Skip navigation.

miscoded

the web is a hack

function(p,a,c,k,e,r) de-mystify trick

Friday, 21. September 2007, 17:40:41

,

If you ever came across code that starts 
eval(function(p,a,c,k,e,r)

here's a small demonstration of how to turn that code into something sensible..

A word of warning: I'm experimenting with Wink for creating Flash screencast-type demonstrations. That means you agree to receive a 1.5 M .swf file of screenshots and text by clicking through to the post.

I haven't quite mastered Wink, some unintentional mouse movement might occur but anything in the spirit of experimentation.. Feel free to tell me in comments whether you like more of those Flash-based visual demonstrations or prefer the old-fashioned screenshot approach.










enforcing a stricter Flash security policycaptured in India

Comments

Hallvord R. M. Steen 21. September 2007, 17:44

Seems the my.opera CSS enforces a maxwidth that makes things somewhat unreadable. I don't have time to tweak that now, here's a link to the HTML Wink itself wrapped the SWF in, which should show it correctly scaled:
http://www.hallvord.com/opera/unpack.htm

Andrey Petrov 21. September 2007, 18:53

:up:
But it's mutch better to see this demo through Opera RSS reader. :wink:

Kyle Baker 21. September 2007, 19:20

Other than being hard to read, I find this method of demonstrating to be very interesting and effective. However, I somewhat prefer old fashioned screenshots more, just so I can study each shot and see more of what is going on. I know this is a very simple demo, but for example you yahoo blog earlier would be hard to follow in a video imho.

_Grey_ 21. September 2007, 20:17

My problem with this was also that the video continued without my interaction (I stopped it though when I saw the stop-button).

I kind of liked those flash tutorials that explain Opera functionality... they have a "next" button in the lower right corner imho.

"Normal" screenshots will do just fine, though :D


edit: Oh, nearly forgotten to add: I like this trick very much :smile: I have actually seen code like that and been unable to do anything with it (not that it was important).

Non-Troppo 21. September 2007, 23:47

Wink is what I used for these visual tutorials: http://operawiki.info/visualtutorials — and yes you can add buttons that wait for the user before moving on which makes it easier to parse the information...

I've already made some buttons to use here: http://operawiki.info/MakingFlashTutorials

Lars Kleinschmidt 21. September 2007, 23:53

I actually like text posts better. With this flash movie I wasn't always sure where to look and felt like I might miss stuff. And it went on pretty fast which didn't make it easier. With text+screenshots one can just take oneself more time.

Øyvind Østlund 22. September 2007, 00:17

Thanks for the tip, although I hope something like this will be built into the Opera Dev Tools in the end. Not only for JS, but (X)HTML as well as CSS.

As I wrote about a long time ago, Firefox has an extension like this. It formats the source, and you can see the CSS applied to any element with it. Really helpful tool. Together with the CSSViewer you save yourself a lot of time.

Except that, I really hope you will show us more tricks of the trade Hallvord. This blog gets better every day!!!


- ØØ -

scipio 22. September 2007, 07:36

Good trick! :up:

Smir 22. September 2007, 13:56

Hm, thats a nice trick :smile:

I knew of CTRL+A, CTRL+C in alert boxes. It is terrible annoying that this does not work in other browsers!

Hallvord R. M. Steen 22. September 2007, 20:07

Good points on speed and interaction, thanks. Non-troppo, I will definititely look at your Wink resources :smile:

NoteMe: the "eval=alert" trick is somewhat beyond the scope of the Firefox tool (presuming it is a code beautifier only). This script is compressed in a way that means the original source code makes no sense, and you get source that makes sense to read only by actually running it. To see meaningful source here you'd need a combined JS debugger (to run the decompress routine and stop afterwards) and code beautifier (to format the generated scripts nicely).

Øyvind Østlund 22. September 2007, 21:54

I must have missed the point when I gave up on reading any of the words in the Flash file. Please don't tell me that you can? I can't handle going blind at this age.

Even though I can't read the code in the flash movie, I should have taken a hint if I had read the first line again and understood it was the "re-compilation"/interpretation you where on about. Neither the less, thanks for correcting me back to the stone age there.

Firefox do have an uneval function as well for some reason. Although I can't see much use for it except doubling the amount of Fuzzytest bugs++.


- ØØ -

_Grey_ 23. September 2007, 01:28

Actually this looks like Dean Edwards' Packer...

phamgiagia 26. October 2007, 00:18

My name Pham hai in vietnamese please contact with me at phamgiagia1992@yahoo.com

Ohwzay 2. April 2008, 12:53

A firefox-compliant version is to add
var n=document.createElement('textarea');document.body.appendChild(n);eval=function(s){n.value+=s;};
instead. :smile:
http://www.arachnoid.com/arachnophilia/index.html contains a beautifier, and http://www.prettyprinter.de/ usually works just fine. What is it Hallvord is using? No public script I assume?

Hallvord R. M. Steen 2. April 2008, 18:42

Haven't tried prettyprinter.de, if it can beautify, say, Y!Mail or GMail's JS libs I'll be quite impressed.
I mostly use ad-hoc stuff, I've written one PHP script that does a pretty good job at being a minimal JS pretty-printer - knows just enough syntax to parse it - and I'm going to make that public at some point. When I get around to it.

Anonymous 11. December 2008, 18:27

Anonymous writes:


I don't understand ?

My Code:

eval(function(p,a,c,k,e,r){

[i][Edit: removed a very large section of unreadable code. Hallvord][/i]

_Grey_ 12. December 2008, 19:57

@Anonymous: You could have uploaded that to one of the several pastebins, you know?

Here, did that for you.

@Moderator: You can delete his code.

@topic: I recently found a blog post dealing with "unpacking" packer. Might be useful.

Hallvord R. M. Steen 13. December 2008, 21:24

Anonymous: just create a line at the top of the script doing either 

eval=alert;


or 

eval=document.write;


when you load the modified code, you will see the original, unpacked version.

Anonymous 27. December 2008, 14:31

Somebody writes:

Your trick doesn't work for me but i found similar idea, just change

eval(function(p,a,c,k,e,r){...

on

alert(function(p,a,c,k,e,r){...

Anonymous 30. January 2009, 22:58

pippo writes:

How get the opposite? from a tidy javascript create the macro object?

Hallvord R. M. Steen 3. February 2009, 20:26

pippo: see http://dean.edwards.name/packer/

Anonymous 12. March 2009, 17:12

Anonymous writes:

If you want to hack luckyzoom for whateverr reason then remove this code

'+xgdf7fsgd56('^bko}k.{~i|ojk.za.h{bb.xk|}ga`.ah.Coigm.Taac')+'

line beginning appendChild(this.bigImage);var str=

Anonymous 21. April 2009, 20:59

goodHelp writes:

thank you for the ideas here. On this first experience with a packer I needed them all. the alert box terminated my long unpack. I found a way with no practical limit on size:

make the function named>> eg. unPAC=(function(p,a,c,k,e,d){e=function(c){return.....
assign an html text node value to the value produce by unPAC . I cheated, avoid tough DOM stuff and used jQuery like this..

$j('.unP').text(unPAC)
works great. .unP is a div I gave a class="unP".

Anonymous 4. August 2009, 11:04

Anonymous writes:

Thanks to original poster and Ohwzay for the code.

How to use Quote function:

  1. Select some text
  2. Click on the Quote link

Write a comment

Comment
(BBcode and HTML is turned off for anonymous user comments.)

If you can't read the words, press the small reload icon.


Smilies