Cara Decode Hex Javascript Agar Terbaca

Cara Decode Hex Javascript Agar TerbacaShare on FacebookTwitterTwitter

Decode Hexadecimal

Sebenarnya itu hanya code javascript biasa, tapi karena suatu alasan, kita ingin menyembunyikan code tersebut menggunakan Obfuscator. Hasilnya Code Javascprit akan menjadi hexadecimal dan sulit untuk dibaca, terkadang developer akan menyimpan source asli yang belum di rubah, untuk jaga-jaga kalau ada perubahan code.

var _0x48a5=["\x64\x69\x76","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x3C\x68\x31\x20\x73\x74\x79\x6C\x65\x3D\x22\x63\x6F\x6C\x6F\x72\x3A\x23\x63\x63\x63\x3B\x22\x3E\x53\x65\x6C\x61\x6D\x61\x74\x20\x44\x61\x74\x61\x6E\x67\x20\x64\x69\x20\x57\x65\x62\x4A\x61\x6C\x61\x6E\x61\x6E\x2E\x3C\x2F\x68\x31\x3E","\x3C\x70\x3E\x42\x65\x6C\x61\x6A\x61\x72\x20\x64\x65\x63\x6F\x64\x65\x20\x27\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x27\x20\x62\x65\x72\x73\x61\x6D\x61\x20","\x3C\x61\x20\x68\x72\x65\x66\x3D\x22\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x77\x65\x62\x6A\x61\x6C\x61\x6E\x61\x6E\x2E\x63\x6F\x6D\x22\x3E\x57\x65\x62\x4A\x61\x6C\x61\x6E\x61\x6E\x3C\x2F\x61\x3E","\x3C\x62\x72\x2F\x3E\x6C\x65\x74\x27\x73\x20\x45\x78\x70\x65\x72\x69\x6D\x65\x6E\x74\x20\x77\x69\x74\x68\x20\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x2E","\x3C\x62\x72\x2F\x3E\x6C\x65\x74\x20\x6D\x65\x20\x65\x73\x63\x61\x70\x65\x20\x69\x6E\x20\x74\x65\x78\x74\x61\x72\x65\x61\x20\x28\x20\x54\x61\x62\x3D\x09\x54\x61\x62\x29\x20\x61\x6E\x64\x20\x28\x20\x6E\x65\x77\x4C\x69\x6E\x65\x3D\x0A\x20\x0D\x20\x4E\x65\x77\x4C\x69\x6E\x65\x29","\x3C\x2F\x70\x3E","\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64","\x62\x6F\x64\x79","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65"];function createElement(){var _0x50bex2=document[_0x48a5[1]](_0x48a5[0]);var _0x50bex3=_0x48a5[2]+ _0x48a5[3]+ _0x48a5[4]+ _0x48a5[5]+ _0x48a5[6]+ _0x48a5[7];_0x50bex2[_0x48a5[8]]= _0x50bex3;document[_0x48a5[11]](_0x48a5[10])[0][_0x48a5[9]](_0x50bex2)}


Bagaimana kalau kehilangan code aslinya..? 

Ya, mau tidak mau kita harus berusaha memecahkan code yang sudah kita sembunyikan agar bisa kita edit seperti sedia kala. Ada berbagai decode yang mungkin kita butuhkan, tergantung bagaimana cara kita menyembunyikan Javascript, yang paling umum biasanya PACKER dan OBFUCATOR (convert ke hexadecimal).

Packer Javascript lebih mudah, karena code masih bisa terbaca, cara Unpacker akan kita bahas di postingan yang lain, untuk saat ini kita akan fokus membaca code yang disembunyikan menggunakan Obfuscator

Berikut Cara Decode Hex Javascript

Pertama kita akan membagi code menjadi dua bagian :

