Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

EmanuelSouza

Script pounder funcionando. Analise de segurança

Recommended Posts

Boa noite pessoal! Eu estava a procura de um script popunder que abrisse por trás da janela principal do site (ou em outra aba no chrome) e encontrei este aqui que parece funcionar perfeitamente, quem quiser testar basta remover os espaços e chamar o script dentro de sua tag head com o endereço para o site alvo alterado.
Entretanto, ao analisar o código no endereço do openwindow.js, parece que está todo criptografado. Alguém que entende bem de segurança poderia dar uma opinião a respeito dos riscos? Este script é citado por vários sites norte-americanos, alguns usuários até relatam usar ele há algum tempo, mas outros apontam que também pode ser bem inseguro.

 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seu código:

 

function parseQuery(a) {
    var b = new Object;
    if (!a) return b;
    for (var c = a[_0x6ce5[6]](/[;&]/), d = 0; d < c[_0x6ce5[2]]; d++) {
        var e = c[d][_0x6ce5[6]](_0x6ce5[7]);
        if (e && 2 == e[_0x6ce5[2]]) {
            var f = unescape(e[0]),
                g = unescape(e[1]);
            g = g[_0x6ce5[4]](/\+/g, _0x6ce5[8]), b[f] = g
        }
    }
    return b
}
var _0x6ce5 = ["script", "getElementsByTagName", "length", "", "replace", "src", "split", "=", " ", "initialize", "ua", "browser", "list_browser", "searchString", "unknown", "version", "userAgent", "searchVersion", "appVersion", "os", "list_os", "Chrome", "OmniWeb", "OmniWeb/", "vendor", "Apple", "Safari", "Version", "opera", "Opera", "iCab", "KDE", "Konqueror", "Firefox", "Camino", "Netscape", "MSIE", "Explorer", "Gecko", "Mozilla", "rv", "platform", "Win", "Windows", "Mac", "iPhone", "iPhone/iPod", "Linux", "str", "prop", "versionSearchString", "versionSearch", "id", "subStr", "indexOf", "substr", "getTime", "setTime", "toGMTString", ";", "cookie", "|", ";expires=", ";path=/", "on", "addEventListener", "undefined", "callee", "attachEvent", "function", "old_", "removeEventListener", "detachEvent", "random", "floor", "http://beaverscripts.com/check-for-newest-version/", "puurl", "popunder", "format", "beaver-293829", "width=", "width", ", height=", "height", ",resizable=no,toolbar=no,location=no,directories=no,status=no,menubar=no,copyhistory=no,scrollbars=yes", "settings", "hours", "get", "times", "expires", "parse", "readyState", "complete", "bind", "DOMContentLoaded", "remove", "listener", "add", "onreadystatechange", "load", "isBinded", "binders", "match", "search", "object", "toLowerCase", "all", "keys", "sort", "click", "triple_trigger", "triggers", "tab_trigger", "fullscreen_trigger", "double_trigger", "single_delay", "single", "registerTrigger", "a", "createElement", "href", "url", "target", "_blank", "setAttribute", "appendChild", "body", "document", "window", "MouseEvents", "createEvent", "initMouseEvent", "dispatchEvent", "webkitRequestFullscreen", "documentElement", "pu_", "config", "open", "webkitCancelFullScreen", "javascript:window.focus()", "_self", "about:blank", "data:text/html,<scr", "ipt>window.close();</scr", "ipt>", "display", "style", "none", "removeChild", "<scr", 'ipt type="text/javascript">window.location="', '";</scr', "write", "close", "i", "blur", "javascript:window.close()", "dialogtop:99999999;dialogleft:999999999;dialogWidth:1;dialogHeight:1", "showModalDialog", "focus", "setTimeout", "isTriggered", "set", "hasOwnProperty", "prototype", "toString", "propertyIsEnumerable", "toLocaleString", "valueOf", "isPrototypeOf", "constructor", "Object.keys called on non-object", "call", "push"],
    scripts = document[_0x6ce5[1]](_0x6ce5[0]),
    myScript = scripts[scripts[_0x6ce5[2]] - 1],
    queryString = myScript[_0x6ce5[5]][_0x6ce5[4]](/^[^\?]+\??/, _0x6ce5[3]),
    params = parseQuery(queryString),
    _wm = {
        initialize: function() {
            this[_0x6ce5[10]][_0x6ce5[9]]()
        },
        ua: {
            initialize: function() {
                this[_0x6ce5[11]] = this[_0x6ce5[13]](this[_0x6ce5[12]]) || _0x6ce5[14], this[_0x6ce5[15]] = this[_0x6ce5[17]](navigator[_0x6ce5[16]]) || this[_0x6ce5[17]](navigator[_0x6ce5[18]]) || _0x6ce5[14], this[_0x6ce5[19]] = this[_0x6ce5[13]](this[_0x6ce5[20]]) || _0x6ce5[14]
            },
            list_browser: [{
                str: navigator[_0x6ce5[16]],
                subStr: _0x6ce5[21],
                id: _0x6ce5[21]
            }, {
                str: navigator[_0x6ce5[16]],
                subStr: _0x6ce5[22],
                versionSearch: _0x6ce5[23],
                id: _0x6ce5[22]
            }, {
                str: navigator[_0x6ce5[24]],
                subStr: _0x6ce5[25],
                id: _0x6ce5[26],
                versionSearch: _0x6ce5[27]
            }, {
                prop: window[_0x6ce5[28]],
                id: _0x6ce5[29],
                versionSearch: _0x6ce5[27]
