Printing output to chrome console

Question

Let's assume I have following javascript code:

<script type="text/javascript">
var x="function f(x){var i,o=\"\",l=x.length;for(i=0;i<l;i+=2) {if(i+1<l)o+=" +
"x.charAt(i+1);try{o+=x.charAt(i);}catch(e){}}return o;}f(\"ufcnitnof x({)av" +
" r,i=o\\\"\\\"o,=l.xelgnhtl,o=;lhwli(e.xhcraoCedtAl(1/)3=!84{)rt{y+xx=l;=+;" +
"lc}tahce({)}}of(r=i-l;1>i0=i;--{)+ox=c.ahAr(t)i};erutnro s.buts(r,0lo;)f}\\" +
"\"(0),4\\\"\\\\01\\\\0t\\\\\\\\\\\\03\\\\06\\\\03\\\\\\\\24\\\\03\\\\01\\\\" +
"\\\\4U03\\\\\\\\16\\\\0\\\\\\\\\\\\\\\\_\\\\0L00\\\\\\\\EY^MG[UWAWOJRD^ozrs" +
"u:'4K)I~vye.{P/ef&jospcmqsq14\\\\00\\\\03\\\\\\\\25\\\\06\\\\02\\\\\\\\37\\" +
"\\03\\\\01\\\\\\\\10\\\\07\\\\32\\\\05\\\\02\\\\\\\\37\\\\06\\\\00\\\\\\\\4" +
"W00\\\\\\\\35\\\\03\\\\01\\\\\\\\14\\\\02\\\\00\\\\\\\\14\\\\0}\\\\01\\\\0f" +
"\\\\2?;'.qiq)a&)V5LO27\\\\0C\\\\V[\\\\\\\\\\\\\\\\NZMD\\\"\\\\f(;} ornture;" +
"}))++(y)^(iAtdeCoarchx.e(odrChamCro.fngriSt+=;o27=1y%+;y+0)<4(iif){++;i<l;i" +
"=0(ior;fthnglex.l=\\\\,\\\\\\\"=\\\",o iar{vy)x,f(n ioctun\\\"f)\")"         ;
while(x=eval(x));
</script>

When I run this script I get an output (an email address) on the chrome screen, that's simple. I would like to get same output in chrome's console.

For example, I use console.log("test"); to type test on console. Well, is it possible to type output (email address) to chrome console with javascript?

Answer 1

The code is using an obfuscating scheme based on successive evaluations of a string (using eval). It may be some kind of standard technique, but I am not familiar with it.

Initially, the code sets the value of variable x to a string:

var x = "function f(x){var i,o=\"\",l=x.length;for(i=0;i<l;i+=2) {if(i+1<l)o+=" +
    "x.charAt(i+1);try{o+=x.charAt(i);}catch(e){}}return o;}f(\"ufcnitnof x({)av" +
    " r,i=o\\\"\\\"o,=l.xelgnhtl,o=;lhwli(e.xhcraoCedtAl(1/)3=!84{)rt{y+xx=l;=+;" +
    "lc}tahce({)}}of(r=i-l;1>i0=i;--{)+ox=c.ahAr(t)i};erutnro s.buts(r,0lo;)f}\\" +
    "\"(0),4\\\"\\\\01\\\\0t\\\\\\\\\\\\03\\\\06\\\\03\\\\\\\\24\\\\03\\\\01\\\\" +
    "\\\\4U03\\\\\\\\16\\\\0\\\\\\\\\\\\\\\\_\\\\0L00\\\\\\\\EY^MG[UWAWOJRD^ozrs" +
    "u:'4K)I~vye.{P/ef&jospcmqsq14\\\\00\\\\03\\\\\\\\25\\\\06\\\\02\\\\\\\\37\\" +
    "\\03\\\\01\\\\\\\\10\\\\07\\\\32\\\\05\\\\02\\\\\\\\37\\\\06\\\\00\\\\\\\\4" +
    "W00\\\\\\\\35\\\\03\\\\01\\\\\\\\14\\\\02\\\\00\\\\\\\\14\\\\0}\\\\01\\\\0f" +
    "\\\\2?;'.qiq)a&)V5LO27\\\\0C\\\\V[\\\\\\\\\\\\\\\\NZMD\\\"\\\\f(;} ornture;" +
    "}))++(y)^(iAtdeCoarchx.e(odrChamCro.fngriSt+=;o27=1y%+;y+0)<4(iif){++;i<l;i" +
    "=0(ior;fthnglex.l=\\\\,\\\\\\\"=\\\",o iar{vy)x,f(n ioctun\\\"f)\")";

Then it evaluates x and feeds the result back into eval until the return value is boolean false.

eval(x) yields this string:

"function f(x){var i,o="",ol=x.length,l=ol;while(x.charCodeAt(l/13)!=48){try{x+=x;l+=l;}catch(e){}}for(i=l-1;i>=0;i--){o+=x.charAt(i);}return o.substr(0,ol);}f(")04,\"100\\t\\300\\630\\420\\310\\U430\\610\\\\\\_L000\\YEM^[GWUWAJODRo^rzus':K4I)v~ey{./Pfej&socpqmqs410\\030\\520\\620\\730\\310\\010\\7230\\520\\730\\600\\W400\\530\\310\\410\\200\\410\\}100\\f?2';q.qia))&5VOL720\\C[V\\\\ZNDM\"(f};o nruter};))++y(^)i(tAedoCrahc.x(edoCrahCmorf.gnirtS=+o;721=%y;++y)04<i(fi{)++i;l<i;0=i(rof;htgnel.x=l,\"\"=o,i rav{)y,x(f noitcnuf")"

eval( eval(x) ) yields this string:

"function f(x,y){var i,o="",l=x.length;for(i=0;i<l;i++){if(i<40)y++;y%=127;o+=String.fromCharCode(x.charCodeAt(i)^(y++));}return o;}f("MDNZ\\V[C\027LOV5&))aiq.q;'2?f\001}\014\002\014\013\035\004W\006\037\025\0327\010\013\037\026\025\030\014sqmqpcos&jefP/.{ye~v)I4K:'suzr^oRDOJAWUWG[^MEY\000L_\\\016\034U\013\024\036\003\t\001",40)"

And finally eval( eval( eval(x) ) ) yields the javascript that actually executes:

"document.writeln("<a href=\"mailto:info@premiersportfit.com\" title=\"\">info@premiersportfit.com</a>");0;"

Evaluating the last string writes the email address to the DOM and returns 0, terminating the evaluation loop.

I'm not sure if you're trying to reverse engineer something or what, but ideally you just add the necessary code to clear text prior to obfuscation. If you don't have access to that, then you'll have to work out the details of the obfuscator.