Cara UnPacker JavaScript Eval

Cara UnPacker JavaScript Eval

23.37
Aku akan membahas masalah JavaScript yang terdapat di Template/ hasil download-an/ lain-lain yang cukup aneh, sangat sulit untuk dibaca dan dimengerti.
Sebagai contoh lihat gambar berikut:

Script Packed by Dean Edwards
Script Packed by Dean Edwards
Ini merupakan salah satu ciri Script JavaScript yang telah di Packed dengan metode Dean Edwards.
Jika kamu menemukan hal serupa, silahkan ikuti langkah demi langkah yang aku buat berikut untuk unPacked script-nya supaya bisa dibaca dengan mudah sebagai standar JavaScript dan memastikan bahwa itu bukan Malware yang disisipkan oleh Creator JavaScript.

Contoh JavaScript yang telah Packed di situs Dean Edwards:
JavaScript Packed 

var _0xb12e=["3 1K(a){(3(e){2 i={1e:x22x22,I:4,1y:G,1s:x22#1Mx22,19:1W,18:x222bx22,1m:x222d://1.2H.2G.2F/-2E/2D/2C/2B/2w/2v.2ux22,1l:[x222tx22,x222sx22,x222rx22,x222qx22,x222px22,x222ox22,x222nx22,x222mx22,x222jx22,x222ix22,x222hx22,x222gx22],L:J};i=e.2f({},i,a);2 h=e(i.1s);2 b=i.1e;2 d=i.I*1E;B(i.1e===x22x22){b=1d.1t.28+x22//x22+1d.1t.20}h.1w(x27x3CF Y=x221Yx22x3Ex3Ca P=x22#x22 Y=x221bx22x3E1bx3C/ax3Ex3Ca P=x22#x22 Y=x2211x22x3E11x3C/ax3Ex3C/Fx3Ex3CF Y=x22Ex22x3Ex3C1a C=x221Rx22x3Ex3C/1ax3Ex3C/Fx3Ex27).1N(i.18);2 g=3(z){2 t,k,r,o,x,A,s,w,y,u,n=x22x22,v=z.1q.1L;O(2 q=0;qx3Cv.K;q++){O(2 p=0;px3Cv[q].H.K;p++){B(v[q].H[p].1v==x221Jx22){t=v[q].H[p].P;1i}}O(2 m=0;mx3Cv[q].H.K;m++){B(v[q].H[m].1v==x221Ix22x26x26v[q].H[m].1H==x221G/1wx22){r=v[q].H[m].1k.1F(x22 x22)[0];1i}}B(x221D$1Cx22N v[q]){x=v[q].1D$1C.M.1z(/x5C/s[0-9]+x5C-c/g,x22/sx22+i.19+x22-cx22)}1f{x=i.1m.1z(/x5C/s[0-9]+(x5C-c|x5C/)/,x22/sx22+i.19+x22$1x22)}k=v[q].1k.$t;u=v[q].1c.$t.Z(0,10);o=v[q].1O[0].1P.$t;A=u.Z(0,4);s=u.Z(5,7);w=u.Z(8,10);y=i.1l[1Q(s,10)-1];n+=x27x3CDx3Ex3Ca 1S=x221Tx22 P=x22x27+t+x27x22x3Ex3CF C=x221Ux22x3Ex3C/Fx3Ex3C1V C=x221nx22 1X=x22x27+x+x27x22/x3Ex3C1Bx3Ex27+k+x27x3C/1Bx3Ex3C/ax3Ex3CF C=x221Zx22x3Ex3C6 C=x2221x22x3Ex3C6 C=x2222x22x3Ex27+w+x27x3C/6x3Ex3C6 C=x2223x22x3Ex27+y+x27x3C/6x3Ex3C6 C=x2224x22x3Ex27+A+x27x3C/6x3Ex3C/6x3Ex3C6 C=x2225x22x3Ex27+o+x27x3C/6x3Ex3C6 C=x2226x22x3Ex27+r+x22x3C/6x3Ex3C/Fx3Ex3C/Dx3Ex22}e(x221ax22,h).27(n)};2 c=3(o){V=o.1q.29$2a.