Introduction
Hey everyone,
Nowadays,we can see a rapid growth in blogging field.There are so many emerging newbies with lots of new ideas and tricks hoping success.
But they may end looking for free templates,because they(me too when iam starting http://almourasiloun2.blogspot.com /">revealedtricks4u) don't want to spend lots of money because blogger is free and they want to share their opinions free.But when the time comes to earn money from blogging,they want to make their blog so professional.
And started googling for "best professional blogger templates for free" including a "free" keyword :).
But our fellow newbies does'nt realize they may end up with a blog Powered By Someone.
What happens when we just remove the Attribution Widget or edit the Raw Html to change the content of the footer?
Yes you can do which is just a matter of removing a html code.
Go and search for "<div id='mycontent'/>" or just "mycontent" in the raw html and try to remove the code or just add a style attribute with display: none; or visibility:hidden;
But sorry the template providers are not so fool for just giving away their Pro templates for free that they are selling for dollars on their own websites, and not even getting a simple credit for their work from the free templaters.
Most of the blogger theme providers such as xposetheme,templatify,templatism,soratemplates,etc where using hidden,obfuscated and too hex encoded javascripts which will work in the background and check for what happened to their credit,if it seems altered the javascript code will automatically redirect to their own template provider's website.
At first glance,this made me so complicated to break into the javascript code.But iam so smarter than them :).
BEFORE CONTINUING,PLEASE PROVIDE SOME RESPECT FOR THE WORK THOSE GUYS SPENT ON CREATING THE WONDERFUL TEMPLATES AND IF YOU HAVE PENNIES JUST PAY THEM.
So for those newbies may be some Pros too.Don't worry just follow these steps.
How do i deobfuscate or decode the javascript code?
Most of the template providers put some script code like this.
For Examples
And others also very similar to this.
Can you understand anything from the above script?
Have no decoder eyes ha:).They are just a piece "\x" characters are just hex encoded equivalent to the substituted characters.
So i have programmed a simple java tool for decoding that hex thing.I got the value like seen below.
How do i got the logic and break into it?
Hey wait there,don't be so panic by seeing the massive content above,it is just for your information.
By the way we know that by using javascript to redirect to another URL we want to use either window.location.href or window.location.replace() for a successfull move through.
So i got the catch from that.As you can see the decoded version of the code above,you can see words like window location href in a grambled manner.
As the Black Sheep javascript code is using eval function iam just confirmed to replace the word location with any other word.
Steps to apply into your blog
Hey everyone,
Nowadays,we can see a rapid growth in blogging field.There are so many emerging newbies with lots of new ideas and tricks hoping success.
But they may end looking for free templates,because they(me too when iam starting http://almourasiloun2.blogspot.com /">revealedtricks4u) don't want to spend lots of money because blogger is free and they want to share their opinions free.But when the time comes to earn money from blogging,they want to make their blog so professional.
And started googling for "best professional blogger templates for free" including a "free" keyword :).
