Cara UnPacker JavaScript Eval

Aku akan membahas masalah JavaScript yang terdapat di Template/ hasil download-an/ lain-lain yang cukup aneh, sangat sulit untuk dibaca dan dimengerti.
Sebagai contoh lihat gambar berikut:

Script Packed by Dean Edwards
Script Packed by Dean Edwards
Ini merupakan salah satu ciri Script JavaScript yang telah di Packed dengan metode Dean Edwards.
Jika kamu menemukan hal serupa, silahkan ikuti langkah demi langkah yang aku buat berikut untuk unPacked script-nya supaya bisa dibaca dengan mudah sebagai standar JavaScript dan memastikan bahwa itu bukan Malware yang disisipkan oleh Creator JavaScript.

Contoh JavaScript yang telah Packed di situs Dean Edwards:
JavaScript Packed

var _0xb12e=["3 1K(a){(3(e){2 i={1e:x22x22,I:4,1y:G,1s:x22#1Mx22,19:1W,18:x222bx22,1m:x222d://1.2H.2G.2F/-2E/2D/2C/2B/2w/2v.2ux22,1l:[x222tx22,x222sx22,x222rx22,x222qx22,x222px22,x222ox22,x222nx22,x222mx22,x222jx22,x222ix22,x222hx22,x222gx22],L:J};i=e.2f({},i,a);2 h=e(i.1s);2 b=i.1e;2 d=i.I*1E;B(i.1e===x22x22){b=1d.1t.28+x22//x22+1d.1t.20}h.1w(x27x3CF Y=x221Yx22x3Ex3Ca P=x22#x22 Y=x221bx22x3E1bx3C/ax3Ex3Ca P=x22#x22 Y=x2211x22x3E11x3C/ax3Ex3C/Fx3Ex3CF Y=x22Ex22x3Ex3C1a C=x221Rx22x3Ex3C/1ax3Ex3C/Fx3Ex27).1N(i.18);2 g=3(z){2 t,k,r,o,x,A,s,w,y,u,n=x22x22,v=z.1q.1L;O(2 q=0;qx3Cv.K;q++){O(2 p=0;px3Cv[q].H.K;p++){B(v[q].H[p].1v==x221Jx22){t=v[q].H[p].P;1i}}O(2 m=0;mx3Cv[q].H.K;m++){B(v[q].H[m].1v==x221Ix22x26x26v[q].H[m].1H==x221G/1wx22){r=v[q].H[m].1k.1F(x22 x22)[0];1i}}B(x221D$1Cx22N v[q]){x=v[q].1D$1C.M.1z(/x5C/s[0-9]+x5C-c/g,x22/sx22+i.19+x22-cx22)}1f{x=i.1m.1z(/x5C/s[0-9]+(x5C-c|x5C/)/,x22/sx22+i.19+x22$1x22)}k=v[q].1k.$t;u=v[q].1c.$t.Z(0,10);o=v[q].1O[0].1P.$t;A=u.Z(0,4);s=u.Z(5,7);w=u.Z(8,10);y=i.1l[1Q(s,10)-1];n+=x27x3CDx3Ex3Ca 1S=x221Tx22 P=x22x27+t+x27x22x3Ex3CF C=x221Ux22x3Ex3C/Fx3Ex3C1V C=x221nx22 1X=x22x27+x+x27x22/x3Ex3C1Bx3Ex27+k+x27x3C/1Bx3Ex3C/ax3Ex3CF C=x221Zx22x3Ex3C6 C=x2221x22x3Ex3C6 C=x2222x22x3Ex27+w+x27x3C/6x3Ex3C6 C=x2223x22x3Ex27+y+x27x3C/6x3Ex3C6 C=x2224x22x3Ex27+A+x27x3C/6x3Ex3C/6x3Ex3C6 C=x2225x22x3Ex27+o+x27x3C/6x3Ex3C6 C=x2226x22x3Ex27+r+x22x3C/6x3Ex3C/Fx3Ex3C/Dx3Ex22}e(x221ax22,h).27(n)};2 c=3(o){V=o.1q.29$2a.