¿Cómo descifrar código Javascript encriptado?

  • Autor Autor Wizard
  • Fecha de inicio Fecha de inicio
Wizard

Wizard

Xi
Verificación en dos pasos activada
Verificado por Whatsapp
¡Ha verificado su Paypal!
Buenas amigos, últimamente me estoy encontrando por varios blogs, con códigos js, pero al parecer tienen su código encriptado, así (O similares):

Insertar CODE, HTML o PHP: 
\x67\x63\x6F\x6D\x6D\x65\x6E\x74\x73","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x36\x30\x35","\x42\x4C\x4F\x47\x47\x45\x52","\x46\x49\x4C\x54\x45\x52\x45\x44\x5F\x50\x4F\x53\x54\x4D\x4F\x44","\x72\x65\x6E\x64\x65\x72","\x63\x6F\x6D\x6D\x65\x6E\x74\x73","\x64\x69\x73\x70\x6C\x61\x79","\x6E\x6F\x6E\x65","\x63\x73\x73","\x23\x67\x63\x6F\x6E\x74\x61\x69\x6E\x65\x72","\x62\x6C\x6F\x63\x6B","\x23\x63\x6F\x6D\x6D\x65\x6E\x74\x73","\x63\x6F\x6D\x2D\x6F\x6E","\x61\x64\x64\x43\x6C\x61\x73\x73","\x23\x63\x6F\x6D\x2D\x6E\x6F\x72\x6D","\x72\x65\x6D\x6F\x76\x65\x43\x6C\x61\x73\x73","\x23\x63\x6F\x6D\x2D\x67\x70\x6C\x75\x73","\x73\x72\x63","\x68\x74\x74\x70\x3A\x2F\x2F\x6C\x68\x33\x2E\x67\x6F\x6F\x67\x6C\x65\x75\x73\x65\x72\x63\x6F\x6E\x74\x65\x6E\x74\x2E\x63\x6F\x6D\x2F\x2D\x6E\x66\x72\x6B\x6F\x55\x59\x73\x56\x2D\x45\x2F\x55\x58\x56\x69\x36\x57\x37\x43\x49\x38\x49\x2F\x41\x41\x41\x41\x41\x41\x41\x41\x49\x4C\x6F\x2F\x75\x43\x53\x33\x74\x68\x65\x50\x4B\x58\x55\x2F\x73\x35\x30\x2F\x62\x6C\x6F\x67\x67\x65\x72\x5F\x6F\x6E\x2E\x70\x6E\x67","\x61\x74\x74\x72","\x68\x74\x74\x70\x3A\x2F\x2F\x6C\x68\x36\x2E\x67\x6F\x6F\x67\x6C\x65\x75\x73\x65\x72\x63\x6F\x6E\x74\x65\x6E\x74\x2E\x63\x6F\x6D\x2F\x2D\x77\x6E\x54\x62\x37\x53\x48\x41\x47\x45\x45\x2F\x55\x58\x56\x69\x36\x78\x6F\x48\x58\x41\x49\x2F\x41\x41\x41\x41\x41\x41\x41\x41\x49\x4C\x59\x2F\x36\x76\x78\x35\x45\x6D\x35\x77\x38\x4D\x49\x2F\x73\x35\x30\x2F\x70\x6C\x75\x73\x5F\x6F\x66\x66\x2E\x70\x6E\x67","\x63\x6C\x69\x63\x6B","\x68\x74\x74\x70\x3A\x2F\x2F\x6C\x68\x33\x2E\x67\x6F\x6F\x67\x6C\x65\x75\x73\x65\x72\x63\x6F\x6E\x74\x65\x6E\x74\x2E\x63\x6F\x6D\x2F\x2D\x5A\x44\x78\x6B\x39\x41\x4E\x72\x4C\x4E\x45\x2F\x55\x58\x56\x69\x36\x75\x6C\x4C\x7A\x76\x49\x2F\x41\x41\x41\x41\x41\x41\x41\x41\x49\x4C\x67\x2F\x6A\x69\x55\x79\x38\x72\x4A\x53\x5F\x4F\x6B\x2F\x73\x35\x30\x2F\x62\x6C\x6F\x67\x67\x65\x72\x5F\x6F\x66\x66\x2E\x70\x6E\x67","\x68\x74\x74\x70\x3A\x2F\x2F\x6C\x68\x33\x2E\x67\x6F\x6F\x67\x6C\x65\x75\x73\x65\x72\x63\x6F\x6E\x74\x65\x6E\x74\x2