Hallvord R. M. Steen

function(p,a,c,k,e,r) de-mystify trick

Friday, September 21, 2007 5:40:41 PM

If you ever came across code that starts

eval(function(p,a,c,k,e,r)

here's a small demonstration of how to turn that code into something sensible..

A word of warning: I'm experimenting with Wink for creating Flash screencast-type demonstrations. That means you agree to receive a 1.5 M .swf file of screenshots and text by clicking through to the post.

I haven't quite mastered Wink, some unintentional mouse movement might occur but anything in the spirit of experimentation.. Feel free to tell me in comments whether you like more of those Flash-based visual demonstrations or prefer the old-fashioned screenshot approach.

enforcing a stricter Flash security policycaptured in India

Comments

Hallvord R. M. Steenhallvors # Friday, September 21, 2007 5:44:03 PM

Seems the my.opera CSS enforces a maxwidth that makes things somewhat unreadable. I don't have time to tweak that now, here's a link to the HTML Wink itself wrapped the SWF in, which should show it correctly scaled:
http://www.hallvord.com/opera/unpack.htm

FataL # Friday, September 21, 2007 6:53:01 PM

But it's mutch better to see this demo through Opera RSS reader.

Kyle Bakerkyleabaker # Friday, September 21, 2007 7:20:25 PM

Other than being hard to read, I find this method of demonstrating to be very interesting and effective. However, I somewhat prefer old fashioned screenshots more, just so I can study each shot and see more of what is going on. I know this is a very simple demo, but for example you yahoo blog earlier would be hard to follow in a video imho.

_Grey_ # Friday, September 21, 2007 8:17:51 PM

My problem with this was also that the video continued without my interaction (I stopped it though when I saw the stop-button).

I kind of liked those flash tutorials that explain Opera functionality... they have a "next" button in the lower right corner imho.

"Normal" screenshots will do just fine, though

edit: Oh, nearly forgotten to add: I like this trick very much

I have actually seen code like that and been unable to do anything with it (not that it was important).

Non-Tropponon-troppo # Friday, September 21, 2007 11:47:40 PM

Wink is what I used for these visual tutorials: http://operawiki.info/visualtutorials — and yes you can add buttons that wait for the user before moving on which makes it easier to parse the information...

I've already made some buttons to use here: http://operawiki.info/MakingFlashTutorials

larskl # Friday, September 21, 2007 11:53:13 PM

I actually like text posts better. With this flash movie I wasn't always sure where to look and felt like I might miss stuff. And it went on pretty fast which didn't make it easier. With text+screenshots one can just take oneself more time.

Øyvind ØstlundNoteMe # Saturday, September 22, 2007 12:17:12 AM

Thanks for the tip, although I hope something like this will be built into the Opera Dev Tools in the end. Not only for JS, but (X)HTML as well as CSS.

As I wrote about a long time ago, Firefox has an extension like this. It formats the source, and you can see the CSS applied to any element with it. Really helpful tool. Together with the CSSViewer you save yourself a lot of time.

Except that, I really hope you will show us more tricks of the trade Hallvord. This blog gets better every day!!!

- ØØ -

scipio # Saturday, September 22, 2007 7:36:21 AM

Good trick!

Smir # Saturday, September 22, 2007 1:56:49 PM

Hm, thats a nice trick

I knew of CTRL+A, CTRL+C in alert boxes. It is terrible annoying that this does not work in other browsers!

Hallvord R. M. Steenhallvors # Saturday, September 22, 2007 8:07:22 PM

Good points on speed and interaction, thanks. Non-troppo, I will definititely look at your Wink resources

NoteMe: the "eval=alert" trick is somewhat beyond the scope of the Firefox tool (presuming it is a code beautifier only). This script is compressed in a way that means the original source code makes no sense, and you get source that makes sense to read only by actually running it. To see meaningful source here you'd need a combined JS debugger (to run the decompress routine and stop afterwards) and code beautifier (to format the generated scripts nicely).

Øyvind ØstlundNoteMe # Saturday, September 22, 2007 9:54:10 PM

I must have missed the point when I gave up on reading any of the words in the Flash file. Please don't tell me that you can? I can't handle going blind at this age.

Even though I can't read the code in the flash movie, I should have taken a hint if I had read the first line again and understood it was the "re-compilation"/interpretation you where on about. Neither the less, thanks for correcting me back to the stone age there.

Firefox do have an uneval function as well for some reason. Although I can't see much use for it except doubling the amount of Fuzzytest bugs++.