$t;B(Vx3C=i.I){i.I=V}2 j=[];2c(j.Kx3Ci.I){2 q=1o.2e(1o.1n()*V);2 p=J;O(2 n=0;nx3Cj.K;n++){B(j[n]==q){p=G;1i}}B(!p){j[j.K]=q}}2 m=x22/-/x22+i.L;B(i.L===J){m=x22x22}B(i.1y===G){O(2 l=0;lx3Ci.I;l++){e.17({M:b+x22/16/15/14x22+m+x22?2k-2l=x22+j[l]+x22x2613-12=1x261x=1cx26X=W-N-Ux22,T:g,S:x22Rx22,Q:G})}}1f{e.17({M:b+x22/16/15/14x22+m+x22?13-12=x22+i.I+x22x261x=1cx26X=W-N-Ux22,T:g,S:x22Rx22,Q:G})}};2 f=3(){B(i.L===J){e.17({M:b+x22/16/15/14?13-12=0x26X=W-N-Ux22,T:c,S:x22Rx22,Q:G})}1f{e.17({M:b+x22/16/15/14/-/x22+i.L+x22?13-12=0x26X=W-N-Ux22,T:c,S:x22Rx22,Q:G})}e(1d).2x(x222yx22,3(){2z(3(){2 k=2A;2 l=1r(x221p()x22,k);e(x22#E D:1gx22).1A(e(x22#E D:1hx22));e(x22#1bx22).1j(3(){e(x22#E D:1gx22).1A(e(x22#E D:1hx22));1u J});e(x22#11x22).1j(3(){e(x22#E D:1hx22).2I(e(x22#E D:1gx22));1u J});e(x22#Ex22).2J(3(){2K(l)},3(){l=1r(x221p()x22,k)});3 j(){e(x22#11x22).1j()}h.2L(i.18)},d)})};e(2M).2N(f)})(2O)};","|","split","||var|function|||span|||||||||||||||||||||||||||||||if|class|li|slides|div|true|link|MaxPost|false|length|tagName|url|in|for|href|cache|jsonp|dataType|success|script|Total_Posts_Number|json|alt|id|substring||next|results|max|default|posts|feeds|ajax|loadingClass|ImageSize|ul|prev|published|window|blogURL|else|first|last|break|click|title|MonthNames|pBlank|random|Math|rotate|feed|setInterval|idcontaint|location|return|rel|html|orderby|RandompostActive|replace|before|h4|thumbnail|media|600|split|text|type|replies|alternate|RandomPost|entry|randompost|addClass|author|name|parseInt|randomnya|target|_blank|overlayx|img|100|src|buttons|label_text|host|date|dd|dm|dy|autname|cmnum|append|protocol|openSearch|totalResults|loadingxx|while|http|ceil|extend|Dec|Nov|Oct|Sep|start|index|Aug|Jul|Jun|May|Apr|Mar|Feb|Jan|gif|grey|s1600|bind|load|setTimeout|5000|e7XkFtErqsU|AAAAAAAABAU|Tp0KrMUdoWI|htG7vy9vIAA|com|blogspot|bp|after|hover|clearInterval|removeClass|document|ready|jQuery","","fromCharCode","replace","x5Cw+","x5Cb","g"];eval(function (p,a,c,k,e,r){e=function (c){return (c<a a="" c="c%a)" e="" href="https://www.blogger.com/null" parseint="" xb12e="">35?String[_0xb12e[5]](c+29):c.toString(36));} ;if(!_0xb12e[4][_0xb12e[6]](/^/,String)){while(c--){r[e(c)]=k[c]||e(c);} ;k=[function (e){return r[e];} ];e=function (){return _0xb12e[7];} ;c=1;} ;while(c--){if(k[c]){p=p[_0xb12e[6]]( new RegExp(_0xb12e[8]+e(c)+_0xb12e[8],_0xb12e[9]),k[c]);} ;} ;return p;} (_0xb12e[0],62,175,_0xb12e[3][_0xb12e[2]](_0xb12e[1]),0,{}));

Cara UnPack JavaScript
1. Masuk ke http://matthewfl.com/unPacker.html
2. Copy-Paste JavaScript Packed pada kolom atas (keterangan: Jangan sampai tanda ; di akhir.)

