I just can't find a pattern to get it to work.
Thanks, all!
OK, what's going on inside checkdata? Well, whatever it's doing before the end, after dig = mod(dig, 9) it's got a number from 0 to 8, and it's comparing that to the last character (code.charAt(code.length-1))). Notice that the for loop above does i<code.length-1 rather than i<code.length, so that last character isn't included in the calculation. And (other than the check for length 15+) there's nothing else going on here.
So, you don't even have to understand what the whole for loop is doing. If you can generate 14 or more random characters, run the exact same code on them, and append the result to the end, it'll pass.
One quick and dirty way to do that is to just add an alert (or, maybe better, use console.log and run in node instead of a browser…) right before the end of checkdata that shows you what dig is:
function checkdata(code) {
var dig = 0;
var test = 1;
for(var i=0; i<code.length-1;i++) {
dig=dig+(char2number(code.charAt(i))*test);
test*=2;
}
dig = mod(dig,9);
alert(dig);
if(dig==code.charAt(code.length-1)) return true;
else return false;}
So now, take some random string of 15 or more characters, like "ABC123DEF456GHI789". An alert will pop up saying "2", and it'll fail because 2 and 9 aren't the same. So just use "ABC123DEF456GHI782" instead, and it'll pass.
Now all you have to do is port that checkdata function to Python, change the alert(dig) to return code[:-1] + dig, write the code to generate 15-character random strings, and of course write the code that calls the service. But that's it.
By the way, porting to Python isn't always quite as trivial as it seems; for example:
JS, 2 is a 64-bit floating point number; Python 2 is an unlimited-bit integer.
JS strings are Unicode; Python 2.x strings are not (but 3.x are).
JS strings in some browsers are actually UTF-16, not Unicode.
JS % is sign-preserving; Python % is always-positive.
Fortunately, for writing a keygen, you can generate something that doesn't stray beyond the limits of where any of these things matters, but you should think things through to make sure you do so.
I should add that your teacher may want you to understand what's going on inside the for loop, instead of treating it like a black box. Also, in real life, whoever wrote this silly algorithm would figure out how you cracked it, and make a trivial change that made at least partially understanding the loop necessary (e.g., if they change the <code.length-1 to <code.length).
I have a URL, that I am parsing after the hash. The content after the hash is a math equation (eg. http://example.com/something#5+1) which I would like to find the sum of (or the result of any other equation like a product, division, etc)
I can retrieve the numbers using:
var url = (window.location.hash).substr(1) // returns "5+1" as a string
Although I find if I try to convert this to a number it doesn't actually do the math. It cuts it down to 5, instead of showing the sum of 8.
Is this kind of conversion possible?
thanks!
Do not eval() arbitrary code from the URL as it can easily be exploited for XSS. I have created a library called JSandbox that can sandbox JavaScript code execution, but it requires support for web workers. It would not be a good idea to use fake worker support for IE as then the safety of the sandbox is gone.
Your code would go as follows:
JSandbox.eval("with(Math){" + location.hash.substr(1) + "}", function (res) {
// handle the results here
});
Use this to also handle errors:
JSandbox.eval("with(Math){" + location.hash.substr(1) + "}", function (res) {
// handle the results here
}, null, function (err) {
// handle errors here
});
I included a with (Math) { ... } wrapper so the hash code has short access to Math functions. (eg. abs(..) instead of Math.abs(..))
To really do this correctly, you need to write a simple parser for your mathematical expression language. This is allegedly not very hard, but I myself have never been able to do it. This is the only way to get the javascript to evaluate and interpret the math expression correctly, without also opening pandoras box, and letting all kinds of nasty stuff through like a simple (and stupid) call to eval() will.
Or you can just have a bit of a look around and find someone who has already done this such as here:
http://silentmatt.com/math/evaluator.php
eval() is the easiest way to perform the calculation, but you'll definitely want to verify that your input is sane:
var input = window.location.hash.substr(1);
var result = null;
try {
// Make sure the input is only numbers and supported operators.
if (/^[-+*/.()0-9]+$/.test(input))
result = eval(input);
} catch (ex) {
// Insert error handling here...
}
This regex should filter out any dangerous input.
var code = "5+1";
var result = window.eval(code);
But as in all languages that has eval, be careful with what you eval.
To execute a string see eval and some reasons not to do this are at why-is-using-javascript-eval-function-a-bad-idea.
This means in code of any importance—with data that is coming from an untrusted source (e.g. the internet)—you should parse out the numbers and the mathematical operation...and not accept any other types of input.
function CalculateString(hash) {
var ReturnValue;
var patt = '([\d*+-/.%])';
ReturnValue = hash.match(patt)[1];
ReturnValue = eval(ReturnValue);
if (ReturnValue > 0) {
return parseInt(ReturnValue,10);
} else {
return 0;
}
}
So you can do like this:
var Hash = (window.location.hash).substr(1);
var Calculation = CalculateString(Hash); // Retinerer result of the calculation if it is valid, otherwise it will give you 0.