- ØØ -

_Grey_ # Sunday, September 23, 2007 1:28:38 AM

Actually this looks like Dean Edwards' Packer...

phamgiagia # Friday, October 26, 2007 12:18:38 AM

My name Pham hai in vietnamese please contact with me at phamgiagia1992@yahoo.com

Ohwzay # Wednesday, April 2, 2008 12:53:24 PM

A firefox-compliant version is to add
var n=document.createElement('textarea');document.body.appendChild(n);eval=function(s){n.value+=s;};
instead.

http://www.arachnoid.com/arachnophilia/index.html contains a beautifier, and http://www.prettyprinter.de/ usually works just fine. What is it Hallvord is using? No public script I assume?

Hallvord R. M. Steenhallvors # Wednesday, April 2, 2008 6:42:08 PM

Haven't tried prettyprinter.de, if it can beautify, say, Y!Mail or GMail's JS libs I'll be quite impressed.
I mostly use ad-hoc stuff, I've written one PHP script that does a pretty good job at being a minimal JS pretty-printer - knows just enough syntax to parse it - and I'm going to make that public at some point. When I get around to it.

Anonymous # Thursday, December 11, 2008 6:27:07 PM

Anonymous writes: I don't understand ? My Code: eval(function(p,a,c,k,e,r){ [i][Edit: removed a very large section of unreadable code. Hallvord][/i]

_Grey_ # Friday, December 12, 2008 7:57:36 PM

@Anonymous: You could have uploaded that to one of the several pastebins, you know?

Here, did that for you.

@Moderator: You can delete his code.

@topic: I recently found a blog post dealing with "unpacking" packer. Might be useful.

Hallvord R. M. Steenhallvors # Saturday, December 13, 2008 9:24:58 PM

Anonymous: just create a line at the top of the script doing either

eval=alert;

eval=document.write;

when you load the modified code, you will see the original, unpacked version.

Anonymous # Saturday, December 27, 2008 2:31:42 PM

Somebody writes: Your trick doesn't work for me but i found similar idea, just change eval(function(p,a,c,k,e,r){... on alert(function(p,a,c,k,e,r){...

Anonymous # Friday, January 30, 2009 10:58:07 PM

pippo writes: How get the opposite? from a tidy javascript create the macro object?

Hallvord R. M. Steenhallvors # Tuesday, February 3, 2009 8:26:40 PM

pippo: see http://dean.edwards.name/packer/

Anonymous # Thursday, March 12, 2009 5:12:42 PM

Anonymous writes: If you want to hack luckyzoom for whateverr reason then remove this code '+xgdf7fsgd56('^bko}k.{~i|ojk.za.h{bb.xk|}ga`.ah.Coigm.Taac')+' line beginning appendChild(this.bigImage);var str=

Anonymous # Tuesday, April 21, 2009 8:59:40 PM

goodHelp writes: thank you for the ideas here. On this first experience with a packer I needed them all. the alert box terminated my long unpack. I found a way with no practical limit on size: make the function named>> eg. unPAC=(function(p,a,c,k,e,d){e=function(c){return..... assign an html text node value to the value produce by unPAC . I cheated, avoid tough DOM stuff and used jQuery like this.. $j('.unP').text(unPAC) works great. .unP is a div I gave a class="unP".

Anonymous # Tuesday, August 4, 2009 11:04:49 AM

Anonymous writes: Thanks to original poster and Ohwzay for the code.

Anonymous # Friday, August 13, 2010 2:07:32 AM

Anónimo writes: you rule!!!

Hallvord R. M. Steenhallvors # Friday, August 13, 2010 9:33:01 PM

Yet another option would be to add

eval=function(str){ window.open('data:,%27+encodeURIComponent(str)) }

somewhere before the packed script.

Anonymous # Thursday, October 28, 2010 9:53:50 AM

www.vuvvling.com writes: if the text is large, you can use a function to copy to windows clipboard

Anonymous # Saturday, November 6, 2010 5:23:33 AM

Beto Scartezini writes: eval=alert; Use opera Portable and get it

Anonymous # Sunday, February 20, 2011 5:31:08 AM

Anonymous writes: Wow, you all sure go to a lot of trouble to decrypt some kid's code. Here's just one of the numerous ways to crack the toy. 1. Copy javascript: 2. Paste to text file and save as *.HTML 3. Open with I.explorer 4. When it opens, allow script to run 5. Open "Tools; Developer Tools" 6. On HTML tab, open HTML header and then 7. Tab to move through values; most individuals will want the "src" value, which is one past "src".

Hallvord R. M. Steenhallvors # Sunday, February 20, 2011 3:11:54 PM

I'd say that's more trouble than just adding eval=alert; and re-loading from cache, but each to his own