JavaScript Packed

var _0xb12e=["3 1K(a){(3(e){2 i={1e:x22x22,I:4,1y:G,1s:x22#1Mx22,19:1W,18:x222bx22,1m:x222d://1.2H.2G.2F/-2E/2D/2C/2B/2w/2v.2ux22,1l:[x222tx22,x222sx22,x222rx22,x222qx22,x222px22,x222ox22,x222nx22,x222mx22,x222jx22,x222ix22,x222hx22,x222gx22],L:J};i=e.2f({},i,a);2 h=e(i.1s);2 b=i.1e;2 d=i.I*1E;B(i.1e===x22x22){b=1d.1t.28+x22//x22+1d.1t.20}h.1w(x27x3CF Y=x221Yx22x3Ex3Ca P=x22#x22 Y=x221bx22x3E1bx3C/ax3Ex3Ca P=x22#x22 Y=x2211x22x3E11x3C/ax3Ex3C/Fx3Ex3CF Y=x22Ex22x3Ex3C1a C=x221Rx22x3Ex3C/1ax3Ex3C/Fx3Ex27).1N(i.18);2 g=3(z){2 t,k,r,o,x,A,s,w,y,u,n=x22x22,v=z.1q.1L;O(2 q=0;qx3Cv.K;q++){O(2 p=0;px3Cv[q].H.K;p++){B(v[q].H[p].1v==x221Jx22){t=v[q].H[p].P;1i}}O(2 m=0;mx3Cv[q].H.K;m++){B(v[q].H[m].1v==x221Ix22x26x26v[q].H[m].1H==x221G/1wx22){r=v[q].H[m].1k.1F(x22 x22)[0];1i}}B(x221D$1Cx22N v[q]){x=v[q].1D$1C.M.1z(/x5C/s[0-9]+x5C-c/g,x22/sx22+i.19+x22-cx22)}1f{x=i.1m.1z(/x5C/s[0-9]+(x5C-c|x5C/)/,x22/sx22+i.19+x22$1x22)}k=v[q].1k.$t;u=v[q].1c.$t.Z(0,10);o=v[q].1O[0].1P.$t;A=u.Z(0,4);s=u.Z(5,7);w=u.Z(8,10);y=i.1l[1Q(s,10)-1];n+=x27x3CDx3Ex3Ca 1S=x221Tx22 P=x22x27+t+x27x22x3Ex3CF C=x221Ux22x3Ex3C/Fx3Ex3C1V C=x221nx22 1X=x22x27+x+x27x22/x3Ex3C1Bx3Ex27+k+x27x3C/1Bx3Ex3C/ax3Ex3CF C=x221Zx22x3Ex3C6 C=x2221x22x3Ex3C6 C=x2222x22x3Ex27+w+x27x3C/6x3Ex3C6 C=x2223x22x3Ex27+y+x27x3C/6x3Ex3C6 C=x2224x22x3Ex27+A+x27x3C/6x3Ex3C/6x3Ex3C6 C=x2225x22x3Ex27+o+x27x3C/6x3Ex3C6 C=x2226x22x3Ex27+r+x22x3C/6x3Ex3C/Fx3Ex3C/Dx3Ex22}e(x221ax22,h).27(n)};2 c=3(o){V=o.1q.29$2a.$t;B(Vx3C=i.I){i.I=V}2 j=[];2c(j.Kx3Ci.I){2 q=1o.2e(1o.1n()*V);2 p=J;O(2 n=0;nx3Cj.K;n++){B(j[n]==q){p=G;1i}}B(!p){j[j.K]=q}}2 m=x22/-/x22+i.L;B(i.L===J){m=x22x22}B(i.1y===G){O(2 l=0;lx3Ci.I;l++){e.17({M:b+x22/16/15/14x22+m+x22?2k-2l=x22+j[l]+x22x2613-12=1x261x=1cx26X=W-N-Ux22,T:g,S:x22Rx22,Q:G})}}1f{e.17({M:b+x22/16/15/14x22+m+x22?13-12=x22+i.I+x22x261x=1cx26X=W-N-Ux22,T:g,S:x22Rx22,Q:G})}};2 