But our fellow newbies does'nt realize they may end up with a blog Powered By Someone.
What happens when we just remove the Attribution Widget or edit the Raw Html to change the content of the footer?
Yes you can do which is just a matter of removing a html code.
<div id='mycontent'/>
Go and search for "<div id='mycontent'/>" or just "mycontent" in the raw html and try to remove the code or just add a style attribute with display: none; or visibility:hidden;
But sorry the template providers are not so fool for just giving away their Pro templates for free that they are selling for dollars on their own websites, and not even getting a simple credit for their work from the free templaters.
Most of the blogger theme providers such as xposetheme,templatify,templatism,soratemplates,etc where using hidden,obfuscated and too hex encoded javascripts which will work in the background and check for what happened to their credit,if it seems altered the javascript code will automatically redirect to their own template provider's website.
At first glance,this made me so complicated to break into the javascript code.But iam so smarter than them :).
BEFORE CONTINUING,PLEASE PROVIDE SOME RESPECT FOR THE WORK THOSE GUYS SPENT ON CREATING THE WONDERFUL TEMPLATES AND IF YOU HAVE PENNIES JUST PAY THEM.
So for those newbies may be some Pros too.Don't worry just follow these steps.
How do i deobfuscate or decode the javascript code?
Most of the template providers put some script code like this.
For Examples
- Sora Templates
var _0x90bc=["\x55\x20\x31\x58\x28\x72\x29\x7B\x6A\x3D\x31\x48\x3F\x31\x68\x2E\x31\x45\x28\x28\x54\x2E\x6C\x2B\x31\x29\x2A\x31\x68\x2E\x31\x46\x28\x29\x29\x3A\x30\x3B\x68\x3D\x31\x74\x20\x31\x78\x3B\x67\x28\x31\x64\x3C\x3D\x72\x2E\x46\x2E\x66\x2E\x6C\x29\x4C\x3D\x31\x64\x3B\x45\x20\x4C\x3D\x72\x2E\x46\x2E\x66\x2E\x6C\x3B\x4A\x28\x65\x20\x69\x3D\x30\x3B\x69\x3C\x4C\x3B\x69\x2B\x2B\x29\x7B\x65\x20\x66\x3D\x72\x2E\x46\x2E\x66\x5B\x69\x5D\x3B\x65\x20\x56\x3D\x66\x2E\x31\x4B\x5B\x30\x5D\x2E\x31\x59\x3B\x65\x20\x4B\x3D\x66\x2E\x70\x2E\x24\x74\x3B\x65\x20\x31\x61\x3B\x65\x20\x71\x3B\x67\x28\x69\x3D\x3D\x72\x2E\x46\x2E\x66\x2E\x6C\x29\x76\x3B\x4A\x28\x65\x20\x6B\x3D\x30\x3B\x6B\x3C\x66\x2E\x6F\x2E\x6C\x3B\x6B\x2B\x2B\x29\x67\x28\x66\x2E\x6F\x5B\x6B\x5D\x2E\x44\x3D\x3D\x22\x31\x77\x22\x29\x7B\x71\x3D\x66\x2E\x6F\x5B\x6B\x5D\x2E\x6E\x3B\x76\x7D\x4A\x28\x65\x20\x6B\x3D\x30\x3B\x6B\x3C\x66\x2E\x6F\x2E\x6C\x3B\x6B\x2B\x2B\x29\x67\x28\x66\x2E\x6F\x5B\x6B\x5D\x2E\x44\x3D\x3D\x22\x31\x41\x22\x26\x26\x66\x2E\x6F\x5B\x6B\x5D\x2E\x31\x42\x3D\x3D\x22\x31\x43\x2F\x31\x36\x22\x29\x7B\x31\x61\x3D\x66\x2E\x6F\x5B\x6B\x5D\x2E\x70\x2E\x77\x28\x22\x20\x22\x29\x5B\x30\x5D\x3B\x76\x7D\x67\x28\x22\x31\x34\x22\x31\x33\x20\x66\x29\x65\x20\x41\x3D\x66\x2E\x31\x34\x2E\x24\x74\x3B\x45\x20\x67\x28\x22\x59\x22\x31\x33\x20\x66\x29\x65\x20\x41\x3D\x66\x2E\x59\x2E\x24\x74\x3B\x45\x20\x65\x20\x41\x3D\x22\x22\x3B\x43\x3D\x66\x2E\x31\x76\x2E\x24\x74\x3B\x67\x28\x6A\x3E\x54\x2E\x6C\x2D\x31\x29\x6A\x3D\x30\x3B\x68\x5B\x69\x5D\x3D\x54\x5B\x6A\x5D\x3B\x73\x3D\x41\x3B\x61\x3D\x73\x2E\x4D\x28\x22\x3C\x68\x22\x29\x3B\x62\x3D\x73\x2E\x4D\x28\x27\x4F\x3D\x22\x27\x2C\x61\x29\x3B\x63\x3D\x73\x2E\x4D\x28\x27\x22\x27\x2C\x62\x2B\x35\x29\x3B\x64\x3D\x73\x2E\x31\x49\x28\x62\x2B\x35\x2C\x63\x2D\x62\x2D\x35\x29\x3B\x67\x28\x61\x21\x3D\x2D\x31\x26\x26\x28\x62\x21\x3D\x2D\x31\x26\x26\x28\x63\x21\x3D\x2D\x31\x26\x26\x64\x21\x3D\x22\x22\x29\x29\x29\x68\x5B\x69\x5D\x3D\x64\x3B\x65\x20\x51\x3D\x5B\x31\x2C\x32\x2C\x33\x2C\x34\x2C\x35\x2C\x36