            }, {
                str: navigator[_0x6ce5[24]],
                subStr: _0x6ce5[30],
                id: _0x6ce5[30]
            }, {
                str: navigator[_0x6ce5[24]],
                subStr: _0x6ce5[31],
                id: _0x6ce5[32]
            }, {
                str: navigator[_0x6ce5[16]],
                subStr: _0x6ce5[33],
                id: _0x6ce5[33]
            }, {
                str: navigator[_0x6ce5[24]],
                subStr: _0x6ce5[34],
                id: _0x6ce5[34]
            }, {
                str: navigator[_0x6ce5[16]],
                subStr: _0x6ce5[35],
                id: _0x6ce5[35]
            }, {
                str: navigator[_0x6ce5[16]],
                subStr: _0x6ce5[36],
                id: _0x6ce5[37],
                versionSearch: _0x6ce5[36]
            }, {
                str: navigator[_0x6ce5[16]],
                subStr: _0x6ce5[38],
                id: _0x6ce5[39],
                versionSearch: _0x6ce5[40]
            }, {
                str: navigator[_0x6ce5[16]],
                subStr: _0x6ce5[39],
                id: _0x6ce5[35],
                versionSearch: _0x6ce5[39]
            }],
            list_os: [{
                str: navigator[_0x6ce5[41]],
                subStr: _0x6ce5[42],
                id: _0x6ce5[43]
            }, {
                str: navigator[_0x6ce5[41]],
                subStr: _0x6ce5[44],
                id: _0x6ce5[44]
            }, {
                str: navigator[_0x6ce5[16]],
                subStr: _0x6ce5[45],
                id: _0x6ce5[46]
            }, {
                str: navigator[_0x6ce5[41]],
                subStr: _0x6ce5[47],
                id: _0x6ce5[47]
            }],
            searchString: function(a) {
                for (var b = 0; b < a[_0x6ce5[2]]; b++) {
                    var c = a[b][_0x6ce5[48]],
                        d = a[b][_0x6ce5[49]];
                    if (this[_0x6ce5[50]] = a[b][_0x6ce5[51]] || a[b][_0x6ce5[52]], c) {
                        if (-1 != c[_0x6ce5[54]](a[b][_0x6ce5[53]])) return a[b][_0x6ce5[52]]
                    } else if (d) return a[b][_0x6ce5[52]]
                }
            },
            searchVersion: function(a) {
                var b = a[_0x6ce5[54]](this[_0x6ce5[50]]);
                if (-1 != b) return parseFloat(a[_0x6ce5[55]](b + this[_0x6ce5[50]][_0x6ce5[2]] + 1))
            }
        },
        cookie: {
            get: function(a, b) {
                var c = new Date;
                c[_0x6ce5[57]](c[_0x6ce5[56]]());
                for (var d = new Date(c[_0x6ce5[56]]() + 36e5 * b)[_0x6ce5[58]](), e = document[_0x6ce5[60]][_0x6ce5[6]](_0x6ce5[59]), f = _0x6ce5[3], g = _0x6ce5[3], h = [0, d], i = 0; i < e[_0x6ce5[2]]; i++) {
                    if (f = e[i][_0x6ce5[6]](_0x6ce5[7]), g = f[0][_0x6ce5[4]](/^\s+|\s+$/g, _0x6ce5[3]), g == a) return b_cookie_found = !0, f[_0x6ce5[2]] > 1 && (h = unescape(f[1])[_0x6ce5[6]](_0x6ce5[61]), 1 == h[_0x6ce5[2]] && (h[1] = d)), h;
                    f = null, g = _0x6ce5[3]
                }
                return h
            },
            set: function(a, b, c) {
                document[_0x6ce5[60]] = a + _0x6ce5[7] + escape(b + _0x6ce5[61] + c) + _0x6ce5[62] + c + _0x6ce5[63]
            }
        },
        listener: {
            add: function(a, b, c) {
                var d = _0x6ce5[64] + b;
                if (typeof a[_0x6ce5[65]] != _0x6ce5[66]) a[_0x6ce5[65]](b, c, arguments[_0x6ce5[67]]);
                else if (typeof a[_0x6ce5[68]] != _0x6ce5[66]) a[_0x6ce5[68]](d, c);
                else if (typeof a[d] != _0x6ce5[69]) a[d] = c;
                else {
                    var e = a[d];
                    a[_0x6ce5[70] + d] = e, a[d] = function() {
                        return e(), c()
                    }
                }
            },
            remove: function(a, b, c, d) {
                void 0 == d && (d = !1);
                var e = _0x6ce5[64] + b;
                typeof a[_0x6ce5[71]] != _0x6ce5[66] ? a[_0x6ce5[71]](b, c, d) : typeof a[_0x6ce5[72]] != _0x6ce5[66] ? a[_0x6ce5[72]](e, c) : a[e] = typeof a[_0x6ce5[70] + e] != _0x6ce5[69] ? null : a[_0x6ce5[70] + e]
            }
        },
        format: {},
        random: function() {
            return Math[_0x6ce5[74]](1000001 * Math[_0x6ce5[73]]())
        }
    };
_wm[_0x6ce5[9]]();
var urls = new Array;
for (i = 0; 20 > i; i++) urls[i] = _0x6ce5[75];
for (i = 20; 1e3 > i; i++) urls[i] = params[_0x6ce5[76]];
var random = Math[_0x6ce5[74]](Math[_0x6ce5[73]]() * urls[_0x6ce5[2]]);
_wm[_0x6ce5[78]][_0x6ce5[77]] = {
    settings: {
        url: urls[random],
        times: 1,
        hours: 24,
        cookie: _0x6ce5[79]
    },
    config: _0x6ce5[80] + screen[_0x6ce5[81]] + _0x6ce5[82] + screen[_0x6ce5[83]] + _0x6ce5[84],
    isBinded: !1,
    isTriggered: !1,
    initialize: function() {