E\x63\x6F\x6D\x2F\x2D\x6F\x4E\x6C\x44\x33\x34\x37\x77\x6C\x33\x6B\x2F\x55\x58\x56\x69\x37\x41\x69\x42\x64\x48\x49\x2F\x41\x41\x41\x41\x41\x41\x41\x41\x49\x4C\x63\x2F\x4E\x78\x41\x79\x62\x38\x66\x77\x45\x66\x49\x2F\x73\x35\x30\x2F\x70\x6C\x75\x73\x5F\x6F\x6E\x2E\x70\x6E\x67","\x68\x61\x73\x43\x6C\x61\x73\x73","\x68\x6F\x76\x65\x72","\x3C\x61\x20\x68\x72\x65\x66\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x6D\x79\x62\x6C\x6F\x67\x67\x65\x72\x6C\x61\x62\x2E\x63\x6F\x6D\x22\x3E\x47\x65\x74\x20\x54\x68\x69\x73\x20\x57\x69\x64\x67\x65\x74\x3C\x2F\x61\x3E","\x68\x74\x6D\x6C","\x23\x6D\x62\x6C\x72\x69\x67\x68\x74\x73","\x6C\x65\x6E\x67\x74\x68","\x23\x6D\x62\x6C\x72\x69\x67\x68\x74\x73\x3A\x76\x69\x73\x69\x62\x6C\x65","\x68\x72\x65\x66","\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x6D\x79\x62\x6C\x6F\x67\x67\x65\x72\x6C\x61\x62\x2E\x63\x6F\x6D"];gapi[_0x4c2d[6]][_0x4c2d[5]](_0x4c2d[0],{href:window[_0x4c2d[1]],width:_0x4c2d[2],first_party_property:_0x4c2d[3],view_type:_0x4c2d[4]});$(_0x4c2d[15])[_0x4c2d[22]](function (){$(_0x4c2d[10])[_0x4c2d[9]](_0x4c2d[7],_0x4c2d[8]);$(_0x4c2d[12])[_0x4c2d[9]](_0x4c2d[7],_0x4c2d[11]);$(_0x4c2d[15])[_0x4c2d[14]](_0x4c2d[13]);$(_0x4c2d[17])[_0x4c2d[16]](_0x4c2d[13]);$(_0x4c2d[15])[_0x4c2d[20]](_0x4c2d[18],_0x4c2d[19]);$(_0x4c2d[17])[_0x4c2d[20]](_0x4c2d[18],_0x4c2d[21]);} );$(_0x4c2d[17])[_0x4c2d[22]](function (){$(_0x4c2d[12])[_0x4c2d[9]](_0x4c2d[7],_0x4c2d[8]);$(_0x4c2d[10])[_0x4c2d[9]](_0x4c2d[7],_0x4c2d[11]);$(_0x4c2d[15])[_0x4c2d[16]](_0x4c2d[13]);$(_0x4c2d[17])[_0x4c2d[14]](_0x4c2d[13]);$(_0x4c2d[15])[_0x4c2d[20]](_0x4c2d[18],_0x4c2d[23]);$(_0x4c2d[17])[_0x4c2d[20]](_0x4c2d[18],_0x4c2d[24]);} );$(_0x4c2d[15])[_0x4c2d[26]](function (){if(!$(_0x4c2d[15])[_0x4c2d[25]](_0x4c2d[13])){$(_0x4c2d[15])[_0x4c2d[20]](_0x4c2d[18],_0x4c2d[19]);} ;} ,function (){if(!$(_0x4c2d[15])[_0x4c2d[25]](_0x4c2d[13])){$(_0x4c2d[15])[_0x4c2d[20]](_0x4c2d[18],_0x4c2d[23]);} ;} );$(_0x4c2d[17])[_0x4c2d[26]](function (){if(!$(_0x4c2d[17])[_0x4c2d[25]](_0x4c2d[13])){$(_0x4c2d[17])[_0x4c2d[20]](_0x4c2d[18],_0x4c2d[24]);} ;} ,function (){if(!$(_0x4c2d[17])[_0x4c2d[25]](_0x4c2d[13])){$(_0x4c2d[17])[_0x4c2d[20]](_0x4c2d[18],_0x4c2d[21]);} ;} );$(_0x4c2d[29])[_0x4c2d[28]](_0x4c2d[27]);setInterval(function (){if(!$(_0x4c2d[31])[_0x4c2d[30]]){window[_0x4c2d[1]][_0x4c2d[32]]=_0x4c2d[33];} ;} ,3000);

alguien sabe como puedo descifrarlo?
 