$t;B(Vx3C=i.I){i.I=V}2 j=[];2c(j.Kx3Ci.I){2 q=1o.2e(1o.1n()*V);2 p=J;O(2 n=0;nx3Cj.K;n++){B(j[n]==q){p=G;1i}}B(!p){j[j.K]=q}}2 m=x22/-/x22+i.L;B(i.L===J){m=x22x22}B(i.1y===G){O(2 l=0;lx3Ci.I;l++){e.17({M:b+x22/16/15/14x22+m+x22?2k-2l=x22+j[l]+x22x2613-12=1x261x=1cx26X=W-N-Ux22,T:g,S:x22Rx22,Q:G})}}1f{e.17({M:b+x22/16/15/14x22+m+x22?13-12=x22+i.I+x22x261x=1cx26X=W-N-Ux22,T:g,S:x22Rx22,Q:G})}};2 f=3(){B(i.L===J){e.17({M:b+x22/16/15/14?13-12=0x26X=W-N-Ux22,T:c,S:x22Rx22,Q:G})}1f{e.17({M:b+x22/16/15/14/-/x22+i.L+x22?13-12=0x26X=W-N-Ux22,T:c,S:x22Rx22,Q:G})}e(1d).2x(x222yx22,3(){2z(3(){2 k=2A;2 l=1r(x221p()x22,k);e(x22#E D:1gx22).1A(e(x22#E D:1hx22));e(x22#1bx22).1j(3(){e(x22#E D:1gx22).1A(e(x22#E D:1hx22));1u J});e(x22#11x22).1j(3(){e(x22#E D:1hx22).2I(e(x22#E D:1gx22));1u J});e(x22#Ex22).2J(3(){2K(l)},3(){l=1r(x221p()x22,k)});3 j(){e(x22#11x22).1j()}h.2L(i.18)},d)})};e(2M).2N(f)})(2O)};","|","split","||var|function|||span|||||||||||||||||||||||||||||||if|class|li|slides|div|true|link|MaxPost|false|length|tagName|url|in|for|href|cache|jsonp|dataType|success|script|Total_Posts_Number|json|alt|id|substring||next|results|max|default|posts|feeds|ajax|loadingClass|ImageSize|ul|prev|published|window|blogURL|else|first|last|break|click|title|MonthNames|pBlank|random|Math|rotate|feed|setInterval|idcontaint|location|return|rel|html|orderby|RandompostActive|replace|before|h4|thumbnail|media|600|split|text|type|replies|alternate|RandomPost|entry|randompost|addClass|author|name|parseInt|randomnya|target|_blank|overlayx|img|100|src|buttons|label_text|host|date|dd|dm|dy|autname|cmnum|append|protocol|openSearch|totalResults|loadingxx|while|http|ceil|extend|Dec|Nov|Oct|Sep|start|index|Aug|Jul|Jun|May|Apr|Mar|Feb|Jan|gif|grey|s1600|bind|load|setTimeout|5000|e7XkFtErqsU|AAAAAAAABAU|Tp0KrMUdoWI|htG7vy9vIAA|com|blogspot|bp|after|hover|clearInterval|removeClass|document|ready|jQuery","","fromCharCode","replace","x5Cw+","x5Cb","g"];eval(function (p,a,c,k,e,r){e=function (c){return (c<a a="" c="c%a)" e="" href="https://www.blogger.com/null" parseint="" xb12e="">35?String[_0xb12e[5]](c+29):c.toString(36));} ;if(!_0xb12e[4][_0xb12e[6]](/^/,String)){while(c--){r[e(c)]=k[c]||e(c);} ;k=[function (e){return r[e];} ];e=function (){return _0xb12e[7];} ;c=1;} ;while(c--){if(k[c]){p=p[_0xb12e[6]]( new RegExp(_0xb12e[8]+e(c)+_0xb12e[8],_0xb12e[9]),k[c]);} ;} ;return p;} (_0xb12e[0],62,175,_0xb12e[3][_0xb12e[2]](_0xb12e[1]),0,{}));

Cara UnPack JavaScript
1. Masuk ke http://matthewfl.com/unPacker.html
2. Copy-Paste JavaScript Packed pada kolom atas (keterangan: Jangan sampai tanda ; di akhir.)