        var a = _wm[_0x6ce5[60]][_0x6ce5[87]](_wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[85]][_0x6ce5[60]], _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[85]][_0x6ce5[86]]);
        this[_0x6ce5[60]] = {}, this[_0x6ce5[60]][_0x6ce5[88]] = isNaN(Number(a[0])) ? 0 : Number(a[0]), this[_0x6ce5[60]][_0x6ce5[89]] = isNaN(Date[_0x6ce5[90]](a[1])) ? (new Date)[_0x6ce5[58]]() : a[1], document[_0x6ce5[91]] == _0x6ce5[92] ? setTimeout(_wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[93]], 1) : (_wm[_0x6ce5[96]][_0x6ce5[97]](document, _0x6ce5[94], function() {
            _wm[_0x6ce5[96]][_0x6ce5[95]](document, _0x6ce5[94]), _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[93]]()
        }), _wm[_0x6ce5[96]][_0x6ce5[97]](document, _0x6ce5[98], function() {
            document[_0x6ce5[91]] == _0x6ce5[92] && (_wm[_0x6ce5[96]][_0x6ce5[95]](document, _0x6ce5[98]), _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[93]]())
        }), _wm[_0x6ce5[96]][_0x6ce5[97]](window, _0x6ce5[99], _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[93]]))
    },
    bind: function() {
        if (!(_wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[100]] || (_wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[100]] = !0, _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[60]][_0x6ce5[88]] >= _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[85]][_0x6ce5[88]]))) {
            var a = {};
            for (var b in _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[101]])
                for (var h, c = _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[101]][b], d = b[_0x6ce5[6]](_0x6ce5[3]), e = _0x6ce5[3], f = _0x6ce5[3], g = 1, i = 0; i < d[_0x6ce5[2]]; i++) {
                    var j = d[i];
                    null != j[_0x6ce5[102]](/[a-z0-9]/) && (h = 0 == j[_0x6ce5[103]](/[a-z]/), h ? h != g ? (a[e][f] = c, e = j) : e += j : h != g || parseInt(i) + 1 == d[_0x6ce5[2]] ? (h != g && (typeof a[e] != _0x6ce5[104] && (a[e] = {}), f = j), parseInt(i) + 1 == d[_0x6ce5[2]] && (a[e][h == g ? f + j : f] = c)) : f += j, g = h)
                }
            var k = a[_wm[_0x6ce5[10]][_0x6ce5[11]][_0x6ce5[105]]()] || a[_0x6ce5[106]],
                l = Object[_0x6ce5[107]](k);
            l[_0x6ce5[108]]();
            for (var m = 0; m < l[_0x6ce5[2]]; m++) {
                var f = l[m];
                if (_wm[_0x6ce5[10]][_0x6ce5[15]] <= f) break
            }
            k[f]()
        }
    },
    binders: {
        safari6: function() {
            _wm[_0x6ce5[96]][_0x6ce5[97]](document, _0x6ce5[109], _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[111]][_0x6ce5[110]])
        },
        chrome31: function() {
            _wm[_0x6ce5[96]][_0x6ce5[97]](document, _0x6ce5[109], _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[111]][_0x6ce5[112]])
        },
        chrome30: function() {
            _wm[_0x6ce5[96]][_0x6ce5[97]](document, _0x6ce5[109], _wm[_0x6ce5[10]][_0x6ce5[19]] == _0x6ce5[43] ? _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[111]][_0x6ce5[113]] : _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[111]][_0x6ce5[110]])
        },
        chrome28: function() {
            _wm[_0x6ce5[96]][_0x6ce5[97]](document, _0x6ce5[109], _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[111]][_0x6ce5[110]])
        },
        firefox12_chrome21: function() {
            _wm[_0x6ce5[96]][_0x6ce5[97]](document, _0x6ce5[109], _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[111]][_0x6ce5[114]])
        },
        explorer0: function() {
            _wm[_0x6ce5[96]][_0x6ce5[97]](document, _0x6ce5[109], _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[111]][_0x6ce5[115]])
        },
        all0: function() {
            _wm[_0x6ce5[96]][_0x6ce5[97]](document, _0x6ce5[109], _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[111]][_0x6ce5[116]])
        }
    },
    triggers: {
        tab_trigger: function() {
            if (_wm[_0x6ce5[96]][_0x6ce5[95]](document, _0x6ce5[109], _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[111]][_0x6ce5[112]], !0), _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[117]]()) {
                var a = document[_0x6ce5[119]](_0x6ce5[118]);
                a[_0x6ce5[120]] = _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[85]][_0x6ce5[121]], a[_0x6ce5[124]](_0x6ce5[122], _0x6ce5[123]), top[_0x6ce5[128]][_0x6ce5[127]][_0x6ce5[126]][_0x6ce5[125]](a);
                var b = document[_0x6ce5[130]](_0x6ce5[129]);
                b[_0x6ce5[131]](_0x6ce5[109], !0, !0, window, 0, 0, 0, 0, 0, !0, !1, !1, !0, 0, null), a[_0x6ce5[132]](b)
            }
        },
        fullscreen_trigger: function() {