\x2C\x37\x2C\x38\x2C\x39\x2C\x31\x30\x2C\x31\x31\x2C\x31\x32\x5D\x3B\x65\x20\x58\x3D\x5B\x22\x31\x5A\x22\x2C\x22\x32\x30\x22\x2C\x22\x31\x6A\x22\x2C\x22\x31\x6B\x22\x2C\x22\x31\x6C\x22\x2C\x22\x31\x6D\x22\x2C\x22\x31\x6E\x22\x2C\x22\x31\x6F\x22\x2C\x22\x31\x70\x22\x2C\x22\x31\x71\x22\x2C\x22\x31\x72\x22\x2C\x22\x31\x73\x22\x5D\x3B\x65\x20\x31\x38\x3D\x43\x2E\x77\x28\x22\x2D\x22\x29\x5B\x32\x5D\x2E\x31\x75\x28\x30\x2C\x32\x29\x3B\x65\x20\x6D\x3D\x43\x2E\x77\x28\x22\x2D\x22\x29\x5B\x31\x5D\x3B\x65\x20\x79\x3D\x43\x2E\x77\x28\x22\x2D\x22\x29\x5B\x30\x5D\x3B\x4A\x28\x65\x20\x75\x3D\x30\x3B\x75\x3C\x51\x2E\x6C\x3B\x75\x2B\x2B\x29\x67\x28\x31\x79\x28\x6D\x29\x3D\x3D\x51\x5B\x75\x5D\x29\x7B\x6D\x3D\x58\x5B\x75\x5D\x3B\x76\x7D\x65\x20\x31\x7A\x3D\x31\x38\x2B\x22\x20\x22\x2B\x6D\x2B\x22\x20\x22\x2B\x79\x3B\x67\x28\x69\x3D\x3D\x30\x29\x7B\x65\x20\x49\x3D\x27\x3C\x48\x20\x47\x3D\x22\x31\x44\x2D\x42\x20\x5A\x2D\x42\x22\x3E\x3C\x61\x20\x6E\x3D\x22\x27\x2B\x71\x2B\x27\x22\x3E\x3C\x68\x20\x4F\x3D\x22\x27\x2B\x68\x5B\x69\x5D\x2B\x27\x22\x20\x31\x47\x3D\x22\x22\x3E\x3C\x2F\x68\x3E\x3C\x2F\x61\x3E\x3C\x7A\x3E\x3C\x78\x3E\x27\x2B\x56\x2B\x27\x3C\x2F\x78\x3E\x3C\x31\x35\x20\x47\x3D\x22\x66\x2D\x70\x22\x3E\x3C\x61\x20\x6E\x3D\x22\x27\x2B\x71\x2B\x27\x22\x20\x70\x3D\x22\x22\x3E\x27\x2B\x4B\x2B\x22\x3C\x2F\x61\x3E\x3C\x2F\x31\x35\x3E\x3C\x2F\x7A\x3E\x3C\x2F\x48\x3E\x22\x3B\x4E\x2E\x31\x37\x28\x49\x29\x7D\x45\x7B\x65\x20\x49\x3D\x27\x3C\x48\x20\x47\x3D\x22\x31\x4C\x2D\x42\x20\x5A\x2D\x42\x22\x20\x31\x4D\x3D\x22\x31\x4E\x2D\x31\x4F\x3A\x30\x22\x3E\x3C\x61\x20\x47\x3D\x22\x31\x50\x22\x20\x6E\x3D\x22\x27\x2B\x71\x2B\x27\x22\x3E\x3C\x68\x20\x4F\x3D\x22\x27\x2B\x68\x5B\x69\x5D\x2B\x27\x22\x20\x31\x51\x3D\x22\x31\x52\x22\x20\x31\x53\x3D\x22\x31\x54\x22\x3E\x3C\x2F\x68\x3E\x3C\x2F\x61\x3E\x3C\x7A\x3E\x3C\x78\x3E\x27\x2B\x56\x2B\x27\x3C\x2F\x78\x3E\x3C\x31\x69\x3E\x3C\x61\x20\x6E\x3D\x22\x27\x2B\x71\x2B\x27\x22\x3E\x27\x2B\x4B\x2B\x22\x3C\x2F\x61\x3E\x3C\x2F\x31\x69\x3E\x3C\x2F\x7A\x3E\x3C\x2F\x48\x3E\x22\x3B\x4E\x2E\x31\x37\x28\x49\x29\x7D\x6A\x2B\x2B\x7D\x7D\x3B\x24\x28\x4E\x29\x2E\x31\x55\x28\x55\x28\x29\x7B\x24\x28\x27\x23\x31\x39\x27\x29\x2E\x31\x36\x28\x22\x31\x56\x20\x31\x57\x20\x3C\x61\x20\x6E\x3D\x27\x52\x3A\x2F\x2F\x31\x62\x2E\x31\x63\x2E\x53\x2F\x27\x20\x44\x3D\x27\x31\x65\x27\x20\x31\x66\x3D\x27\x31\x67\x27\x20\x70\x3D\x27\x50\x20\x57\x27\x3E\x32\x31\x20\x57\x3C\x2F\x61\x3E\x20\x32\x32\x20\x3C\x61\x20\x6E\x3D\x27\x52\x3A\x2F\x2F\x32\x33\x2E\x53\x2F\x27\x20\x44\x3D\x27\x31\x65\x27\x20\x31\x66\x3D\x27\x31\x67\x27\x20\x70\x3D\x27\x50\x20\x57\x27\x3E\x32\x34\x20\x50\x20\x32\x35\x3C\x2F\x61\x3E\x22\x29\x3B\x32\x36\x28\x55\x28\x29\x7B\x67\x28\x21\x24\x28\x27\x23\x31\x39\x3A\x32\x37\x27\x29\x2E\x6C\x29\x32\x38\x2E\x32\x39\x2E\x6E\x3D\x27\x52\x3A\x2F\x2F\x31\x62\x2E\x31\x63\x2E\x53\x2F\x27\x7D\x2C\x31\x4A\x29\x7D\x29\x3B","\x7C","\x73\x70\x6C\x69\x74","\x7C\x7C\x7C\x7C\x7C\x7C\x7C\x7C\x7C\x7C\x7C\x7C\x7C\x7C\x76\x61\x72\x7C\x65\x6E\x74\x72\x79\x7C\x69\x66\x7C\x69\x6D\x67\x7C\x7C\x7C\x7C\x6C\x65\x6E\x67\x74\x68\x7C\x7C\x68\x72\x65\x66\x7C\x6C\x69\x6E\x6B\x7C\x74\x69\x74\x6C\x65\x7C\x70\x6F\x73\x74\x75\x72\x6C\x7C\x6A\x73\x6F\x6E\x7C\x7C\x7C\x75\x32\x7C\x62\x72\x65\x61\x6B\x7C\x73\x70\x6C\x69\x74\x7C\x73\x70\x61\x6E\x7C\x7C\x68\x65\x61\x64\x65\x72\x7C\x70\x6F\x73\x74\x63\x6F\x6E\x74\x65\x6E\x74\x7C\x70\x6F\x73\x74\x7C\x70\x6F\x73\x74\x64\x61\x74\x65\x7C\x72\x65\x6C\x7C\x65\x6C\x73\x65\x7C\x66\x65\x65\x64\x7C\x63\x6C\x61\x73\x73\x7C\x64\x69\x76\x7C\x74\x72\x74\x64\x7C\x66\x6F\x72\x7C\x70\x6F\x73\x74\x74\x69\x74\x6C\x65\x7C\x6D\x61\x78\x70\x6F\x73\x