La primera parte es esta:

Insertar CODE, HTML o PHP: 
gcomments","location","605","BLOGGER","FILTERED_POSTMOD","render","comments","display","none","css","#gcontainer","block","#comments","com-on","addClass","#com-norm","removeClass","#com-gplus","src","http://lh3.googleusercontent.com/-nfrkoUYsV-E/UXVi6W7CI8I/AAAAAAAAILo/uCS3thePKXU/s50/blogger_on.png","attr","http://lh6.googleusercontent.com/-wnTb7SHAGEE/UXVi6xoHXAI/AAAAAAAAILY/6vx5Em5w8MI/s50/plus_off.png","click","http://lh3.googleusercontent.com/-ZDxk9ANrLNE/UXVi6ulLzvI/AAAAAAAAILg/jiUy8rJS_Ok/s50/blogger_off.png","http://lh3.googleusercontent.com/-oNlD347wl3k/UXVi7AiBdHI/AAAAAAAAILc/NxAyb8fwEfI/s50/plus_on.png","hasClass","hover","<a href="http://www.mybloggerlab.com">Get This Widget</a>","html","#mblrights","length","#mblrights:visible","href","http://www.mybloggerlab.com"]

Respecto a lo otro, es ofuscación de código y es un poco más complicada de limpiar (no por complejidad, si no por ser muy tediosa).
 
WindHack dijo:
La primera parte es esta:

Insertar CODE, HTML o PHP: 
gcomments","location","605","BLOGGER","FILTERED_POSTMOD","render","comments","display","none","css","#gcontainer","block","#comments","com-on","addClass","#com-norm","removeClass","#com-gplus","src","http://lh3.googleusercontent.com/-nfrkoUYsV-E/UXVi6W7CI8I/AAAAAAAAILo/uCS3thePKXU/s50/blogger_on.png","attr","http://lh6.googleusercontent.com/-wnTb7SHAGEE/UXVi6xoHXAI/AAAAAAAAILY/6vx5Em5w8MI/s50/plus_off.png","click","http://lh3.googleusercontent.com/-ZDxk9ANrLNE/UXVi6ulLzvI/AAAAAAAAILg/jiUy8rJS_Ok/s50/blogger_off.png","http://lh3.googleusercontent.com/-oNlD347wl3k/UXVi7AiBdHI/AAAAAAAAILc/NxAyb8fwEfI/s50/plus_on.png","hasClass","hover","<a rel="nofollow" href="http://www.mybloggerlab.com">Get This Widget</a>","html","#mblrights","length","#mblrights:visible","href","http://www.mybloggerlab.com"]

Respecto a lo otro, es ofuscación de código y es un poco más complicada de limpiar (no por complejidad, si no por ser muy tediosa).
Hacer clic para expandir...

Y como has hecho para obtener esa primera parte amigo?, me interesa aprender ya que tengo un monton de códigos de esa manera! 🙁
 
This is illegal. 🙂
 
depende que material quieras descifrar si es ilegal y puedes tener problemas por algo esta asi.
 