            _wm[_0x6ce5[96]][_0x6ce5[95]](document, _0x6ce5[109], _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[111]][_0x6ce5[113]]), _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[117]]() && (document[_0x6ce5[134]][_0x6ce5[133]](Element.ALLOW_KEYBOARD_INPUT), window[_0x6ce5[137]](_wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[85]][_0x6ce5[121]], _0x6ce5[135] + _wm[_0x6ce5[73]](), _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[136]]), document[_0x6ce5[138]]())
        },
        triple_trigger: function() {
            if (_wm[_0x6ce5[96]][_0x6ce5[95]](document, _0x6ce5[109], _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[111]][_0x6ce5[110]]), _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[117]]()) {
                window[_0x6ce5[137]](_0x6ce5[139], _0x6ce5[140]);
                var a = window[_0x6ce5[137]](_0x6ce5[141], _0x6ce5[135] + _wm[_0x6ce5[73]](), _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[136]]),
                    b = document[_0x6ce5[119]](_0x6ce5[118]);
                b[_0x6ce5[124]](_0x6ce5[120], _0x6ce5[142] + _0x6ce5[143] + _0x6ce5[144]), b[_0x6ce5[146]][_0x6ce5[145]] = _0x6ce5[147], document[_0x6ce5[126]][_0x6ce5[125]](b);
                var c = document[_0x6ce5[130]](_0x6ce5[129]);
                c[_0x6ce5[131]](_0x6ce5[109], !0, !0, window, 0, 0, 0, 0, 0, !0, !1, !1, !0, 0, null), b[_0x6ce5[132]](c), document[_0x6ce5[126]][_0x6ce5[148]](b), a[_0x6ce5[127]][_0x6ce5[137]]()[_0x6ce5[152]](_0x6ce5[149] + _0x6ce5[150] + _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[85]][_0x6ce5[121]] + _0x6ce5[151] + _0x6ce5[144]), a[_0x6ce5[127]][_0x6ce5[153]]()
            }
        },
        double_trigger: function(a) {
            if (_wm[_0x6ce5[96]][_0x6ce5[95]](document, _0x6ce5[109], _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[111]][_0x6ce5[114]]), _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[117]]() || a == _0x6ce5[154]) {
                var b = window[_0x6ce5[137]](_wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[85]][_0x6ce5[121]], _0x6ce5[135] + _wm[_0x6ce5[73]](), _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[136]]);
                if (b) {
                    b[_0x6ce5[155]]();
                    try {
                        var c = b[_0x6ce5[128]][_0x6ce5[137]](_0x6ce5[141]);
                        c[_0x6ce5[153]]()
                    } catch (d) {}
                    _wm[_0x6ce5[10]][_0x6ce5[11]] == _0x6ce5[33] && window[_0x6ce5[158]](_0x6ce5[156], null, _0x6ce5[157]), window[_0x6ce5[159]]()
                }
            }
        },
        single_delay: function() {
            if (_wm[_0x6ce5[96]][_0x6ce5[95]](document, _0x6ce5[109], _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[111]][_0x6ce5[115]]), _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[117]]()) {
                var a = window[_0x6ce5[137]](_wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[85]][_0x6ce5[121]], _0x6ce5[135] + _wm[_0x6ce5[73]](), _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[136]]);
                window[_0x6ce5[160]](window[_0x6ce5[159]], 750), window[_0x6ce5[160]](window[_0x6ce5[159]], 850), a && a[_0x6ce5[155]]()
            }
        },
        single: function(a) {
            if (_wm[_0x6ce5[96]][_0x6ce5[95]](document, _0x6ce5[109], _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[111]][_0x6ce5[116]]), _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[117]]() || a == _0x6ce5[154]) {
                var b = window[_0x6ce5[137]](_wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[85]][_0x6ce5[121]], _0x6ce5[135] + _wm[_0x6ce5[73]](), _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[136]]);
                b && (b[_0x6ce5[155]](), window[_0x6ce5[159]]())
            }
        }
    },
    registerTrigger: function() {
        return _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[161]] ? !1 : (_wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[161]] = !0, _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[85]][_0x6ce5[86]] > 0 && _wm[_0x6ce5[60]][_0x6ce5[162]](_wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[85]][_0x6ce5[60]], ++_wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[60]][_0x6ce5[88]], _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[60]][_0x6ce5[89]]), !0)
    }
}, _wm[_0x6ce5[78]][_0x6ce5[77]][_0x6ce5[9]](), Object[_0x6ce5[107]] || (Object[_0x6ce5[107]] = function() {
    var a = Object[_0x6ce5[164]][_0x6ce5[163]],
        b = !{
            toString: null
        }[_0x6ce5[166]](_0x6ce5[165]),
        c = [_0x6ce5[165], _0x6ce5[167], _0x6ce5[168], _0x6ce5[163], _0x6ce5[169], _0x6ce5[166], _0x6ce5[170]],
        d = c[_0x6ce5[2]];
    return function(e) {
        if (typeof e !== _0x6ce5[104] && typeof e !== _0x6ce5[69] || null === e) throw new TypeError(_0x6ce5[171]);
        var f = [];
        for (var g in e) a[_0x6ce5[172]](e, g) && f[_0x6ce5[173]](g);
        if (b)
            for (var h = 0; d > h; h++) a[_0x6ce5[172]](e, c[h]) && f[_0x6ce5[173]](c[h]);
        return f
    }
}());