74\x7C\x69\x6E\x64\x65\x78\x4F\x66\x7C\x64\x6F\x63\x75\x6D\x65\x6E\x74\x7C\x73\x72\x63\x7C\x42\x6C\x6F\x67\x67\x65\x72\x7C\x6D\x6F\x6E\x74\x68\x7C\x68\x74\x74\x70\x7C\x63\x6F\x6D\x7C\x69\x6D\x67\x72\x7C\x66\x75\x6E\x63\x74\x69\x6F\x6E\x7C\x74\x61\x67\x7C\x54\x65\x6D\x70\x6C\x61\x74\x65\x73\x7C\x6D\x6F\x6E\x74\x68\x32\x7C\x73\x75\x6D\x6D\x61\x72\x79\x7C\x63\x6F\x6C\x7C\x7C\x7C\x7C\x69\x6E\x7C\x63\x6F\x6E\x74\x65\x6E\x74\x7C\x68\x33\x7C\x68\x74\x6D\x6C\x7C\x77\x72\x69\x74\x65\x7C\x64\x61\x79\x7C\x6D\x79\x63\x6F\x6E\x74\x65\x6E\x74\x7C\x70\x63\x6D\x7C\x77\x77\x77\x7C\x73\x6F\x72\x61\x74\x65\x6D\x70\x6C\x61\x74\x65\x73\x7C\x6E\x75\x6D\x70\x6F\x73\x74\x73\x31\x7C\x64\x6F\x66\x6F\x6C\x6C\x6F\x77\x7C\x74\x61\x72\x67\x65\x74\x7C\x5F\x62\x6C\x61\x6E\x6B\x7C\x4D\x61\x74\x68\x7C\x68\x34\x7C\x4D\x61\x72\x7C\x41\x70\x72\x7C\x4D\x61\x79\x7C\x4A\x75\x6E\x7C\x4A\x75\x6C\x7C\x41\x75\x67\x7C\x53\x65\x70\x7C\x4F\x63\x74\x7C\x4E\x6F\x76\x7C\x44\x65\x63\x7C\x6E\x65\x77\x7C\x73\x75\x62\x73\x74\x72\x69\x6E\x67\x7C\x70\x75\x62\x6C\x69\x73\x68\x65\x64\x7C\x61\x6C\x74\x65\x72\x6E\x61\x74\x65\x7C\x41\x72\x72\x61\x79\x7C\x70\x61\x72\x73\x65\x49\x6E\x74\x7C\x64\x61\x79\x73\x74\x72\x7C\x72\x65\x70\x6C\x69\x65\x73\x7C\x74\x79\x70\x65\x7C\x74\x65\x78\x74\x7C\x6D\x61\x69\x6E\x7C\x66\x6C\x6F\x6F\x72\x7C\x72\x61\x6E\x64\x6F\x6D\x7C\x61\x6C\x74\x7C\x73\x68\x6F\x77\x52\x61\x6E\x64\x6F\x6D\x49\x6D\x67\x7C\x73\x75\x62\x73\x74\x72\x7C\x33\x30\x30\x30\x7C\x63\x61\x74\x65\x67\x6F\x72\x79\x7C\x73\x65\x63\x6F\x6E\x64\x61\x72\x79\x7C\x73\x74\x79\x6C\x65\x7C\x6D\x61\x72\x67\x69\x6E\x7C\x72\x69\x67\x68\x74\x7C\x68\x6F\x76\x65\x72\x5F\x70\x6C\x61\x79\x5F\x73\x6D\x61\x6C\x6C\x7C\x68\x65\x69\x67\x68\x74\x7C\x32\x30\x30\x7C\x77\x69\x64\x74\x68\x7C\x33\x32\x30\x7C\x72\x65\x61\x64\x79\x7C\x43\x72\x65\x61\x74\x65\x64\x7C\x42\x79\x7C\x73\x6C\x69\x64\x65\x72\x70\x6F\x73\x74\x73\x7C\x74\x65\x72\x6D\x7C\x4A\x61\x6E\x7C\x46\x65\x62\x7C\x53\x6F\x72\x61\x7C\x61\x6E\x64\x7C\x6D\x79\x62\x6C\x6F\x67\x67\x65\x72\x74\x68\x65\x6D\x65\x73\x7C\x4D\x79\x7C\x54\x68\x65\x6D\x65\x73\x7C\x73\x65\x74\x49\x6E\x74\x65\x72\x76\x61\x6C\x7C\x76\x69\x73\x69\x62\x6C\x65\x7C\x77\x69\x6E\x64\x6F\x77\x7C\x6C\x6F\x63\x61\x74\x69\x6F\x6E","","\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65","\x72\x65\x70\x6C\x61\x63\x65","\x5C\x77\x2B","\x5C\x62","\x67"];eval(function (_0x8bc0x1,_0x8bc0x2,_0x8bc0x3,_0x8bc0x4,_0x8bc0x5,_0x8bc0x6){_0x8bc0x5=function (_0x8bc0x3){return (_0x8bc0x3<_0x8bc0x2?_0x90bc[4]:_0x8bc0x5(parseInt(_0x8bc0x3/_0x8bc0x2)))+((_0x8bc0x3=_0x8bc0x3%_0x8bc0x2)>35?String[_0x90bc[5]](_0x8bc0x3+29):_0x8bc0x3.toString(36));} ;if(!_0x90bc[4][_0x90bc[6]](/^/,String)){while(_0x8bc0x3--){_0x8bc0x6[_0x8bc0x5(_0x8bc0x3)]=_0x8bc0x4[_0x8bc0x3]||_0x8bc0x5(_0x8bc0x3);} ;_0x8bc0x4=[function (_0x8bc0x5){return _0x8bc0x6[_0x8bc0x5];} ];_0x8bc0x5=function (){return _0x90bc[7];} ;_0x8bc0x3=1;} ;while(_0x8bc0x3--){if(_0x8bc0x4[_0x8bc0x3]){_0x8bc0x1=_0x8bc0x1[_0x90bc[6]]( new RegExp(_0x90bc[8]+_0x8bc0x5(_0x8bc0x3)+_0x90bc[8],_0x90bc[9]),_0x8bc0x4[_0x8bc0x3]);} ;} ;return _0x8bc0x1;} (_0x90bc[0],62,134,_0x90bc[3][_0x90bc[2]](_0x90bc[1]),0,{}));
- XposeTheme