Envían a enviar una queja, es el derecho de los desarrolladores
 
Hola chicos buen dia. Tengo el mismo inconveniente. Compre un plugin y esta encriptado de la misma forma. Prove con Ddecode y parece que no funciona. Alguien puede ayudarme. Una linea del plugin es asi:
function webhook() {
header("\103\x6f\x6e\164\x65\156\164\55\x74\x79\x70\x65\72\x20\x61\x70\160\154\x69\x63\x61\x74\x69\x6f\156\57\152\x73\x6f\156", "\110\124\x54\x50\x2f\x31\56\61\x20\62\60\x30\x20\x4f\113");
$postBodyRaw = file_get_contents("\160\x68\x70\x3a\x2f\x2f\x69\x6e\x70\x75\164");
if ($postBodyRaw) {
$qr_reponse = json_decode($postBodyRaw);
if ($qr_reponse - > action && $qr_reponse - > live_mode) {
if ($qr_reponse - > data - > id) {
$curl = curl_init();
curl_setopt_array($curl, array(CURLOPT_URL => "\150\x74\x74\160\163\72\x2f\57\141\x70\x69\56\155\x65\162\143\141\144\157\x70\141\x67\x6f\56\143\x6f\x6d\x2f\166\x31\x2f\160\141\x79\155\145\156\x74\x73\57".$qr_reponse - > data - > id, CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => '', CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 0, CURLOPT_FOLLOWLOCATION => true, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "\107\x45\124", CURLOPT_HTTPHEADER => array("\x41\165\164\150\157\162\x69\172\141\164\x69\157\156\72\40\x42\145\141\162\x65\x72\x20\101\x50\120\137\125\x53\x52\55\x35\62\x33\70\x31\63\67\x30\x36\x34\x36\66\x32\71\x33\66\x2d\x30\x34\62\60\61\60\55\67\x64\x31\x32\x36\x30\x35\x30\x36\146\62\60\67\63\63\x38\144\145\x61\65\x30\145\71\141\62\x62\66\x31\x66\x39\x64\146\137\137\x4c\101\x5f\x4c\x43\x5f\x5f\x2d\x31\67\71\x33\65\x30\66\x37\65")));
$response = curl_exec($curl);
curl_close($curl);
$paymentdata = json_decode($response);
$order_id = trim($paymentdata - > external_reference, "\x51\122\55");
update_post_meta($order_id, "\x71\162\x5f\162\145\x73\x70\157\x73\x65", $response);
if ($paymentdata - > status == "\141\x70\160\162\157\166\x65\x64") {
update_post_meta($order_id, "\x71\162\x5f\x73\164\x61\164\165\x73", $paymentdata - > status);
$order = wc_get_order($order_id);
$order - > add_order_note("\x4d\x65\x72\143\x61\x64\x6f\x20\x50\x61\x67\157\x20\x51\x52\x3a\x20".__("\120\x61\171\x6d\145\x6e\164\40\x61\160\160\x72\x6f\x76\x65\x64\x2e", "\x77\x61\156\144\x65\162\x6c\x75\163\x74\x2d\161\162"));
$order = wc_get_order($order_id);
$order - > payment_complete();
 
maurozx27 dijo:
Hola chicos buen dia. Tengo el mismo inconveniente. Compre un plugin y esta encriptado de la misma forma. Prove con Ddecode y parece que no funciona. Alguien puede ayudarme. Una linea del plugin es asi:
Hacer clic para expandir...
Busca como decodificar secuencias de escape en hexadecimal.

El problema con el código ofuscado es que es muy tedioso de "convertir" a texto legible (esa es la intención), y solo cambiar esas secuencias de escape no garantiza que puedas recuperar el código original, porque se usan otras técnicas.

Lo que si podrías hacer es ingeniería inversa, fijate qué y como hace las cosas, e intenta replicarlo por cuenta propia.
 
Alfredo Ramos dijo:
Busca como decodificar secuencias de escape en hexadecimal.

El problema con el código ofuscado es que es muy tedioso de "convertir" a texto legible (esa es la intención), y solo cambiar esas secuencias de escape no garantiza que puedas recuperar el código original, porque se usan otras técnicas.

Lo que si podrías hacer es ingeniería inversa, fijate qué y como hace las cosas, e intenta replicarlo por cuenta propia.
Hacer clic para expandir...
Muchas veces desencriptar no lo hace bien, peor en plugins.
 
