File given to us:
This is the original file:
87C483A4CA85374E98FFB85FD5E867EC.zip
Recommended Tools:
Luck+memory
Windows Script Decoder (http://www.virtualconspiracy.com/index.php?page=scrdec/intro) - Decode encoded stuff by Microsoft Script Encoder
FireBug (http://getfirebug.com/)
TriD (http://mark0.net/soft-trid-e.html)
Analysing the File:
Using file and TriD and i cannot correctly identify what is this file. Then i opened up in Notepad++ and i find it familiar.
Thank goodness i'm a fan of Yosuke Hasegawa and i saw that this file bears resemblance to his jjencode (http://utf-8.jp/public/jjencode.html)
Ok, now i may be on the right track that this file may be encoded with jjencode...so how do i decode this? :(
I started googling for a decoder and i found this website (http://www.e-x-e.dk/2011/07/28/jjencode-decoder-jjdecode/).
But sadly it couldn't work for this. :(
Solving the Puzzle:
Finally, after several hours. i found this, Microsoft Script Encoder (http://www.microsoft.com/download/en/details.aspx?id=3375).
Could it be using this? So instantly i googled for the decoder for this and i found this useful tool, Windows Script Decoder (http://www.virtualconspiracy.com/index.php?page=scrdec/intro).
So i downloaded and tried it and i got back some Obfuscated looking Javascript like this.
Immediately, i placed the Obfuscated Javascript into a html file and start using Firebug to debug it.
Finally, i got the following key CodeGate_JavaScriptEncode_Key with value "120a151156120a163t111163120lea163u162e!" in the DOM tab. :P
cheers
0x4a61636f62
No comments:
Post a Comment