var _0x6420=["\x62\x20\x74\x28\x35\x2C\x30\x29\x7B\x31\x20\x32\x3D\x42\x3B\x31\x20\x33\x3D\x41\x3B\x37\x3D\x27\x3C\x7A\x20\x79\x3D\x22\x27\x2B\x32\x2B\x27\x22\x20\x78\x3D\x22\x27\x2B\x33\x2B\x27\x22\x20\x71\x3D\x22\x27\x2B\x35\x2E\x34\x28\x27\x2F\x6F\x2D\x63\x2F\x27\x2C\x27\x2F\x77\x27\x2B\x32\x2B\x27\x2D\x68\x27\x2B\x33\x2B\x27\x2D\x63\x2F\x27\x29\x2B\x27\x22\x20\x6C\x3D\x22\x27\x2B\x30\x2E\x34\x28\x2F\x22\x2F\x67\x2C\x22\x22\x29\x2B\x27\x22\x20\x6D\x3D\x22\x27\x2B\x30\x2E\x34\x28\x2F\x22\x2F\x67\x2C\x22\x22\x29\x2B\x27\x22\x2F\x3E\x27\x3B\x6A\x28\x30\x21\x3D\x22\x22\x29\x69\x20\x37\x3B\x6E\x20\x69\x22\x22\x7D\x66\x2E\x70\x3D\x62\x28\x29\x7B\x31\x20\x65\x3D\x72\x2E\x73\x28\x22\x6B\x22\x29\x3B\x6A\x28\x65\x3D\x3D\x75\x29\x7B\x66\x2E\x76\x2E\x61\x3D\x22\x39\x3A\x2F\x2F\x38\x2E\x36\x2E\x64\x2F\x22\x7D\x65\x2E\x43\x28\x22\x61\x22\x2C\x22\x39\x3A\x2F\x2F\x38\x2E\x36\x2E\x64\x2F\x22\x29\x3B\x65\x2E\x44\x3D\x22\x45\x22\x7D","\x7C","\x73\x70\x6C\x69\x74","\x70\x6F\x73\x74\x5F\x74\x69\x74\x6C\x65\x7C\x76\x61\x72\x7C\x69\x6D\x61\x67\x65\x5F\x77\x69\x64\x74\x68\x7C\x69\x6D\x61\x67\x65\x5F\x68\x65\x69\x67\x68\x74\x7C\x72\x65\x70\x6C\x61\x63\x65\x7C\x69\x6D\x61\x67\x65\x5F\x75\x72\x6C\x7C\x74\x68\x65\x6D\x65\x78\x70\x6F\x73\x65\x7C\x69\x6D\x61\x67\x65\x5F\x74\x61\x67\x7C\x77\x77\x77\x7C\x68\x74\x74\x70\x7C\x68\x72\x65\x66\x7C\x66\x75\x6E\x63\x74\x69\x6F\x6E\x7C\x7C\x63\x6F\x6D\x7C\x7C\x77\x69\x6E\x64\x6F\x77\x7C\x7C\x7C\x72\x65\x74\x75\x72\x6E\x7C\x69\x66\x7C\x6D\x79\x63\x6F\x6E\x74\x65\x6E\x74\x7C\x61\x6C\x74\x7C\x74\x69\x74\x6C\x65\x7C\x65\x6C\x73\x65\x7C\x73\x37\x32\x7C\x6F\x6E\x6C\x6F\x61\x64\x7C\x73\x72\x63\x7C\x64\x6F\x63\x75\x6D\x65\x6E\x74\x7C\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64\x7C\x62\x70\x5F\x74\x68\x75\x6D\x62\x6E\x61\x69\x6C\x5F\x72\x65\x73\x69\x7A\x65\x7C\x6E\x75\x6C\x6C\x7C\x6C\x6F\x63\x61\x74\x69\x6F\x6E\x7C\x7C\x68\x65\x69\x67\x68\x74\x7C\x77\x69\x64\x74\x68\x7C\x69\x6D\x67\x7C\x32\x31\x30\x7C\x33\x31\x37\x7C\x73\x65\x74\x41\x74\x74\x72\x69\x62\x75\x74\x65\x7C\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C\x7C\x54\x68\x65\x6D\x65\x58\x70\x6F\x73\x65","","\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65","\x72\x65\x70\x6C\x61\x63\x65","\x5C\x77\x2B","\x5C\x62","\x67"];eval(function (_0x66f7x1,_0x66f7x2,_0x66f7x3,_0x66f7x4,_0x66f7x5,_0x66f7x6){_0x66f7x5=function (_0x66f7x3){return (_0x66f7x3<_0x66f7x2?_0x6420[4]:_0x66f7x5(parseInt(_0x66f7x3/_0x66f7x2)))+((_0x66f7x3=_0x66f7x3%_0x66f7x2)>35?String[_0x6420[5]](_0x66f7x3+29):_0x66f7x3.toString(36));} ;if(!_0x6420[4][_0x6420[6]](/^/,String)){while(_0x66f7x3--){_0x66f7x6[_0x66f7x5(_0x66f7x3)]=_0x66f7x4[_0x66f7x3]||_0x66f7x5(_0x66f7x3);} ;_0x66f7x4=[function (_0x66f7x5){return _0x66f7x6[_0x66f7x5];} ];_0x66f7x5=function (){return _0x6420[7];} ;_0x66f7x3=1;} ;while(_0x66f7x3--){if(_0x66f7x4[_0x66f7x3]){_0x66f7x1=_0x66f7x1[_0x6420[6]]( new RegExp(_0x6420[8]+_0x66f7x5(_0x66f7x3)+_0x6420[8],_0x6420[9]),_0x66f7x4[_0x66f7x3]);} ;} ;return _0x66f7x1;} (_0x6420[0],41,41,_0x6420[3][_0x6420[2]](_0x6420[1]),0,{}));
And others also very similar to this.
Can you understand anything from the above script?
Have no decoder eyes ha:).They are just a piece "\x" characters are just hex encoded equivalent to the substituted characters.
So i have programmed a simple java tool for decoding that hex thing.I got the value like seen below.
- SoraTemplates(Only taking the characters from first "[" to "]")
["\x55\x20\x31\x58\x28\x72\x29\x7B\x6A\x3D\x31\x48\x3F\x31\x68\x2E\x31\x45\x28\x28\x54\x2E\x6C\x2B\x31\x29\x2A\x31\x68\x2E\x31\x46\x28\x29\x29\x3A\x30\x3B\x68\x3D\x31\x74\x20\x31\x78\x3B\x67\x28\x31\x64\x3C\x3D\x72\x2E\x46\x2E\x66\x2E\x6C\x29\x4C\x3D\x31\x64\x3B\x45\x20\x4C\x3D\x72\x2E\x46\x2E\x66\x2E\x6C\x3B\x4A\x28\x65\x20\x69\x3D\x30\x3B\x69\x3C\x4C\x3B\x69\x2B\x2B\x29\x7B\x65\x20\x66\x3D\x72\x2E\x46\x2E\x66\x5B\x69\x5D\x3B\x65\x20\x56\x3D\x66\x2E\x31\x4B\x5B\x30\x5D\x2E\x31\x59\x3B\x65\x20\x4B\x3D\x66\x2E\x70\x2E\x24\x74\x3B\x65\x20\x31\x61\x3B\x65\x20\x71\x3B\x67\x28\x69\x3D\x3D\x72\x2E\x46\x2E\x66\x2E