maurozx27 dijo:
Hola chicos buen dia. Tengo el mismo inconveniente. Compre un plugin y esta encriptado de la misma forma. Prove con Ddecode y parece que no funciona. Alguien puede ayudarme. Una linea del plugin es asi:
function webhook() {
header("\103\x6f\x6e\164\x65\156\164\55\x74\x79\x70\x65\72\x20\x61\x70\160\154\x69\x63\x61\x74\x69\x6f\156\57\152\x73\x6f\156", "\110\124\x54\x50\x2f\x31\56\61\x20\62\60\x30\x20\x4f\113");
$postBodyRaw = file_get_contents("\160\x68\x70\x3a\x2f\x2f\x69\x6e\x70\x75\164");
if ($postBodyRaw) {
$qr_reponse = json_decode($postBodyRaw);
if ($qr_reponse - > action && $qr_reponse - > live_mode) {
if ($qr_reponse - > data - > id) {
$curl = curl_init();
curl_setopt_array($curl, array(CURLOPT_URL => "\150\x74\x74\160\163\72\x2f\57\141\x70\x69\56\155\x65\162\143\141\144\157\x70\141\x67\x6f\56\143\x6f\x6d\x2f\166\x31\x2f\160\141\x79\155\145\156\x74\x73\57".$qr_reponse - > data - > id, CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => '', CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 0, CURLOPT_FOLLOWLOCATION => true, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "\107\x45\124", CURLOPT_HTTPHEADER => array("\x41\165\164\150\157\162\x69\172\141\164\x69\157\156\72\40\x42\145\141\162\x65\x72\x20\101\x50\120\137\125\x53\x52\55\x35\62\x33\70\x31\63\67\x30\x36\x34\x36\66\x32\71\x33\66\x2d\x30\x34\62\60\61\60\55\67\x64\x31\x32\x36\x30\x35\x30\x36\146\62\60\67\63\63\x38\144\145\x61\65\x30\145\71\141\62\x62\66\x31\x66\x39\x64\146\137\137\x4c\101\x5f\x4c\x43\x5f\x5f\x2d\x31\67\71\x33\65\x30\66\x37\65")));
$response = curl_exec($curl);
curl_close($curl);
$paymentdata = json_decode($response);
$order_id = trim($paymentdata - > external_reference, "\x51\122\55");
update_post_meta($order_id, "\x71\162\x5f\162\145\x73\x70\157\x73\x65", $response);
if ($paymentdata - > status == "\141\x70\160\162\157\166\x65\x64") {
update_post_meta($order_id, "\x71\162\x5f\x73\164\x61\164\165\x73", $paymentdata - > status);
$order = wc_get_order($order_id);
$order - > add_order_note("\x4d\x65\x72\143\x61\x64\x6f\x20\x50\x61\x67\157\x20\x51\x52\x3a\x20".__("\120\x61\171\x6d\145\x6e\164\40\x61\160\160\x72\x6f\x76\x65\x64\x2e", "\x77\x61\156\144\x65\162\x6c\x75\163\x74\x2d\161\162"));
$order = wc_get_order($order_id);
$order - > payment_complete();
Hacer clic para expandir...
JavaScript: 
header("Content-type: application/json", "HTTP/1.1 200 OK");

$postBodyRaw = file_get_contents("php://input");

curl_setopt_array($curl, array(CURLOPT_URL => "https://api.mercadopago.com/v1/payments/".$qr_reponse - > data - > id, CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => '', CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 0, CURLOPT_FOLLOWLOCATION => true, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "\107\x45\124", CURLOPT_HTTPHEADER => array("Authorization: Bearer APP_USR-5238137064662936-042010-7d1260506f207338dea50e9a2b61f9df__LA_LC__-179350675")));

$order_id = trim($paymentdata - > external_reference, "QR-");

update_post_meta($order_id, "qr_respose", $response);

if ($paymentdata - > status == "approved") {

update_post_meta($order_id, "qr_status", $paymentdata - > status);

$order - > add_order_note("Mercado Pago QR: ".__("Payment approved.", "wanderlust-qr"));

🤭
 
Puko dijo:
JavaScript: 
header("Content-type: application/json", "HTTP/1.1 200 OK");

$postBodyRaw = file_get_contents("php://input");

curl_setopt_array($curl, array(CURLOPT_URL => "https://api.mercadopago.com/v1/payments/".$qr_reponse - > data - > id, CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => '', CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 0, CURLOPT_FOLLOWLOCATION => true, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "\107\x45\124", CURLOPT_HTTPHEADER => array("Authorization: Bearer APP_USR-5238137064662936-042010-7d1260506f207338dea50e9a2b61f9df__LA_LC__-179350675")));

$order_id = trim($paymentdata - > external_reference, "QR-");

update_post_meta($order_id, "qr_respose", $response);

if ($paymentdata - > status == "approved") {

update_post_meta($order_id, "qr_status", $paymentdata - > status);

$order - > add_order_note("Mercado Pago QR: ".__("Payment approved.", "wanderlust-qr"));

🤭
Hacer clic para expandir...
Por quee los programadores mas pro del internet tiene fotos Darks dee perfil?

Y por que el tiene siempre buenas y bonitas imágenes de perfil?
9679.jpg
 
Hay que estar conectado o registrado para responder aquí.

Temas similares

iCode
Ayuda a Desencriptar (desofuscar) código JavaScript
Respuestas
2
Visitas
2K
dreambreaker
dreambreaker
xaiborweb
Convertir función javascript en php
Respuestas
4
Visitas
556
elChapo
elChapo
A
Sacar estos estilos dentro de un java encriptado/desencriptado
Respuestas
0
Visitas
540
AlexxxBcN
A
Graciano
Ayuda quien me puede desencriptar este SCRIPT
Respuestas
7
Visitas
1K
Luis Navarrete
Luis Navarrete
P
Amigo una ayudita donde puedo hacer esto!
Respuestas
2
Visitas
487
epicmedia
E
Atrás
Arriba