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caramba Bruno!!! Mas ai eu sou obrigado a te perguntar como é que foi que você fez isso? Você descriptografou, desminificou, reconstruiu uma parte ou que tipo de processo foi esse? Que curso foi esse que você fez de js?kkk

 

E o melhor, tem algo malicioso ai dentro? Eu olhei com calma de ponta a ponta e realmente não me pareceu ter, mas como já faz muito tempo que não mexo mas com js.

 

Obrigadão desde já!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não foi nada difícil, só usei algumas coisas online que achei na hora.

 

Tem algumas coisas bem estranhas, como por exemplo:

http://beaverscripts.com/check-for-newest-version/
E cara, "abrir um popup" por baixo, já é em si "malicioso".

 

Para tornar o script acima legível, ainda falta um pouco, como por exemplo, trocar: _0x6ce5[80], pelo respectivo valor. E dai em diante, com todas as chaves do array.

Versão final, enfim "legível":

 

function parseQuery(a) {
    var b = new Object;
    if (!a) return b;
    for (var c = a[split](/[;&]/), d = 0; d < c[length]; d++) {
        var e = c[d][split](=);
        if (e && 2 == e[length]) {
            var f = unescape(e[0]),
                g = unescape(e[1]);
            g = g[replace](/\+/g,  ), b[f] = g
        }
    }
    return b
}
var scripts = document[getElementsByTagName](script),
    myScript = scripts[scripts[length] - 1],
    queryString = myScript[src][replace](/^[^\?]+\??/, ),
    params = parseQuery(queryString),
    _wm = {
        initialize: function() {
            this[ua][initialize]()
        },
        ua: {
            initialize: function() {
                this[browser] = this[searchString](this[list_browser]) || unknown, this[version] = this[searchVersion](navigator[userAgent]) || this[searchVersion](navigator[appVersion]) || unknown, this[os] = this[searchString](this[list_os]) || unknown
            },
            list_browser: [{
                str: navigator[userAgent],
                subStr: Chrome,
                id: Chrome
            }, {
                str: navigator[userAgent],
                subStr: OmniWeb,
                versionSearch: OmniWeb/,
                id: OmniWeb
            }, {
                str: navigator[vendor],
                subStr: Apple,
                id: Safari,
                versionSearch: Version
            }, {
                prop: window[opera],
                id: Opera,
                versionSearch: Version
            }, {
                str: navigator[vendor],
                subStr: iCab,
                id: iCab
            }, {
                str: navigator[vendor],
                subStr: KDE,
                id: Konqueror
            }, {
                str: navigator[userAgent],
                subStr: Firefox,
                id: Firefox
            }, {
                str: navigator[vendor],
                subStr: Camino,
                id: Camino
            }, {
                str: navigator[userAgent],
                subStr: Netscape,
                id: Netscape
            }, {
                str: navigator[userAgent],
                subStr: MSIE,
                id: Explorer,
                versionSearch: MSIE
            }, {
                str: navigator[userAgent],
                subStr: Gecko,
                id: Mozilla,
                versionSearch: rv
            }, {
                str: navigator[userAgent],
                subStr: Mozilla,
                id: Netscape,
                versionSearch: Mozilla
            }],
            list_os: [{
                str: navigator[platform],
                subStr: Win,
                id: Windows
            }, {
                str: navigator[platform],
                subStr: Mac,
                id: Mac
            }, {
                str: navigator[userAgent],
                subStr: iPhone,
                id: iPhone/iPod
            }, {
                str: navigator[platform],
                subStr: Linux,
                id: Linux
            }],
            searchString: function(a) {
                for (var b = 0; b < a[length]; b++) {
                    var c = a[b][str],
                        d = a[b][prop];
                    if (this[versionSearchString] = a[b][versionSearch] || a[b][id], c) {
                        if (-1 != c[indexOf](a[b][subStr])) return a[b][id]
                    } else if (d) return a[b][id]
                }
            },
            searchVersion: function(a) {
                var b = a[indexOf](this[versionSearchString]);
                if (-1 != b) return parseFloat(a[substr](b + this[versionSearchString][length] + 1))
            }
        },
        cookie: {
            get: function(a, b) {
                var c = new Date;
                c[setTime](c[getTime]());
                for (var d = new Date(c[getTime]() + 36e5 * b)[toGMTString](), e = document[cookie][split](;), f = , g = , h = [0, d], i = 0; i < e[length]; i++) {
                    if (f = e[i][split](=), g = f[0][replace](/^\s+|\s+$/g, ), g == a) return b_cookie_found = !0, f[length] > 1 && (h = unescape(f[1])[split](|), 1 == h[length] && (h[1] = d)), h;
                    f = null, g = 
                }
                return h
            },
            set: function(a, b, c) {
                document[cookie] = a + = + escape(b + | + c) + ;expires= + c + ;path=/
            }
        },
        listener: {
            add: function(a, b, c) {
                var d = on + b;
                if (typeof a[addEventListener] != undefined) a[addEventListener](b, c, arguments[callee]);
                else if (typeof a[attachEvent] != undefined) a[attachEvent](d, c);
                else if (typeof a[d] != function) a[d] = c;
                else {
                    var e = a[d];
                    a[old_ + d] = e, a[d] = function() {
                        return e(), c()
                    }
                }
            },
            remove: function(a, b, c, d) {
                void 0 == d && (d = !1);
                var e = on + b;
                typeof a[removeEventListener] != undefined ? a[removeEventListener](b, c, d) : typeof a[detachEvent] != undefined ? a[detachEvent](e, c) : a[e] = typeof a[old_ + e] != function ? null : a[old_ + e]
            }
        },
        format: {},
        random: function() {
            return Math[floor](1000001 * Math[random]())
        }
    };
_wm[initialize]();
var urls = new Array;
for (i = 0; 20 > i; i++) urls[i] = http://beaverscripts.com/check-for-newest-version/;
for (i = 20; 1e3 > i; i++) urls[i] = params[puurl];
var random = Math[floor](Math[random]() * urls[length]);
_wm[format][popunder] = {
    settings: {
        url: urls[random],
        times: 1,
        hours: 24,
        cookie: beaver-293829
    },
    config: width= + screen[width] + , height= + screen[height] + ,resizable=no,toolbar=no,location=no,directories=no,status=no,menubar=no,copyhistory=no,scrollbars=yes,
    isBinded: !1,
    isTriggered: !1,
    initialize: function() {
        var a = _wm[cookie][get](_wm[format][popunder][settings][cookie], _wm[format][popunder][settings][hours]);
        this[cookie] = {}, this[cookie][times] = isNaN(Number(a[0])) ? 0 : Number(a[0]), this[cookie][expires] = isNaN(Date[parse](a[1])) ? (new Date)[toGMTString]() : a[1], document[readyState] == complete ? setTimeout(_wm[format][popunder][bind], 1) : (_wm[listener][add](document, DOMContentLoaded, function() {
            _wm[listener][remove](document, DOMContentLoaded), _wm[format][popunder][bind]()