JavaScript Packed

var _0xb12e=["3 1K(a){(3(e){2 i={1e:x22x22,I:4,1y:G,1s:x22#1Mx22,19:1W,18:x222bx22,1m:x222d://1.2H.2G.2F/-2E/2D/2C/2B/2w/2v.2ux22,1l:[x222tx22,x222sx22,x222rx22,x222qx22,x222px22,x222ox22,x222nx22,x222mx22,x222jx22,x222ix22,x222hx22,x222gx22],L:J};i=e.2f({},i,a);2 h=e(i.1s);2 b=i.1e;2 d=i.I*1E;B(i.1e===x22x22){b=1d.1t.28+x22//x22+1d.1t.20}h.1w(x27x3CF Y=x221Yx22x3Ex3Ca P=x22#x22 Y=x221bx22x3E1bx3C/ax3Ex3Ca P=x22#x22 Y=x2211x22x3E11x3C/ax3Ex3C/Fx3Ex3CF Y=x22Ex22x3Ex3C1a C=x221Rx22x3Ex3C/1ax3Ex3C/Fx3Ex27).1N(i.18);2 g=3(z){2 t,k,r,o,x,A,s,w,y,u,n=x22x22,v=z.1q.1L;O(2 q=0;qx3Cv.K;q++){O(2 p=0;px3Cv[q].H.K;p++){B(v[q].H[p].1v==x221Jx22){t=v[q].H[p].P;1i}}O(2 m=0;mx3Cv[q].H.K;m++){B(v[q].H[m].1v==x221Ix22x26x26v[q].H[m].1H==x221G/1wx22){r=v[q].H[m].1k.1F(x22 x22)[0];1i}}B(x221D$1Cx22N v[q]){x=v[q].1D$1C.M.1z(/x5C/s[0-9]+x5C-c/g,x22/sx22+i.19+x22-cx22)}1f{x=i.1m.1z(/x5C/s[0-9]+(x5C-c|x5C/)/,x22/sx22+i.19+x22$1x22)}k=v[q].1k.$t;u=v[q].1c.$t.Z(0,10);o=v[q].1O[0].1P.$t;A=u.Z(0,4);s=u.Z(5,7);w=u.Z(8,10);y=i.1l[1Q(s,10)-1];n+=x27x3CDx3Ex3Ca 1S=x221Tx22 P=x22x27+t+x27x22x3Ex3CF C=x221Ux22x3Ex3C/Fx3Ex3C1V C=x221nx22 1X=x22x27+x+x27x22/x3Ex3C1Bx3Ex27+k+x27x3C/1Bx3Ex3C/ax3Ex3CF C=x221Zx22x3Ex3C6 C=x2221x22x3Ex3C6 C=x2222x22x3Ex27+w+x27x3C/6x3Ex3C6 C=x2223x22x3Ex27+y+x27x3C/6x3Ex3C6 C=x2224x22x3Ex27+A+x27x3C/6x3Ex3C/6x3Ex3C6 C=x2225x22x3Ex27+o+x27x3C/6x3Ex3C6 C=x2226x22x3Ex27+r+x22x3C/6x3Ex3C/Fx3Ex3C/Dx3Ex22}e(x221ax22,h).27(n)};2 c=3(o){V=o.1q.29$2a.$t;B(Vx3C=i.I){i.I=V}2 j=[];2c(j.Kx3Ci.I){2 q=1o.2e(1o.1n()*V);2 p=J;O(2 n=0;nx3Cj.K;n++){B(j[n]==q){p=G;1i}}B(!p){j[j.K]=q}}2 m=x22/-/x22+i.L;B(i.L===J){m=x22x22}B(i.1y===G){O(2 l=0;lx3Ci.I;l++){e.17({M:b+x22/16/15/14x22+m+x22?2k-2l=x22+j[l]+x22x2613-12=1x261x=1cx26X=W-N-Ux22,T:g,S:x22Rx22,Q:G})}}1f{e.17({M:b+x22/16/15/14x22+m+x22?13-12=x22+i.I+x22x261x=1cx26X=W-N-Ux22,T:g,S:x22Rx22,Q:G})}};2 f=3(){B(i.L===J){e.17({M:b+x22/16/15/14?13-12=0x26X=W-N-Ux22,T:c,S:x22Rx22,Q:G})}1f{e.17({M:b+x22/16/15/14/-/x22+i.L+x22?13-12=0x26X=W-N-Ux22,T:c,S:x22Rx22,Q:G})}e(1d).2x(x222yx22,3(){2z(3(){2 k=2A;2 l=1r(x221p()x22,k);e(x22#E D:1gx22).1A(e(x22#E D:1hx22));e(x22#1bx22).1j(3(){e(x22#E D:1gx22).1A(e(x22#E D:1hx22));1u J});e(x22#11x22).1j(3(){e(x22#E D:1hx22).2I(e(x22#E D:1gx22));1u J});e(x22#Ex22).2J(3(){2K(l)},3(){l=1r(x221p()x22,k)});3 