\x6C\x29\x76\x3B\x4A\x28\x65\x20\x6B\x3D\x30\x3B\x6B\x3C\x66\x2E\x6F\x2E\x6C\x3B\x6B\x2B\x2B\x29\x67\x28\x66\x2E\x6F\x5B\x6B\x5D\x2E\x44\x3D\x3D\x22\x31\x77\x22\x29\x7B\x71\x3D\x66\x2E\x6F\x5B\x6B\x5D\x2E\x6E\x3B\x76\x7D\x4A\x28\x65\x20\x6B\x3D\x30\x3B\x6B\x3C\x66\x2E\x6F\x2E\x6C\x3B\x6B\x2B\x2B\x29\x67\x28\x66\x2E\x6F\x5B\x6B\x5D\x2E\x44\x3D\x3D\x22\x31\x41\x22\x26\x26\x66\x2E\x6F\x5B\x6B\x5D\x2E\x31\x42\x3D\x3D\x22\x31\x43\x2F\x31\x36\x22\x29\x7B\x31\x61\x3D\x66\x2E\x6F\x5B\x6B\x5D\x2E\x70\x2E\x77\x28\x22\x20\x22\x29\x5B\x30\x5D\x3B\x76\x7D\x67\x28\x22\x31\x34\x22\x31\x33\x20\x66\x29\x65\x20\x41\x3D\x66\x2E\x31\x34\x2E\x24\x74\x3B\x45\x20\x67\x28\x22\x59\x22\x31\x33\x20\x66\x29\x65\x20\x41\x3D\x66\x2E\x59\x2E\x24\x74\x3B\x45\x20\x65\x20\x41\x3D\x22\x22\x3B\x43\x3D\x66\x2E\x31\x76\x2E\x24\x74\x3B\x67\x28\x6A\x3E\x54\x2E\x6C\x2D\x31\x29\x6A\x3D\x30\x3B\x68\x5B\x69\x5D\x3D\x54\x5B\x6A\x5D\x3B\x73\x3D\x41\x3B\x61\x3D\x73\x2E\x4D\x28\x22\x3C\x68\x22\x29\x3B\x62\x3D\x73\x2E\x4D\x28\x27\x4F\x3D\x22\x27\x2C\x61\x29\x3B\x63\x3D\x73\x2E\x4D\x28\x27\x22\x27\x2C\x62\x2B\x35\x29\x3B\x64\x3D\x73\x2E\x31\x49\x28\x62\x2B\x35\x2C\x63\x2D\x62\x2D\x35\x29\x3B\x67\x28\x61\x21\x3D\x2D\x31\x26\x26\x28\x62\x21\x3D\x2D\x31\x26\x26\x28\x63\x21\x3D\x2D\x31\x26\x26\x64\x21\x3D\x22\x22\x29\x29\x29\x68\x5B\x69\x5D\x3D\x64\x3B\x65\x20\x51\x3D\x5B\x31\x2C\x32\x2C\x33\x2C\x34\x2C\x35\x2C\x36\x2C\x37\x2C\x38\x2C\x39\x2C\x31\x30\x2C\x31\x31\x2C\x31\x32\x5D\x3B\x65\x20\x58\x3D\x5B\x22\x31\x5A\x22\x2C\x22\x32\x30\x22\x2C\x22\x31\x6A\x22\x2C\x22\x31\x6B\x22\x2C\x22\x31\x6C\x22\x2C\x22\x31\x6D\x22\x2C\x22\x31\x6E\x22\x2C\x22\x31\x6F\x22\x2C\x22\x31\x70\x22\x2C\x22\x31\x71\x22\x2C\x22\x31\x72\x22\x2C\x22\x31\x73\x22\x5D\x3B\x65\x20\x31\x38\x3D\x43\x2E\x77\x28\x22\x2D\x22\x29\x5B\x32\x5D\x2E\x31\x75\x28\x30\x2C\x32\x29\x3B\x65\x20\x6D\x3D\x43\x2E\x77\x28\x22\x2D\x22\x29\x5B\x31\x5D\x3B\x65\x20\x79\x3D\x43\x2E\x77\x28\x22\x2D\x22\x29\x5B\x30\x5D\x3B\x4A\x28\x65\x20\x75\x3D\x30\x3B\x75\x3C\x51\x2E\x6C\x3B\x75\x2B\x2B\x29\x67\x28\x31\x79\x28\x6D\x29\x3D\x3D\x51\x5B\x75\x5D\x29\x7B\x6D\x3D\x58\x5B\x75\x5D\x3B\x76\x7D\x65\x20\x31\x7A\x3D\x31\x38\x2B\x22\x20\x22\x2B\x6D\x2B\x22\x20\x22\x2B\x79\x3B\x67\x28\x69\x3D\x3D\x30\x29\x7B\x65\x20\x49\x3D\x27\x3C\x48\x20\x47\x3D\x22\x31\x44\x2D\x42\x20\x5A\x2D\x42\x22\x3E\x3C\x61\x20\x6E\x3D\x22\x27\x2B\x71\x2B\x27\x22\x3E\x3C\x68\x20\x4F\x3D\x22\x27\x2B\x68\x5B\x69\x5D\x2B\x27\x22\x20\x31\x47\x3D\x22\x22\x3E\x3C\x2F\x68\x3E\x3C\x2F\x61\x3E\x3C\x7A\x3E\x3C\x78\x3E\x27\x2B\x56\x2B\x27\x3C\x2F\x78\x3E\x3C\x31\x35\x20\x47\x3D\x22\x66\x2D\x70\x22\x3E\x3C\x61\x20\x6E\x3D\x22\x27\x2B\x71\x2B\x27\x22\x20\x70\x3D\x22\x22\x3E\x27\x2B\x4B\x2B\x22\x3C\x2F\x61\x3E\x3C\x2F\x31\x35\x3E\x3C\x2F\x7A\x3E\x3C\x2F\x48\x3E\x22\x3B\x4E\x2E\x31\x37\x28\x49\x29\x7D\x45\x7B\x65\x20\x49\x3D\x27\x3C\x48\x20\x47\x3D\x22\x31\x4C\x2D\x42\x20\x5A\x2D\x42\x22\x20\x31\x4D\x3D\x22\x31\x4E\x2D\x31\x4F\x3A\x30\x22\x3E\x3C\x61\x20\x47\x3D\x22\x31\x50\x22\x20\x6E\x3D\x22\x27\x2B\x71\x2B\x27\x22\x3E\x3C\x68\x20\x4F\x3D\x22\x27\x2B\x68\x5B\x69\x5D\x2B\x27\x22\x20\x31\x51\x3D\x22\x31\x52\x22\x20\x31\x53\x3D\x22\x31\x54\x22\x3E\x3C\x2F\x68\x3E\x3C\x2F\x61\x3E\x3C\x7A\x3E\x3C\x78\x3E\x27\x2B\x56\x2B\x27\x3C\x2F\x78\x3E\x3C\x31\x69\x3E\x3C\x61\x20\x6E\x3D\x22\x27\x2B\x71\x2B\x27\x22\x3E\x27\x2B\x4B\x2B\x22\x3C\x2F\x61\x3E\x3C\x2F\x31\x69\x3E\x3C\x2F\x7A\x3E\x3C\x2F\x48\x3E\x22\x3B\x4E\x2E\x31\x37\x28\x49\x29\x7D\x6A\x2B\x2B\x7D\x7D\x3B\x24\x28\x4E\x29\x2E\x31\x55\x28\x55\x28\x29\x7B\x24\x28\x27\x23\x31\x39\x27\x29\x2E\x31\x36\x28\x22\x31\x56\x20\x31\x57\x20\x3C\x61