Deobfuscating self-encrypted Javascript - how to check what is being executed

Question

I'm trying to 'disassemble' javascript code that is sending spam to places. It is using eval() to run parts of the code from an obfuscated string.

My question is: what can I use to check what commands are actually running through the interpreter? Trying to undo evals "by hand" is quite tedious.

Here is the code I'm struggling with:

eval(function (p, a, c, k, e, d) {
    e = function (c) {
        return (c35 ? String.fromCharCode(c + 29) : c.toString(36));
    }
    while (c--) {
        if (k[c]) {
            p = p.replace(new RegExp('\\b' + e(c) + '\\b', 'g'), k[c]);
        }
    }
    return p;
}('//loooong encrypted part here//'.split(|)))

score 0 · Answer 1 · answered May 10 '14 at 15:02

0

Replace eval with console.log. Repeat.

answered May 10 '14 at 15:02

Ry-

218,210
55
464
476

score 0 · Accepted Answer · answered May 10 '14 at 15:08

Like minitech said, console.log("There is an error here").

You can check for the message by using the Javascript console. If you are on Google Chrome, Menu -> Tools -> Javascript Console. Or Ctrl Shift J.

The old, traditional method would be to use alert("Error!"). Not recommended, but you can use it if you find delight in immediate response.

Deobfuscating self-encrypted Javascript - how to check what is being executed

2 Answers2