Does someone think they can decode this

[ryan]

does anyone think they can decode this

its in javascript

-------------------------------

eval(unescape("%66%75%6E%63%74%69%6F%6E%20%61%28%73%29%7B%74%3D%22%65%77%29%21%38%79%3A%24%37%36%3E%4C%23%2E%4A%7C%20%41%68%6D%01%3D%2F%3C%64%6C%25%7B%39%4E%57%35%27%72%74%63%50%6F%28%2B%2D%34%6B%56%5E%53%48%2A%5B%04%26%6E%73%3B%44%52%2C%5A%5F%76%70%02%5D%32%7D%30%75%78%51%47%7F%4D%66%69%7A%43%7E%60%33%4B%31%40%42%3F%58%03%62%61%6A%55%71%46%59%49%45%54%67%4F%22%3B%6F%3D%6E%65%77%20%53%74%72%69%6E%67%3B%6C%3D%73%2E%6C%65%6E%67%74%68%3B%66%6F%72%20%28%69%3D%30%3B%69%3C%6C%3B%69%2B%2B%29%7B%6E%3D%74%2E%69%6E%64%65%78%4F%66%28%73%2E%63%68%61%72%41%74%28%69%29%29%3B%69%66%28%6E%3D%3D%2D%31%29%7B%6F%2B%3D%73%2E%63%68%61%72%41%74%28%69%29%3B%63%6F%6E%74%69%6E%75%65%7D%69%66%28%6E%3D%3D%30%29%7B%6F%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%31%30%29%3B%63%6F%6E%74%69%6E%75%65%7D%69%66%28%6E%3D%3D%31%29%7B%6F%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%31%33%29%3B%63%6F%6E%74%69%6E%75%65%7D%69%66%28%6E%3E%31%29%7B%6F%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%6E%2B%33%30%29%7D%7D%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%6F%29%7D"));a("WGXCBb'@GaKM1b UXCbM31>6W6.6GXCBb)XG58zbbB9AAaaxXC@ 3FG@ MAq`@MA0`@MA0bM8'WA6.6GXCBb'6LNWAGXCBb'");



i dont know how its encrypted

 

[nick-8318]

when i went through a hex decoder...i got this output, which isn't fully decoded but it gets you somewhere

eval(unescape(\"function a(s){t=%2 2ew)!8y:$76>L#.J|% 20Ahm
=/<dl%{9NW5' rtcPo( -4kV^SH*[%0 4&ns;DR,Z_vp]2}0% 75xQGMfizC~`3K1@B ?XbajUqFYIETgO"%3 Bo=new String;l=s% 2Elength;for (i=0; i<l;i  ){n=t.ind%6 5xOf(s.charAt(i))% 3Bif(n==-1){o =s.c harAt(i);continu%6 5}if(n==0){o =Str% 69ng.fromCharCode( 10);continue}if(%6 E==1){o =String.f% 72omCharCode(13);c ontinue}if(n>1){%6 F =String.fromCha% 72Code(n 30)}}docu ment.write(o)}\"));a(\"WGXCBb\'@GaKM1b UXCbM31>6W6.6GXCBb)XG58zbbB9AAaaxXC@ 3FG@ MAq`@MA0`@MA0bM8\'WA6.6GXCBb\'6LNWAGXCBb\'\");

 

[primacomputer]

It appears that the data you posted has been corrupted in the copy and paste. This is probably by design ,as one of the obsfucation methods used. Essentially the function that is encoded uses the two strings to do a sort of cesarean substitution. The net result is to write a tag to the document. This is a link to a script that appears to be hosted on a lycos server.

There are much easier ways to steal this script than trying to decode javascript functions.

 

[Zubair1]

I think it was'nt currput but it's encode encode in some else other then url encoding the characters case after using the below coding and making changes to the pervious cod i got this
function a(s){t="ew)!8y:$76>L#.J| Ahm
=/1){o+=String.fromCharCode(n+30)}}document.write(o)} <----I got this :

a = unescape("%66%75%6E%63%74%69%6F%6E%20%61%28%73%29%7B%74%3D%22%65%77%29%21%38%79%3A%24%37%36%3E%4C%23%2E%4A%7C%20%41%68%6D%01%3D%2F%3C%64%6C%25%7B%39%4E%57%35%27%72%74%63%50%6F%28%2B%2D%34%6B%56%5E%53%48%2A%5B%04%26%6E%73%3B%44%52%2C%5A%5F%76%70%02%5D%32%7D%30%75%78%51%47%7F%4D%66%69%7A%43%7E%60%33%4B%31%40%42%3F%58%03%62%61%6A%55%71%46%59%49%45%54%67%4F%22%3B%6F%3D%6E%65%77%20%53%74%72%69%6E%67%3B%6C%3D%73%2E%6C%65%6E%67%74%68%3B%66%6F%72%20%28%69%3D%30%3B%69%3C%6C%3B%69%2B%2B%29%7B%6E%3D%74%2E%69%6E%64%65%78%4F%66%28%73%2E%63%68%61%72%41%74%28%69%29%29%3B%69%66%28%6E%3D%3D%2D%31%29%7B%6F%2B%3D%73%2E%63%68%61%72%41%74%28%69%29%3B%63%6F%6E%74%69%6E%75%65%7D%69%66%28%6E%3D%3D%30%29%7B%6F%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%31%30%29%3B%63%6F%6E%74%69%6E%75%65%7D%69%66%28%6E%3D%3D%31%29%7B%6F%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%31%33%29%3B%63%6F%6E%74%69%6E%75%65%7D%69%66%28%6E%3E%31%29%7B%6F%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%6E%2B%33%30%29%7D%7D%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%6F%29%7D");
//a("WGXCBb'@GaKM1b UXCbM31>6W6.6GXCBb)XG58zbbB9AAaaxXC@ 3FG@ MAq`@MA0`@MA0bM8'WA6.6GXCBb'6LNWAGXCBb'");

document.write (a);

 

[user-7256]

I know how that's encrypted. I used to have the program that did that. But, I lost it . I will dig through my backup archives to see if I still have it.

 

[Outer]

seems like a referencing method to me

 

[primacomputer]

The original data that was copied and pasted contains control characters that the OP was unable to copy and paste successfully. As a result even after your decode the decoder and decode the data with the decoded decoder you still have corrupt data. It's not too bad because it uses a simple substitution encryption so a few missing parts of the key doesn't destroy the entire message. This is one of the hallmarks of a poor encryption scheme. The irony of it all is that despite the encryption/encoding system being pretty weak it has accomplished it's job quite well. I could easily get the script given the original URL, but the OP fell victim to one of the scripts protection measures the minute he coppiced and pasted instead of providing a link.

As a result I can decode everything with just a few errors. That's how I know that the script the OP wants to steal isn't actually encoded in the data but is rather a linked script who's URL is encoded in the data. Of course this is all just an academic exercise. If I really wanted to steal a script I'd simply run something like tcpflow, visit the page, and have the script conveniently saved to a file.