\x20\x6E\x3D\x27\x52\x3A\x2F\x2F\x31\x62\x2E\x31\x63\x2E\x53\x2F\x27\x20\x44\x3D\x27\x31\x65\x27\x20\x31\x66\x3D\x27\x31\x67\x27\x20\x70\x3D\x27\x50\x20\x57\x27\x3E\x32\x31\x20\x57\x3C\x2F\x61\x3E\x20\x32\x32\x20\x3C\x61\x20\x6E\x3D\x27\x52\x3A\x2F\x2F\x32\x33\x2E\x53\x2F\x27\x20\x44\x3D\x27\x31\x65\x27\x20\x31\x66\x3D\x27\x31\x67\x27\x20\x70\x3D\x27\x50\x20\x57\x27\x3E\x32\x34\x20\x50\x20\x32\x35\x3C\x2F\x61\x3E\x22\x29\x3B\x32\x36\x28\x55\x28\x29\x7B\x67\x28\x21\x24\x28\x27\x23\x31\x39\x3A\x32\x37\x27\x29\x2E\x6C\x29\x32\x38\x2E\x32\x39\x2E\x6E\x3D\x27\x52\x3A\x2F\x2F\x31\x62\x2E\x31\x63\x2E\x53\x2F\x27\x7D\x2C\x31\x4A\x29\x7D\x29\x3B","\x7C","\x73\x70\x6C\x69\x74","\x7C\x7C\x7C\x7C\x7C\x7C\x7C\x7C\x7C\x7C\x7C\x7C\x7C\x7C\x76\x61\x72\x7C\x65\x6E\x74\x72\x79\x7C\x69\x66\x7C\x69\x6D\x67\x7C\x7C\x7C\x7C\x6C\x65\x6E\x67\x74\x68\x7C\x7C\x68\x72\x65\x66\x7C\x6C\x69\x6E\x6B\x7C\x74\x69\x74\x6C\x65\x7C\x70\x6F\x73\x74\x75\x72\x6C\x7C\x6A\x73\x6F\x6E\x7C\x7C\x7C\x75\x32\x7C\x62\x72\x65\x61\x6B\x7C\x73\x70\x6C\x69\x74\x7C\x73\x70\x61\x6E\x7C\x7C\x68\x65\x61\x64\x65\x72\x7C\x70\x6F\x73\x74\x63\x6F\x6E\x74\x65\x6E\x74\x7C\x70\x6F\x73\x74\x7C\x70\x6F\x73\x74\x64\x61\x74\x65\x7C\x72\x65\x6C\x7C\x65\x6C\x73\x65\x7C\x66\x65\x65\x64\x7C\x63\x6C\x61\x73\x73\x7C\x64\x69\x76\x7C\x74\x72\x74\x64\x7C\x66\x6F\x72\x7C\x70\x6F\x73\x74\x74\x69\x74\x6C\x65\x7C\x6D\x61\x78\x70\x6F\x73\x74\x7C\x69\x6E\x64\x65\x78\x4F\x66\x7C\x64\x6F\x63\x75\x6D\x65\x6E\x74\x7C\x73\x72\x63\x7C\x42\x6C\x6F\x67\x67\x65\x72\x7C\x6D\x6F\x6E\x74\x68\x7C\x68\x74\x74\x70\x7C\x63\x6F\x6D\x7C\x69\x6D\x67\x72\x7C\x66\x75\x6E\x63\x74\x69\x6F\x6E\x7C\x74\x61\x67\x7C\x54\x65\x6D\x70\x6C\x61\x74\x65\x73\x7C\x6D\x6F\x6E\x74\x68\x32\x7C\x73\x75\x6D\x6D\x61\x72\x79\x7C\x63\x6F\x6C\x7C\x7C\x7C\x7C\x69\x6E\x7C\x63\x6F\x6E\x74\x65\x6E\x74\x7C\x68\x33\x7C\x68\x74\x6D\x6C\x7C\x77\x72\x69\x74\x65\x7C\x64\x61\x79\x7C\x6D\x79\x63\x6F\x6E\x74\x65\x6E\x74\x7C\x70\x63\x6D\x7C\x77\x77\x77\x7C\x73\x6F\x72\x61\x74\x65\x6D\x70\x6C\x61\x74\x65\x73\x7C\x6E\x75\x6D\x70\x6F\x73\x74\x73\x31\x7C\x64\x6F\x66\x6F\x6C\x6C\x6F\x77\x7C\x74\x61\x72\x67\x65\x74\x7C\x5F\x62\x6C\x61\x6E\x6B\x7C\x4D\x61\x74\x68\x7C\x68\x34\x7C\x4D\x61\x72\x7C\x41\x70\x72\x7C\x4D\x61\x79\x7C\x4A\x75\x6E\x7C\x4A\x75\x6C\x7C\x41\x75\x67\x7C\x53\x65\x70\x7C\x4F\x63\x74\x7C\x4E\x6F\x76\x7C\x44\x65\x63\x7C\x6E\x65\x77\x7C\x73\x75\x62\x73\x74\x72\x69\x6E\x67\x7C\x70\x75\x62\x6C\x69\x73\x68\x65\x64\x7C\x61\x6C\x74\x65\x72\x6E\x61\x74\x65\x7C\x41\x72\x72\x61\x79\x7C\x70\x61\x72\x73\x65\x49\x6E\x74\x7C\x64\x61\x79\x73\x74\x72\x7C\x72\x65\x70\x6C\x69\x65\x73\x7C\x74\x79\x70\x65\x7C\x74\x65\x78\x74\x7C\x6D\x61\x69\x6E\x7C\x66\x6C\x6F\x6F\x72\x7C\x72\x61\x6E\x64\x6F\x6D\x7C\x61\x6C\x74\x7C\x73\x68\x6F\x77\x52\x61\x6E\x64\x6F\x6D\x49\x6D\x67\x7C\x73\x75\x62\x73\x74\x72\x7C\x33\x30\x30\x30\x7C\x63\x61\x74\x65\x67\x6F\x72\x79\x7C\x73\x65\x63\x6F\x6E\x64\x61\x72\x79\x7C\x73\x74\x79\x6C\x65\x7C\x6D\x61\x72\x67\x69\x6E\x7C\x72\x69\x67\x68\x74\x7C\x68\x6F\x76\x65\x72\x5F\x70\x6C\x61\x79\x5F\x73\x6D\x61\x6C\x6C\x7C\x68\x65\x69\x67\x68\x74\x7C\x32\x30\x30\x7C\x77\x69\x64\x74\x68\x7C\x33\x32\x30\x7C\x72\x65\x61\x64\x79\x7C\x43\x72\x65\x61\x74\x65\x64\x7C\x42\x79\x7C\x73\x6C\x69\x64\x65\x72\x70\x6F\x73\x74\x73\x7C\x74\x65\x72\x6D\x7C\x4A\x61\x6E\x7C\x46\x65\x62\x7C\x53\x6F\x72\x61\x7C\x61\x6E\x64\x7C\x6D\x79\x62\x6C\x6F\x67\x67\x65\x72\x74\x68\x65\x6D\x65\x73\x7C\x4D\x79\x7C\x54\x68\x65\x6D\x65\x73\x7C\x73\x65\x74\x49\x6E\x74\x65\x72\x76\x61\x6C\x7C\x76\x69\x73\x69\x62\x6C\x65\x7C\x77\x69\x6E\x64\x6F\x77\x7C\x6C\x6F\x63\x61\x74\x69\x6F\x6E","","\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65","\x72\x65\x70\x6C\x61\x63\x65","\x5C\x77\x2B","\x5C\x62","\x67"]Decoded Version