j(){e(x22#11x22).1j()}h.2L(i.18)},d)})};e(2M).2N(f)})(2O)};","|","split","||var|function|||span|||||||||||||||||||||||||||||||if|class|li|slides|div|true|link|MaxPost|false|length|tagName|url|in|for|href|cache|jsonp|dataType|success|script|Total_Posts_Number|json|alt|id|substring||next|results|max|default|posts|feeds|ajax|loadingClass|ImageSize|ul|prev|published|window|blogURL|else|first|last|break|click|title|MonthNames|pBlank|random|Math|rotate|feed|setInterval|idcontaint|location|return|rel|html|orderby|RandompostActive|replace|before|h4|thumbnail|media|600|split|text|type|replies|alternate|RandomPost|entry|randompost|addClass|author|name|parseInt|randomnya|target|_blank|overlayx|img|100|src|buttons|label_text|host|date|dd|dm|dy|autname|cmnum|append|protocol|openSearch|totalResults|loadingxx|while|http|ceil|extend|Dec|Nov|Oct|Sep|start|index|Aug|Jul|Jun|May|Apr|Mar|Feb|Jan|gif|grey|s1600|bind|load|setTimeout|5000|e7XkFtErqsU|AAAAAAAABAU|Tp0KrMUdoWI|htG7vy9vIAA|com|blogspot|bp|after|hover|clearInterval|removeClass|document|ready|jQuery","","fromCharCode","replace","x5Cw+","x5Cb","g"];eval(function (p,a,c,k,e,r){e=function (c){return (c<a a="" c="c%a)" e="" href="https://www.blogger.com/null" parseint="" xb12e="">35?String[_0xb12e[5]](c+29):c.toString(36));} ;if(!_0xb12e[4][_0xb12e[6]](/^/,String)){while(c--){r[e(c)]=k[c]||e(c);} ;k=[function (e){return r[e];} ];e=function (){return _0xb12e[7];} ;c=1;} ;while(c--){if(k[c]){p=p[_0xb12e[6]]( new RegExp(_0xb12e[8]+e(c)+_0xb12e[8],_0xb12e[9]),k[c]);} ;} ;return p;} (_0xb12e[0],62,175,_0xb12e[3][_0xb12e[2]](_0xb12e[1]),0,{}))

3. Klik tombol UnPack
4. Jika berhasil maka kode javascript asli akan muncul di kolom bawah

Screenshot: Cara UnPack JavaScript
Screenshot: Cara UnPack JavaScript

Untuk merapatkan JavaScript yang sudah di UnPacked/ JavaScript asli:
1. Masuk ke http://dean.edwards.name/packer/
2. Copy-paste JavaScript pada kolom atas (kolom Paste:)
3. Jangan beri centang pada combo "Base62 encode" dan "Shrink variables"
4. Klik tombol Pack
5. Jika berhasil maka JavaScript tersebut akan merapat (tanpa Spasi) seperti di gambar (kolom Copy:)

Screenshot: Merapatkan JavaScript
Screenshot: Merapatkan JavaScript

Dan masalah selesai. Jika ada pertanyaan atau ada yang kurang paham, silahkan berkomentar.
Terimakasih. Semoga bermanfaat.
Unknown

Share this

Related Posts

Next
« Prev Post
Previous
Next Post »

Langganan: Posting Komentar (Atom)