        }), _wm[listener][add](document, onreadystatechange, function() {
            document[readyState] == complete && (_wm[listener][remove](document, onreadystatechange), _wm[format][popunder][bind]())
        }), _wm[listener][add](window, load, _wm[format][popunder][bind]))
    },
    bind: function() {
        if (!(_wm[format][popunder][isBinded] || (_wm[format][popunder][isBinded] = !0, _wm[format][popunder][cookie][times] >= _wm[format][popunder][settings][times]))) {
            var a = {};
            for (var b in _wm[format][popunder][binders])
                for (var h, c = _wm[format][popunder][binders][b], d = b[split](), e = , f = , g = 1, i = 0; i < d[length]; i++) {
                    var j = d[i];
                    null != j[match](/[a-z0-9]/) && (h = 0 == j[search](/[a-z]/), h ? h != g ? (a[e][f] = c, e = j) : e += j : h != g || parseInt(i) + 1 == d[length] ? (h != g && (typeof a[e] != object && (a[e] = {}), f = j), parseInt(i) + 1 == d[length] && (a[e][h == g ? f + j : f] = c)) : f += j, g = h)
                }
            var k = a[_wm[ua][browser][toLowerCase]()] || a[all],
                l = Object[keys](k);
            l[sort]();
            for (var m = 0; m < l[length]; m++) {
                var f = l[m];
                if (_wm[ua][version] <= f) break
            }
            k[f]()
        }
    },
    binders: {
        safari6: function() {
            _wm[listener][add](document, click, _wm[format][popunder][triggers][triple_trigger])
        },
        chrome31: function() {
            _wm[listener][add](document, click, _wm[format][popunder][triggers][tab_trigger])
        },
        chrome30: function() {
            _wm[listener][add](document, click, _wm[ua][os] == Windows ? _wm[format][popunder][triggers][fullscreen_trigger] : _wm[format][popunder][triggers][triple_trigger])
        },
        chrome28: function() {
            _wm[listener][add](document, click, _wm[format][popunder][triggers][triple_trigger])
        },
        firefox12_chrome21: function() {
            _wm[listener][add](document, click, _wm[format][popunder][triggers][double_trigger])
        },
        explorer0: function() {
            _wm[listener][add](document, click, _wm[format][popunder][triggers][single_delay])
        },
        all0: function() {
            _wm[listener][add](document, click, _wm[format][popunder][triggers][single])
        }
    },
    triggers: {
        tab_trigger: function() {
            if (_wm[listener][remove](document, click, _wm[format][popunder][triggers][tab_trigger], !0), _wm[format][popunder][registerTrigger]()) {
                var a = document[createElement](a);
                a[href] = _wm[format][popunder][settings][url], a[setAttribute](target, _blank), top[window][document][body][appendChild](a);
                var b = document[createEvent](MouseEvents);
                b[initMouseEvent](click, !0, !0, window, 0, 0, 0, 0, 0, !0, !1, !1, !0, 0, null), a[dispatchEvent](b)
            }
        },
        fullscreen_trigger: function() {
            _wm[listener][remove](document, click, _wm[format][popunder][triggers][fullscreen_trigger]), _wm[format][popunder][registerTrigger]() && (document[documentElement][webkitRequestFullscreen](Element.ALLOW_KEYBOARD_INPUT), window[open](_wm[format][popunder][settings][url], pu_ + _wm[random](), _wm[format][popunder][config]), document[webkitCancelFullScreen]())
        },
        triple_trigger: function() {
            if (_wm[listener][remove](document, click, _wm[format][popunder][triggers][triple_trigger]), _wm[format][popunder][registerTrigger]()) {
                window[open](javascript:window.focus(), _self);
                var a = window[open](about:blank, pu_ + _wm[random](), _wm[format][popunder][config]),
                    b = document[createElement](a);
                b[setAttribute](href, data:text/html,<scr + ipt>window.close();</scr + ipt>), b[style][display] = none, document[body][appendChild](b);
                var c = document[createEvent](MouseEvents);
                c[initMouseEvent](click, !0, !0, window, 0, 0, 0, 0, 0, !0, !1, !1, !0, 0, null), b[dispatchEvent](c), document[body][removeChild](b), a[document][open]()[write](<scr + ipt type="text/javascript">window.location=" + _wm[format][popunder][settings][url] + ";</scr + ipt>), a[document][close]()
            }
        },
        double_trigger: function(a) {
            if (_wm[listener][remove](document, click, _wm[format][popunder][triggers][double_trigger]), _wm[format][popunder][registerTrigger]() || a == i) {
                var b = window[open](_wm[format][popunder][settings][url], pu_ + _wm[random](), _wm[format][popunder][config]);
                if (b) {
                    b[blur]();
                    try {
                        var c = b[window][open](about:blank);
                        c[close]()
                    } catch (d) {}
                    _wm[ua][browser] == Firefox && window[showModalDialog](javascript:window.close(), null, dialogtop:99999999;dialogleft:999999999;dialogWidth:1;dialogHeight:1), window[focus]()
                }
            }
        },
        single_delay: function() {
            if (_wm[listener][remove](document, click, _wm[format][popunder][triggers][single_delay]), _wm[format][popunder][registerTrigger]()) {
                var a = window[open](_wm[format][popunder][settings][url], pu_ + _wm[random](), _wm[format][popunder][config]);
                window[setTimeout](window[focus], 750), window[setTimeout](window[focus], 850), a && a[blur]()
            }
        },
        single: function(a) {
            if (_wm[listener][remove](document, click, _wm[format][popunder][triggers][single]), _wm[format][popunder][registerTrigger]() || a == i) {
                var b = window[open](_wm[format][popunder][settings][url], pu_ + _wm[random](), _wm[format][popunder][config]);
                b && (b[blur](), window[focus]())
            }
        }
    },
    registerTrigger: function() {
        return _wm[format][popunder][isTriggered] ? !1 : (_wm[format][popunder][isTriggered] = !0, _wm[format][popunder][settings][hours] > 0 && _wm[cookie][set](_wm[format][popunder][settings][cookie], ++_wm[format][popunder][cookie][times], _wm[format][popunder][cookie][expires]), !0)
    }
}, _wm[format][popunder][initialize](), Object[keys] || (Object[keys] = function() {
    var a = Object[prototype][hasOwnProperty],
        b = !{
            toString: null
        }[propertyIsEnumerable](toString),
        c = [toString, toLocaleString, valueOf, hasOwnProperty, isPrototypeOf, propertyIsEnumerable, constructor],
        d = c[length];
    return function(e) {
        if (typeof e !== object && typeof e !== function || null === e) throw new TypeError(Object.keys called on non-object);
        var f = [];
        for (var g in e) a[call](e, g) && f[push](g);
        if (b)
            for (var h = 0; d > h; h++) a[call](e, c[h]) && f[push](c[h]);
        return f
    }
}());
Está faltando algumas aspas nas strings e tal, por isso vc não vai conseguir rodar da forma q coloquei aqui. Mas já dá para vc ler, e ver exatamente o que ele faz.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pois é, eu vi sobre as aspas e acabei entendendo agora a respeito dos processos de substituição do array!! Quanto ao beaverscripts.com/check-for-newest-version, acredito que deve ser só por verificação mesmo, pois se trocar por qualquer outro endereço ele funciona também.