f=3(){B(i.L===J){e.17({M:b+x22/16/15/14?13-12=0x26X=W-N-Ux22,T:c,S:x22Rx22,Q:G})}1f{e.17({M:b+x22/16/15/14/-/x22+i.L+x22?13-12=0x26X=W-N-Ux22,T:c,S:x22Rx22,Q:G})}e(1d).2x(x222yx22,3(){2z(3(){2 k=2A;2 l=1r(x221p()x22,k);e(x22#E D:1gx22).1A(e(x22#E D:1hx22));e(x22#1bx22).1j(3(){e(x22#E D:1gx22).1A(e(x22#E D:1hx22));1u J});e(x22#11x22).1j(3(){e(x22#E D:1hx22).2I(e(x22#E D:1gx22));1u J});e(x22#Ex22).2J(3(){2K(l)},3(){l=1r(x221p()x22,k)});3 j(){e(x22#11x22).1j()}h.2L(i.18)},d)})};e(2M).2N(f)})(2O)};","|","split","||var|function|||span|||||||||||||||||||||||||||||||if|class|li|slides|div|true|link|MaxPost|false|length|tagName|url|in|for|href|cache|jsonp|dataType|success|script|Total_Posts_Number|json|alt|id|substring||next|results|max|default|posts|feeds|ajax|loadingClass|ImageSize|ul|prev|published|window|blogURL|else|first|last|break|click|title|MonthNames|pBlank|random|Math|rotate|feed|setInterval|idcontaint|location|return|rel|html|orderby|RandompostActive|replace|before|h4|thumbnail|media|600|split|text|type|replies|alternate|RandomPost|entry|randompost|addClass|author|name|parseInt|randomnya|target|_blank|overlayx|img|100|src|buttons|label_text|host|date|dd|dm|dy|autname|cmnum|append|protocol|openSearch|totalResults|loadingxx|while|http|ceil|extend|Dec|Nov|Oct|Sep|start|index|Aug|Jul|Jun|May|Apr|Mar|Feb|Jan|gif|grey|s1600|bind|load|setTimeout|5000|e7XkFtErqsU|AAAAAAAABAU|Tp0KrMUdoWI|htG7vy9vIAA|com|blogspot|bp|after|hover|clearInterval|removeClass|document|ready|jQuery","","fromCharCode","replace","x5Cw+","x5Cb","g"];eval(function (p,a,c,k,e,r){e=function (c){return (c<a a="" c="c%a)" e="" href="https://www.blogger.com/null" parseint="" xb12e="">35?String[_0xb12e[5]](c+29):c.toString(36));} ;if(!_0xb12e[4][_0xb12e[6]](/^/,String)){while(c--){r[e(c)]=k[c]||e(c);} ;k=[function (e){return r[e];} ];e=function (){return _0xb12e[7];} ;c=1;} ;while(c--){if(k[c]){p=p[_0xb12e[6]]( new RegExp(_0xb12e[8]+e(c)+_0xb12e[8],_0xb12e[9]),k[c]);} ;} ;return p;} (_0xb12e[0],62,175,_0xb12e[3][_0xb12e[2]](_0xb12e[1]),0,{}))