1. Array Hexadecimal

var _0x48a5=["\x64\x69\x76","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x3C\x68\x31\x20\x73\x74\x79\x6C\x65\x3D\x22\x63\x6F\x6C\x6F\x72\x3A\x23\x63\x63\x63\x3B\x22\x3E\x53\x65\x6C\x61\x6D\x61\x74\x20\x44\x61\x74\x61\x6E\x67\x20\x64\x69\x20\x57\x65\x62\x4A\x61\x6C\x61\x6E\x61\x6E\x2E\x3C\x2F\x68\x31\x3E","\x3C\x70\x3E\x42\x65\x6C\x61\x6A\x61\x72\x20\x64\x65\x63\x6F\x64\x65\x20\x27\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x27\x20\x62\x65\x72\x73\x61\x6D\x61\x20","\x3C\x61\x20\x68\x72\x65\x66\x3D\x22\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x77\x65\x62\x6A\x61\x6C\x61\x6E\x61\x6E\x2E\x63\x6F\x6D\x22\x3E\x57\x65\x62\x4A\x61\x6C\x61\x6E\x61\x6E\x3C\x2F\x61\x3E","\x3C\x62\x72\x2F\x3E\x6C\x65\x74\x27\x73\x20\x45\x78\x70\x65\x72\x69\x6D\x65\x6E\x74\x20\x77\x69\x74\x68\x20\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x2E","\x3C\x62\x72\x2F\x3E\x6C\x65\x74\x20\x6D\x65\x20\x65\x73\x63\x61\x70\x65\x20\x69\x6E\x20\x74\x65\x78\x74\x61\x72\x65\x61\x20\x28\x20\x54\x61\x62\x3D\x09\x54\x61\x62\x29\x20\x61\x6E\x64\x20\x28\x20\x6E\x65\x77\x4C\x69\x6E\x65\x3D\x0A\x20\x0D\x20\x4E\x65\x77\x4C\x69\x6E\x65\x29","\x3C\x2F\x70\x3E","\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64","\x62\x6F\x64\x79","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65"];
Untuk membaca code diatas, ane membuat aplikasi sederhana dengan mengubah code hexadecimal menjadi ASCII, silahkan klik tombol Decode Hex to ASCII untuk melihat hasil perubahan hexadecimal ke ascii

*Source code aplikasi, ada di bawah postingan ini

Hasil decode akan menjadi array javascript yang bisa terbaca, seperti ini :
var _0x48a5=["div", "createElement", "<h1 style=\"color:#ccc;\">Selamat Datang di WebJalanan.</h1>", "<p>Belajar decode \'javascript\' bersama ", "<a href=\"https://www.webjalanan.com\">WebJalanan</a>", "<br/>let\'s Experiment with javascript.", "<br/>let me escape in textarea ( Tab=\tTab) and ( newLine=\n \r NewLine)", "</p>", "innerHTML", "appendChild", "body", "getElementsByTagName"];

2. Javascript Function

function createElement(){var _0x50bex2=document[_0x48a5[1]](_0x48a5[0]);var _0x50bex3=_0x48a5[2]+ _0x48a5[3]+ _0x48a5[4]+ _0x48a5[5]+ _0x48a5[6]+ _0x48a5[7];_0x50bex2[_0x48a5[8]]= _0x50bex3;document[_0x48a5[11]](_0x48a5[10])[0][_0x48a5[9]](_0x50bex2)}
Code 2 ini sebenarnya code asli kita, hanya saja banyak element dan object yang dirubah ke Array di Code 1. Jadi sekarang tinggal kita ganti kembali sesuai index (urutan) Array, dengan aturan sbb :
  • code yang diapit [] rubah menjadi .valueArray
    contoh : [_0x48a5[1]] di ubah menjadi .createElement
  • yang langsung index Array rubah menjadi String ==> "valueArray"
    contoh : _0x48a5[0] diubah menjadi "div"
Butuh waktu lama untuk merubahnya satu persatu, jadi ane buat lagi aplikasi untuk merubah secara massal

Status : idle

Array contoh: var _0x48a5=["..."];
Function contoh: function(){......}


Dari sini code sudah selesai dan sudah bisa kita baca, tinggal kita rapikan manual atau menggunakan beautifier, Nama variabel yang terlihat tidak enak seperti _0x50bex2, tidak masalah walaupun tidak kita rubah, code tetap bisa berjalan, tapi kalau mau dirubah sesuai yag di inginkan juga boleh.

Decode hex javascript


Source Code DeObfuscator Javascript

Aplikasi ini menggunakan JQuery

<!-- Code CSS -->
<style type="text/css">.container{padding-right: 15px; padding-left: 15px; margin-right: auto; margin-left: auto;width: 900px;}.row{margin-right: -15px; margin-left: -15px;}.clear{clear:both;}.col-md-6{width: 50%;}.col-md-12{width: 100%;}.col-md-6, .col-md-12{float: left;position: relative;min-height: 1px;}.title{color:#fff;text-align:center;}.btn{display: inline-block;padding: 6px 12px;margin-bottom: 0;font-size: 14px;font-weight: normal;line-height: 1.42857143;text-align: center;white-space: nowrap;vertical-align: middle;-ms-touch-action: manipulation;touch-action: manipulation;cursor: pointer;-webkit-user-select: none;-moz-user-select: none;-ms-user-select: none;user-select: none;background-image: none;border: 1px solid transparent;border-radius: 4px;}.btn:hover, .btn:focus, .btn.focus{color: #333; text-decoration: none;}.btn-info{color: #fff; background-color: #5bc0de; border-color: #46b8da;}.btn-info:hover{color: #fff; background-color: #31b0d5; border-color: #269abc;}.btn-success{color: #fff; background-color: #5cb85c; border-color: #4cae4c;}.btn-success:hover{color: #fff; background-color: #449d44; border-color: #398439;}</style>