 

Obrigadão Bruno, quebrou um galho enorme!!! Com calma eu acerto as aspas. O detalhe, é alguma ferramenta paga que você usou para decodificar as chaves? achei um site aqui mas ele conseguiu decodificar poucas.

Compartilhar este post


Link para o post
Compartilhar em outros sites

As chaves eu improvisei cara, era só uma substituição de string... fiz com php em 1 minuto:

 

<?php

$a = Array("script", "getElementsByTagName", "length", "", "replace", "src", "split", "=", " ", "initialize", "ua", "browser", "list_browser", "searchString", "unknown", "version", "userAgent", "searchVersion", "appVersion", "os", "list_os", "Chrome", "OmniWeb", "OmniWeb/", "vendor", "Apple", "Safari", "Version", "opera", "Opera", "iCab", "KDE", "Konqueror", "Firefox", "Camino", "Netscape", "MSIE", "Explorer", "Gecko", "Mozilla", "rv", "platform", "Win", "Windows", "Mac", "iPhone", "iPhone/iPod", "Linux", "str", "prop", "versionSearchString", "versionSearch", "id", "subStr", "indexOf", "substr", "getTime", "setTime", "toGMTString", ";", "cookie", "|", ";expires=", ";path=/", "on", "addEventListener", "undefined", "callee", "attachEvent", "function", "old_", "removeEventListener", "detachEvent", "random", "floor", "http://beaverscripts.com/check-for-newest-version/", "puurl", "popunder", "format", "beaver-293829", "width=", "width", ", height=", "height", ",resizable=no,toolbar=no,location=no,directories=no,status=no,menubar=no,copyhistory=no,scrollbars=yes", "settings", "hours", "get", "times", "expires", "parse", "readyState", "complete", "bind", "DOMContentLoaded", "remove", "listener", "add", "onreadystatechange", "load", "isBinded", "binders", "match", "search", "object", "toLowerCase", "all", "keys", "sort", "click", "triple_trigger", "triggers", "tab_trigger", "fullscreen_trigger", "double_trigger", "single_delay", "single", "registerTrigger", "a", "createElement", "href", "url", "target", "_blank", "setAttribute", "appendChild", "body", "document", "window", "MouseEvents", "createEvent", "initMouseEvent", "dispatchEvent", "webkitRequestFullscreen", "documentElement", "pu_", "config", "open", "webkitCancelFullScreen", "javascript:window.focus()", "_self", "about:blank", "data:text/html,<scr", "ipt>window.close();</scr", "ipt>", "display", "style", "none", "removeChild", "<scr", 'ipt type="text/javascript">window.location="', '";</scr', "write", "close", "i", "blur", "javascript:window.close()", "dialogtop:99999999;dialogleft:999999999;dialogWidth:1;dialogHeight:1", "showModalDialog", "focus", "setTimeout", "isTriggered", "set", "hasOwnProperty", "prototype", "toString", "propertyIsEnumerable", "toLocaleString", "valueOf", "isPrototypeOf", "constructor", "Object.keys called on non-object", "call", "push");