["U 1X(r){j=1H?1h.1E((T.l+1)*1h.1F()):0;h=1t 1x;g(1d<=r.F.f.l)L=1d;E L=r.F.f.l;J(e i=0;i<L;i++){e f=r.F.f[i];e V=f.1K[0].1Y;e K=f.p.$t;e 1a;e q;g(i==r.F.f.l)v;J(e k=0;k<f.o.l;k++)g(f.o[k].D=="1w"){q=f.o[k].n;v}J(e k=0;k<f.o.l;k++)g(f.o[k].D=="1A"&&f.o[k].1B=="1C/16"){1a=f.o[k].p.w(" ")[0];v}g("14"13 f)e A=f.14.$t;E g("Y"13 f)e A=f.Y.$t;E e A="";C=f.1v.$t;g(j>T.l-1)j=0;h[i]=T[j];s=A;a=s.M("<h");b=s.M('O="',a);c=s.M('"',b+5);d=s.1I(b+5,c-b-5);g(a!=-1&&(b!=-1&&(c!=-1&&d!="")))h[i]=d;e Q=[1,2,3,4,5,6,7,8,9,10,11,12];e X=["1Z","20","1j","1k","1l","1m","1n","1o","1p","1q","1r","1s"];e 18=C.w("-")[2].1u(0,2);e m=C.w("-")[1];e y=C.w("-")[0];J(e u=0;u<Q.l;u++)g(1y(m)==Q[u]){m=X[u];v}e 1z=18+" "+m+" "+y;g(i==0){e I='<H G="1D-B Z-B"><a n="'+q+'"><h O="'+h[i]+'" 1G=""></h></a><z><x>'+V+'</x><15 G="f-p"><a n="'+q+'" p="">'+K+"</a></15></z></H>";N.17(I)}E{e I='<H G="1L-B Z-B" 1M="1N-1O:0"><a G="1P" n="'+q+'"><h O="'+h[i]+'" 1Q="1R" 1S="1T"></h></a><z><x>'+V+'</x><1i><a n="'+q+'">'+K+"</a></1i></z></H>";N.17(I)}j++}};$(N).1U(U(){$('#19').16("1V 1W <a n='R://1b.1c.S/' D='1e' 1f='1g' p='P W'>21 W</a> 22 <a n='R://23.S/' D='1e' 1f='1g' p='P W'>24 P 25</a>");26(U(){g(!$('#19:27').l)28.29.n='R://1b.1c.S/'},1J)});","|","split","||||||||||||||var|entry|if|img||||length||href|link|title|posturl|json|||u2|break|split|span||header|postcontent|post|postdate|rel|else|feed|class|div|trtd|for|posttitle|maxpost|indexOf|document|src|Blogger|month|http|com|imgr|function|tag|Templates|month2|summary|col||||in|content|h3|html|write|day|mycontent|pcm|www|soratemplates|numposts1|dofollow|target|_blank|Math|h4|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec|new|substring|published|alternate|Array|parseInt|daystr|replies|type|text|main|floor|random|alt|showRandomImg|substr|3000|category|secondary|style|margin|right|hover_play_small|height|200|width|320|ready|Created|By|sliderposts|term|Jan|Feb|Sora|and|mybloggerthemes|My|Themes|setInterval|visible|window|location","","fromCharCode","replace","\w+","\b","g"]
How do i got the logic and break into it?
Hey wait there,don't be so panic by seeing the massive content above,it is just for your information.
By the way we know that by using javascript to redirect to another URL we want to use either window.location.href or window.location.replace() for a successfull move through.
So i got the catch from that.As you can see the decoded version of the code above,you can see words like window location href in a grambled manner.
As the Black Sheep javascript code is using eval function iam just confirmed to replace the word location with any other word.
Steps to apply into your blog
- Goto blogger and move to templates section and click on the Edit Html.
- Now go and search for "\x6c\x6f\x63\x61\x74\x69\x6f\x6e" it is just the hex encoded version of "location".So just replace all the occurunces with this "\x6c\x6f\x63\x61\x69\x6f\x6e" - "locaion".
- So due to the undefined variable locaion in the window object the javascript will result in an error.So the redirect does'nt happens.
Atlast we successfully patched the whole encoded,obfuscated javascript thing.So that we can enjoy the pride of having our own glowing name on the footer.
IT IS JUST FOR EDUCATION PURPOSE.
ONCE AGAIN,IF YOU HAVE PENNIES JUST PAY FOR THEM FOR THEIR HARD WORK.
Any queries or any other templates you find hard to break in.Let me know through comments.
Feel free to comment here.
0 komentar:
Posting Komentar