<!-- CODE HTML -->
<div class='container'><div class='row'><div class="col-md-12" style="background: #333; padding: 10px;"><h1 class="title">Rubah Hexadecimal ke ASCII</h1><textarea class="col-md-12" id="en_hex" style="min-height: 250px;"></textarea><button class="col-md-12 btn btn-success" id="btn_hex">Decode Hex to ASCII</button></div><div class="clear"><hr/></div><div class="col-md-12" style="background: #333; padding: 10px;"><h1 class="title">Merubah Array ke Fungsi Javascript</h1><div class="col-md-12" style="margin: 10px; padding-bottom: 10px; color:#fff !important;"><h3 id="status"></h3><div class="hide" id="arrayAscii"></div><code class="col-md-12 prettyprint" id="sourceCode"></code></div><div class="col-md-6"><p style="color:#fff"><b>Array</b> <i>contoh: </i> <span class="highlight">var _0x48a5=["..."];</span><br/></p><textarea class="col-md-12" id="codeArray" style="min-height: 250px;"></textarea></div><div class="col-md-6"><p style="color:#fff"><b>Function</b><br/></p><textarea class="col-md-12" id="codeJava" style="min-height: 250px;"></textarea></div><div class="col-md-12" id="info"><hr/><button class="col-md-12 btn btn-info" id="ubahMassal">Ubah code Secara Massal</button></div></div></div></div>

<!-- CODE JAVASCRIPT -->
<script type="text/javascript">
function toASCII(e){for(var a=e.toString(),t="",n=0;n<a.length;n+=2)t+=String.fromCharCode(parseInt(a.substr(n,2),16));return t.replace(/\\/g,"\\").replace(/\n/g,"\\n").replace(/\r/g,"\\r").replace(/\t/g,"\\t").replace(/"/g,'\\"').replace(/'/g,"\\'")}$("#ex").on("click",function(){$("#en_hex").val($(".contoh1").text()),$("#codeJava").val($(".contoh2").text())}),$("#btn_clear").on("click",function(){$("textarea, input").val("")}),$("#btn_hex").on("click",function(){var e=toASCII("2A43617261206D656E6767756E616B616E2041706C696B617369"),a=$("#en_hex").val().replace(/\n/g,"").split("="),t=a[1].replace(/\[|\]|"|\\x|;|\n|\t|\s|\r/g,"").split(","),n="";if("function"==typeof toASCII){var r=toASCII("3C6120687265663D2768747470733A2F2F7777772E7765626A616C616E616E2E636F6D2F323031392F30382F636172612D6465636F64652D6865782D6A6176617363726970742D616761722D746572626163612E68746D6C27207461726765743D275F626C616E6B273E").replace(/\'|\\/g,"");info.innerHTML=r+e+toASCII("3C2F613E").replace(/\'|\\/g,"")}else alert("Maaf ASCII tidak berjalan !\n Gunakan Firefox/Chrome Terbaru");for(var o=0;o<t.length;o++)o==t.length-1?n+='"'+toASCII(t[o])+'"':n+='"'+toASCII(t[o])+'", ';document.getElementById("info").appendChild(info),$("#en_hex").val(a[0]+"=["+n+"];"),$("#codeArray").val(a[0]+"=["+n+"];")});var intDecode,stringName,info=document.createElement("p");function ubahMassal(){var e=new RegExp(stringName+"\\[\\d+\\]","g"),a=window[stringName];if(null==$("#sourceCode").text().match(e))clearInterval(intDecode),$("#status").html("Done ! Silahkan Copy code dibawah ini");else{$("#status").html("<b>Load !</b> Sisa array : "+$("#sourceCode").text().match(e).length);for(var t=$("#sourceCode").text(),n=0;n<a.length;n++){var r=new RegExp(stringName+"\\["+n+"\\]","g"),o=new RegExp("\\["+stringName+"\\["+n+"\\]\\]","g"),l=a[n].replace(/"/g,'\\"').replace(/'/g,"\\'");null!=t.match(o)?(t=t.replace(o,"."+l),$("#sourceCode").text(t)):null!=t.match(r)&&(t=t.replace(r,'"'+l+'"'),$("#sourceCode").text(t))}}}$("#ubahMassal").on("click",function(){$("#arrayAscii").text($("#codeArray").val()),$("#sourceCode").text($("#codeJava").val());var e=document.createElement("SCRIPT"),a=document.createTextNode($("#codeArray").val());e.appendChild(a),document.getElementById("arrayAscii").appendChild(e);var t=$("#codeArray").val().split("=");null!=t[0].match(/var/g)&&(t=t[0].replace(/var|\s/g,""),stringName=t,intDecode=setInterval(ubahMassal,300))});
</script>