3. Klik tombol UnPack
4. Jika berhasil maka kode javascript asli akan muncul di kolom bawah

Screenshot: Cara UnPack JavaScript
Screenshot: Cara UnPack JavaScript

Untuk merapatkan JavaScript yang sudah di UnPacked/ JavaScript asli:
1. Masuk ke http://dean.edwards.name/packer/
2. Copy-paste JavaScript pada kolom atas (kolom Paste:)
3. Jangan beri centang pada combo "Base62 encode" dan "Shrink variables"
4. Klik tombol Pack
5. Jika berhasil maka JavaScript tersebut akan merapat (tanpa Spasi) seperti di gambar (kolom Copy:)

Screenshot: Merapatkan JavaScript
Screenshot: Merapatkan JavaScript

Dan masalah selesai. Jika ada pertanyaan atau ada yang kurang paham, silahkan berkomentar.
Terimakasih. Semoga bermanfaat.

Ero Pradolly Prasitha

Hopefully article about Cara UnPacker JavaScript Eval useful for Om Goegel loyal readers. Know more about me, please read more on WHO AM I? page. Great thanks.

Number of Posts:

7 comments:

  1. kalau ini apa gan?
    ["\\B","\\F\\R\\W","\\F\\1d\\G\\B\\R\\A","\\1c\\E\\R\\I","\\H\\A\\1f\\D","\\D","\\Q\\1a\\B\\G\\D\\X\\R\\I\\A\\H\\W\\E\\1c","\\E\\F\\E\\I\\A","\\Q\\1a\\B\\G\\1d\\F\\1k\\R\\A\\H\\X","\\H","\\Q\\1a\\B\\G\\D\\E\\F\\L\\1u\\1o\\R\\A\\H\\X","\\Q\\1a\\B\\G\\D\\I\\F\\J\\A\\G\\D\\O\\A\\A\\J","\\Q\\1a\\B\\G\\H\\B\\1a\\F\\O\\K\\D\\E\\O\\B\\W\\A","\\Q\\1a\\B\\G\\B\\J\\R\\F\\H\\1b\\I\\K\\W","","\\Q\\1a\\B\\G\\1c\\F\\J\\A\\B\\X\\E\\1c\\K\\G","\\1o","\\Q\\1a\\B\\G\\H\\E\\A\\1k\\E","\\3G\\A\\1k\\E","\\Q\\1a\\B\\G\\O\\E\\A\\1k\\E","\\2H\\G\\A\\1a\\F\\K\\X\\D","\\Q\\1a\\B\\G\\R\\E\\A\\1k\\E","\\2M\\K\\G\\A","\\Q\\1a\\B\\G\\G\\A\\I\\E\\A\\1k\\E","\\6b\\A\\I\\B\\E\\A\\J\\M\\2H\\K\\

    terus sama ini

    ]/g],6M=2f.4N(q$z[5]+bw+bB),5y=$(q$z[6]).1i?$(q$z[6]).1h(q$z[7]):3a,ap=$(q$z[8]).1i&&q$z[9]==$(q$z[8]).1h(q$z[7])?!1:!0,ao=$(q$z[10]).1i&&q$z[9]==$(q$z[10]).1h(q$z[7])?!1:!0,4y=$(q$z[11]).1i?$(q$z[11]).1h(q$z[7]):5E,3s=$(q$z[12]).1i?$(q$z[12]).1h(q$z[7]):20,am=$(q$z[13]).1i&&q$z[9]!=$(q$z[13]).1h(q$z[7])?$(q$z[13]).1h(q$z[7]):q$z[14],6K=$(q$z[15]).1i&&q$z[16]==$(q$z[15]).1h(q$z[7])?!1:!0,7X=$(q$z[17]).1i&&q$z[9]!=$(q$z[17]).1h(q$z[7])?$(q$z[17]).1h(q$z[7]

    ReplyDelete

RULES:
1. Hindari komentar SARA, porno, atau melanggar HAM
2. Disini bukan zona pertikaian (silahkan bertikai di ring lain)
3. Link tidak jelas serta mengarah ke pelanggaran kode etik dan hukum yang berlaku adalah HARAM disini
4. Penulis tidak bertanggung jawab atas apapun bentuk efek samping dari penyalahgunaan atau penyalahartian terhadap apapun konten dari blog ini
5. Penulis memiliki hak untuk menolak/menghapus komentar yang dianggap melanggar pasal-pasal di atas

PS:
“Jadilah orang yang sopan dan cerdas dalam berkomentar”.
Ask if you are not sure and/or don’t know or eager to know more,
Give solution if you found any errors, stop komentar-komentar kosong!

Contact Form

Name

Email *

Message *