0

Searching for an unhackable email address encoder, I finally found The Enkoder which promises to do just that. It obfuscates emailaddresses for anti-spam purposes in a way that differs from everything I've ever seen before! Albeit in a hefty amount of code in return.

Q1. Out of curiosoty: how does it work? How does it encode and decode mailaddress in the browser? What magic trick is behind this new javascript encoder?

Q2. Will it beat new smart email crawlers in 2017? Do the crawlers render pages and go through the decoded links too? Or will they just scan the html code in which case this encoder will remain spam-proof.

Following code is for info@company.com with url text "Email us!" and subject "Email from Website".

<script type="text/javascript">
//<![CDATA[
<!--
var x="function f(x){var i,o=\"\",l=x.length;for(i=0;i<l;i+=2) {if(i+1<l)o+=" +
"x.charAt(i+1);try{o+=x.charAt(i);}catch(e){}}return o;}f(\"ufcnitnof x({)av" +
" r,i=o\\\"\\\"o,=l.xelgnhtl,o=;lhwli(e.xhcraoCedtAl(1/)3=!59{)rt{y+xx=l;=+;" +
"lc}tahce({)}}of(r=i-l;1>i0=i;--{)+ox=c.ahAr(t)i};erutnro s.buts(r,0lo;)f}\\" +
"\"(1),4\\\"\\\\&,=.,1?p/3y~f+i`Cj&; _=]33\\\\01\\\\02\\\\\\\\10\\\\02\\\\02" +
"\\\\\\\\16\\\\0Y\\\\+Z23\\\\01\\\\00\\\\\\\\35\\\\00\\\\00\\\\\\\\20\\\\04\\"+
"\\02\\\\\\\\O'03\\\\02\\\\00\\\\\\\\36\\\\0r\\\\\\\\\\\\5J00\\\\\\\\01\\\\0" +
"6\\\\00\\\\\\\\13\\\\0 \\\\7Y02\\\\\\\\01\\\\04\\\\00\\\\\\\\\\\\n=\\\\.+6c" +
":5.v48>$2=20\\\\0 \\\\#(q%=%.$('7f03\\\\\\\\77\\\\1'\\\\M%5V03\\\\\\\\7]00\\"+
"\\\\\\30\\\\01\\\\02\\\\\\\\[VASA]7E03\\\\\\\\AD@KHYME\\\"\\\\f(;} ornture;" +
"}))++(y)^(iAtdeCoarchx.e(odrChamCro.fngriSt+=;o27=1y%){++;i<l;i=0(ior;fthng" +
"lex.l=\\\\,\\\\\\\"=\\\",o iar{vy)x,f(n ioctun\\\"f)\")"                     ;
while(x=eval(x));
//-->
//]]>
</script>

Q3. Is the above better (more spamproof) than the older obfuscation method?

<a href="&#105;&#110;&#102;&#111;&#064;&#099;&#111;&#109;&#112;&#097;&#110;&#121;&#046;&#099;&#111;&#109;">Email us!</a>

Q4. Is it allright to delete the comments and " + " parts to compact/minimize the code, or is the a reasoning behing the splitting of the code with " + " segments and comments? 

<script type="text/javascript">
var x="function f(x){var i,o=\"\",l=x.length;for(i=0;i<l;i+=2) {if(i+1<l)o+=x.charAt(i+1);try{o+=x.charAt(i);}catch(e){}}return o;}f(\"ufcnitnof x({)av r,i=o\\\"\\\"o,=l.xelgnhtl,o=;lhwli(e.xhcraoCedtAl(1/)3=!59{)rt{y+xx=l;=+;lc}tahce({)}}of(r=i-l;1>i0=i;--{)+ox=c.ahAr(t)i};erutnro s.buts(r,0lo;)f}\\\"(1),4\\\"\\\\&,=.,1?p/3y~f+i`Cj&; _=]33\\\\01\\\\02\\\\\\\\10\\\\02\\\\02\\\\\\\\16\\\\0Y\\\\+Z23\\\\01\\\\00\\\\\\\\35\\\\00\\\\00\\\\\\\\20\\\\04\\\\02\\\\\\\\O'03\\\\02\\\\00\\\\\\\\36\\\\0r\\\\\\\\\\\\5J00\\\\\\\\01\\\\06\\\\00\\\\\\\\13\\\\0 \\\\7Y02\\\\\\\\01\\\\04\\\\00\\\\\\\\\\\\n=\\\\.+6c:5.v48>$2=20\\\\0 \\\\#(q%=%.$('7f03\\\\\\\\77\\\\1'\\\\M%5V03\\\\\\\\7]00\\\\\\\\30\\\\01\\\\02\\\\\\\\[VASA]7E03\\\\\\\\AD@KHYME\\\"\\\\f(;} ornture;}))++(y)^(iAtdeCoarchx.e(odrChamCro.fngriSt+=;o27=1y%){++;i<l;i=0(ior;fthnglex.l=\\\\,\\\\\\\"=\\\",o iar{vy)x,f(n ioctun\\\"f)\")";while(x=eval(x));
</script>
Sam
  • 15,254
  • 25
  • 90
  • 145
  • 1
    Its just obfuscated javascript that hides the data in a random set of string escapes. To see what its doing rename the eval call to xxx and add `function xxx(x) { console.log(x); return eval(x); }` then you can see the final code that gets executed. – Alex K. Apr 10 '17 at 11:39
  • Like this: https://jsfiddle.net/alexk/2n074ekL/ – Alex K. Apr 10 '17 at 11:52
  • Thanks +1 @Alex K. for showing the magic with the jsfiddle! I will play around there, the mailto: seems broken in my browser though. (Also I updated my question, see Q3.) – Sam Apr 10 '17 at 12:08

0 Answers0