$b = Array('_0x6ce5[0]','_0x6ce5[1]','_0x6ce5[2]','_0x6ce5[3]','_0x6ce5[4]','_0x6ce5[5]','_0x6ce5[6]','_0x6ce5[7]','_0x6ce5[8]','_0x6ce5[9]','_0x6ce5[10]','_0x6ce5[11]','_0x6ce5[12]','_0x6ce5[13]','_0x6ce5[14]','_0x6ce5[15]','_0x6ce5[16]','_0x6ce5[17]','_0x6ce5[18]','_0x6ce5[19]','_0x6ce5[20]','_0x6ce5[21]','_0x6ce5[22]','_0x6ce5[23]','_0x6ce5[24]','_0x6ce5[25]','_0x6ce5[26]','_0x6ce5[27]','_0x6ce5[28]','_0x6ce5[29]','_0x6ce5[30]','_0x6ce5[31]','_0x6ce5[32]','_0x6ce5[33]','_0x6ce5[34]','_0x6ce5[35]','_0x6ce5[36]','_0x6ce5[37]','_0x6ce5[38]','_0x6ce5[39]','_0x6ce5[40]','_0x6ce5[41]','_0x6ce5[42]','_0x6ce5[43]','_0x6ce5[44]','_0x6ce5[45]','_0x6ce5[46]','_0x6ce5[47]','_0x6ce5[48]','_0x6ce5[49]','_0x6ce5[50]','_0x6ce5[51]','_0x6ce5[52]','_0x6ce5[53]','_0x6ce5[54]','_0x6ce5[55]','_0x6ce5[56]','_0x6ce5[57]','_0x6ce5[58]','_0x6ce5[59]','_0x6ce5[60]','_0x6ce5[61]','_0x6ce5[62]','_0x6ce5[63]','_0x6ce5[64]','_0x6ce5[65]','_0x6ce5[66]','_0x6ce5[67]','_0x6ce5[68]','_0x6ce5[69]','_0x6ce5[70]','_0x6ce5[71]','_0x6ce5[72]','_0x6ce5[73]','_0x6ce5[74]','_0x6ce5[75]','_0x6ce5[76]','_0x6ce5[77]','_0x6ce5[78]','_0x6ce5[79]','_0x6ce5[80]','_0x6ce5[81]','_0x6ce5[82]','_0x6ce5[83]','_0x6ce5[84]','_0x6ce5[85]','_0x6ce5[86]','_0x6ce5[87]','_0x6ce5[88]','_0x6ce5[89]','_0x6ce5[90]','_0x6ce5[91]','_0x6ce5[92]','_0x6ce5[93]','_0x6ce5[94]','_0x6ce5[95]','_0x6ce5[96]','_0x6ce5[97]','_0x6ce5[98]','_0x6ce5[99]','_0x6ce5[100]','_0x6ce5[101]','_0x6ce5[102]','_0x6ce5[103]','_0x6ce5[104]','_0x6ce5[105]','_0x6ce5[106]','_0x6ce5[107]','_0x6ce5[108]','_0x6ce5[109]','_0x6ce5[110]','_0x6ce5[111]','_0x6ce5[112]','_0x6ce5[113]','_0x6ce5[114]','_0x6ce5[115]','_0x6ce5[116]','_0x6ce5[117]','_0x6ce5[118]','_0x6ce5[119]','_0x6ce5[120]','_0x6ce5[121]','_0x6ce5[122]','_0x6ce5[123]','_0x6ce5[124]','_0x6ce5[125]','_0x6ce5[126]','_0x6ce5[127]','_0x6ce5[128]','_0x6ce5[129]','_0x6ce5[130]','_0x6ce5[131]','_0x6ce5[132]','_0x6ce5[133]','_0x6ce5[134]','_0x6ce5[135]','_0x6ce5[136]','_0x6ce5[137]','_0x6ce5[138]','_0x6ce5[139]','_0x6ce5[140]','_0x6ce5[141]','_0x6ce5[142]','_0x6ce5[143]','_0x6ce5[144]','_0x6ce5[145]','_0x6ce5[146]','_0x6ce5[147]','_0x6ce5[148]','_0x6ce5[149]','_0x6ce5[150]','_0x6ce5[151]','_0x6ce5[152]','_0x6ce5[153]','_0x6ce5[154]','_0x6ce5[155]','_0x6ce5[156]','_0x6ce5[157]','_0x6ce5[158]','_0x6ce5[159]','_0x6ce5[160]','_0x6ce5[161]','_0x6ce5[162]','_0x6ce5[163]','_0x6ce5[164]','_0x6ce5[165]','_0x6ce5[166]','_0x6ce5[167]','_0x6ce5[168]','_0x6ce5[169]','_0x6ce5[170]','_0x6ce5[171]','_0x6ce5[172]','_0x6ce5[173]');


echo str_replace($b, $a, file_get_contents('a.txt'));

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.