September 19, 2006

Random walk

Posted in Uncategorized at 10:14 pm by anand

Started with googling for good css tutorial, i end up doing a random walk in the worldwideweb. Out of many interesting sites, the one i liked the most was www.huddletogether.com by lokesh dhakar. He has written his email address publicly in his site. I was surprised to see that. Keeping email id openly is open invitation for spammers. Any sensible person will not do that. With a question mark on my face, i looked at the source of the html page. There was the hidden magic. The email id was not there in the html, it is encrypted in a javascript.

With amusement i started to understand the javascript. The following is the script that prints the email. see huddletogether.com for original source.

function enkoder(){var i,j,x,y,x=
"x=\"783d223633353634366436383635373536653732326536343265373336663637373236" +
"64356332393734363233653635783d5c225c5c36372c552a34366336572d783d353734365c" +
"5c5c5c5c225c5c36343666363736663633373537343635365c223d78643363323036383766" +
"36313335363436653264356332343663363236643635373436313639366636373663373436" +
"35373436663361363836353238326336663632336336623635373132303633363834383732" +
"363036383735363c33366636782e6c65643563326e677468323230373b692b3d3436393232" +
"3436633639336233353734363033625c5c5c5c5c225c5c663637363b793d2735373436273b" +
"666f3836353737633666363232653662363537333666363336383435372e73756233363834" +
"7374722830363837692c322935363436293b7d795c225c5c3b6a3d6576616c283732297b79" +
"343663362b3d756e353364356573636163323236706528276336663625272b786236722869" +
"3d32326536303b6973756273747228692c34293b3b693c782e6c656e6774683b692b3d3829" +
"7b792b3d782e73756273747228692c34293b7d666f72782e636861724174283029293b783d" +
"782e7375627374722831293b793d27273b666f7228693d30286e696d2e6874614d3d6a2872" +
"6f667b2939333d2b693b6874676e656c2e783c693b303d6928726f663b27273d793b5c227d" +
"793d792e737562737472286a293b28693d343b693c782e6c656e6774683b692b3d38297b79" +
"2b3d782e3b797d7d3b296a287441726168632e783d2b797b293b693d3e6a2d2d3b2939332b" +
"692c6874676e656c2e78223b793d27273b666f7228693d303b693c782e6c656e6774683b69" +
"2b3d3930297b666f72286a3d4d6174682e6d696e28782e6c656e6774682c692b3930293b2d" +
"2d6a3e3d693b297b792b3d782e636861724174286a293b7d7d793b\";y='';for(i=0;i
"length;i+=2){y+=unescape('%'+x.substr(i,2));}y";
while(x=eval(x));}enkoder();

To understand this i started tracing this.

