Re^2: Old Script with an Issue Due to Img Tag Use

Hi AM,

overload::eval is 'Hooks the native string eval() function' is according to its description. It is not for decoding.

Comment on Re^2: Old Script with an Issue Due to Img Tag Use

Replies are listed 'Best First'.
Re^3: Old Script with an Issue Due to Img Tag Use by Anonymous Monk on Feb 01, 2015 at 16:21 UTC
Yes and no, it doesn't decode directly - but many obfuscated scripts work by decoding a string that contains some code (like in the OP's example), and then evaling that string. So hooking eval to print the code instead of running it actually does decode such scripts. For example, scroll down to the bottom of that forum thread you linked to earlier. I'm not sure if the OP's script uses eval, but it seems like a good guess.	[reply]

Replies are listed 'Best First'.

Re^3: Old Script with an Issue Due to Img Tag Use
by Anonymous Monk on Feb 01, 2015 at 16:21 UTC

Yes and no, it doesn't decode directly - but many obfuscated scripts work by decoding a string that contains some code (like in the OP's example), and then evaling that string. So hooking eval to print the code instead of running it actually does decode such scripts. For example, scroll down to the bottom of that forum thread you linked to earlier. I'm not sure if the OP's script uses eval, but it seems like a good guess.

[reply]