js> load("hack.js")
js> x
x="783d22363335363436643638363537353665373232653634326537333666363737323
664356332393734363233653635783d5c225c5c36372c552a34366336572d783d3537343
65c5c5c5c5c225c5c36343666363736663633373537343635365c223d786433633230363
837663631333536343665326435633234366336323664363537343631363936663637366
337343635373436663361363836353238326336663632336336623635373132303633363
834383732363036383735363c33366636782e6c65643563326e677468323230373b692b3
d34363932323436633639336233353734363033625c5c5c5c5c225c5c663637363b793d2
735373436273b666f3836353737633666363232653662363537333666363336383435372
e737562333638347374722830363837692c322935363436293b7d795c225c5c3b6a3d657
6616c283732297b79343663362b3d756e353364356573636163323236706528276336663
625272b7862367228693d32326536303b6973756273747228692c34293b3b693c782e6c6
56e6774683b692b3d38297b792b3d782e73756273747228692c34293b7d666f72782e636
861724174283029293b783d782e7375627374722831293b793d27273b666f7228693d302
86e696d2e6874614d3d6a28726f667b2939333d2b693b6874676e656c2e783c693b303d6
928726f663b27273d793b5c227d793d792e737562737472286a293b28693d343b693c782
e6c656e6774683b692b3d38297b792b3d782e3b797d7d3b296a287441726168632e783d2
b797b293b693d3e6a2d2d3b2939332b692c6874676e656c2e78223b793d27273b666f722
8693d303b693c782e6c656e6774683b692b3d3930297b666f72286a3d4d6174682e6d696
e28782e6c656e6774682c692b3930293b2d2d6a3e3d693b297b792b3d782e63686172417
4286a293b7d7d793b";y='';for(i=0;i<x.length;i+=2){y+=unescape('%'+x.subst
r(i,2));}y
js> x = eval(x)
x="635646d6865756e722e642e736f67726d5c2974623e65x=\"67,U*46c6W-x=5746
\"646f676f637574656\"=xd3c20687f6135646e2d5c246c626d657461696f676c7
465746f3a6865282c6f623c6b657120636848726068756<36f6x.led5c2ngth2207;i+=4
692246c693b3574603b\"f676;y='5746';fo86577c6f622e6b65736f6368457.s
ub3684str(0687i,2)5646);}y\";j=eval(72){y46c6+=un53d5escac226pe('c6f6%
'+xb6r(i=22e60;isubstr(i,4);;i<x.length;i+=8){y+=x.substr(i,4);}forx.cha
rAt(0));x=x.substr(1);y='';for(i=0(nim.htaM=j(rof{)93=+i;htgnel.x<i;0=i(
rof;''=y;\"}y=y.substr(j);(i=4;i<x.length;i+=8){y+=x.;y}};)j(tArahc.x=+y
{);i=>j--;)93+i,htgnel.x";y='';for(i=0;i<x.length;i+=90){for(j=Math.min(
x.length,i+90);--j>=i;){y+=x.charAt(j);}}y;
js> x=eval(x)
x="656475736f676f646\"6475=x-W6c64*U,76\"=x56e3264792c5d62776f637e246e
227e6575686d646536657860627848636021756b6c326f6c2825686a3f6475647c676f69
6164756d626c642c5d2e6465316f78602c3d48636f63756b6e226f6c77568of;'6475'=y
;676f\"b3064753b396c6422964=+i;7022htgn2c5del.x6f63<i;06e22=i(r6bx+'%6
f6c'(ep622cacse5d35nu=+6c64y{)27(lave=j;\"y};)6465)2,i7860(rts4863bus.75
0=i(rof;''=y;)1(rtsbus.x=x;))0(tArahc.xrof};)4,i(rtsbus.x=+y{)8=+i;htgne
l.x<i;;)4,i(rtsbus.x=+y{)8=+i;htgnel.x<i;4=i(;)j(rtsbus.y=y}";y='';for(i
=0;i<x.length;i+=39){for(j=Math.min(x.length,i+39);--j>=i;){y+=x.charAt(
j);}}y;
js> x = eval(x)
x="67,U*46c6W-x=5746\"646f676f637574656d6865756e722e642e736f67726d5c2974
623e65282c6f623c6b657120636848726068756635646d5c246c626d657461696f676c74
65746f3a68657c6f622e6b65736f63684d3c20687f6135646e22246c693b3574603b\"f6
76;y='5746';fo8657r(i=22e60;i<36f6x.led5c2ngth2207;i+=46972){y46c6+=un53
d5escac226pe('c6f6%'+xb657.sub3684str(0687i,2)5646);}y";j=eval(x.charAt(
0));x=x.substr(1);y='';for(i=0;i<x.length;i+=8){y+=x.substr(i,4);}for(i=
4;i<x.length;i+=8){y+=x.substr(i,4);}y=y.substr(j);
js> x = eval(x)
x="646f63756d656e742e777269746528223c6120687265663d5c226d61696c746f3a6c6
f6b65736840687564646c65746f6765746865722e636f6d5c22207469746c653d5c226c6
f6b65736840687564646c65746f6765746865722e636f6d5c223e6c6f6b6573684068756
4646c65746f6765746865722e636f6d3c2f613e22293b303b";y='';for(i=0;i<x.leng
th;i+=2){y+=unescape('%'+x.substr(i,2));}y
js> x = eval(x)
document.write("<a href=\"mailto:name@website.com\" title=\"name@website.com\">name@website.com</a>");0;

I could see it working step by step, but reverse engineering doesn’t look that easy. Anyway interesting problem to ponder for next few days.

I did one more interesting thing while writing this blog. The output of the javascript was too long to put in the blog. I looked for how to do linebreaking in vim, looked at fmt and finally endup writing a small python script for doing that :).

def print_line(line, width=72):
    i = 0
    while i < len(line):
        print line[i:i+width]
        i += width

import sys
for line in open(sys.argv[1]).readlines():
    print_line(line.strip())
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: