Encryption?

[ArtDeco]

Hi guys need help . WF taught me to one thing besides never click a cloaked link ; never run anything I can't read and understand on my server. I have some scripts and wp plugins that have code that looks like this:

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('o ay={as:\'1.11\'};h $61(L){k(L!=9t)};h $C(L){m(!$61(L))k Q;m(L.4t)k\'F\';o C=6l L;m(C==\'2p\'&&L.at){28(L.7L){15 1:k\'F\';15 3:k(/\\S/).2L(L.8j)?\'au\':\'aA\'}}m(C==\'2p\'||C==\'h\'){28(L.9u){15 2l:k\'1t\';15 6p:k\'56\';15 18:k\'7u\'}m(6l L.U==\'4z\'){m(L.2X)k\'aI\';m(L.7O)k\'19\'}}k C};h $1X(){o 4P={};K(o i=0;i<19.U;i++){K(o G 1c 19){o ap=19[G];o 5Q=4P[G];m(5Q&&$C(ap)==\'2p\'&&$C(5Q)==\'2p\')4P[G]=$1X(5Q,ap);1a 4P[G]=ap}}k 4P};o $O=h(){o 1i=19;m(!1i[1])1i=[c,1i[0]];K(o G 1c 1i[1])1i[0][G]=1i[1][G];k 1i[0]};o $4j=h(){K(o i=0,l=19.U;i<l;i++){19.O=h(1M){K(o 1V 1c 1M){m(!c.1E[1V])c.1E[1V]=1M[1V];m(!c[1V])c[1V]=$4j.5R(1V)}}}};$4j.5R=h(1V){k h(V){k c.1E[1V].3u(V,2l.1E.8O.1W(19,1))}};$4j(73,2l,5z,8G);h $2r(L){k!!(L||L===0)};h $4K(L,96){k $61(L)?L:96};h $7q(3V,2b){k 1j.aL(1j.7q()*(2b-3V+1)+3V)};h $3i(){k N 9l().9m()};h $6j(1O){a8(1O);ab(1O);k 1h};o 3a=h(L){L=L||{};L.O=$O;k L};o ao=N 3a(T);o ah=N 3a(P);P.5q=P.2F(\'5q\')[0];T.3r=!!(P.4O);m(T.90)T.2q=T[T.6a?\'bv\':\'9s\']=1e;1a m(P.8B&&!P.bg&&!bi.bj)T.3J=T[T.3r?\'bf\':\'5g\']=1e;1a m(P.be!=1h)T.7y=1e;T.ba=T.3J;7s.O=$O;m(6l 52==\'9t\'){o 52=h(){};m(T.3J)P.8Q("bc");52.1E=(T.3J)?T["[[bd.1E]]"]:{}}52.1E.4t=h(){};m(T.9s)4g{P.bl("bs",Q,1e)}4l(e){};o 18=h(1y){o 58=h(){k(19[0]!==1h&&c.1p&&$C(c.1p)==\'h\')?c.1p.3u(c,19):c};$O(58,c);58.1E=1y;58.9u=18;k 58};18.1l=h(){};18.1E={O:h(1y){o 5G=N c(1h);K(o G 1c 1y){o 9v=5G[G];5G[G]=18.9w(9v,1y[G])}k N 18(5G)},3G:h(){K(o i=0,l=19.U;i<l;i++)$O(c.1E,19)}};18.9w=h(3C,29){m(3C&&3C!=29){o C=$C(29);m(C!=$C(3C))k 29;28(C){15\'h\' 7k=h(){c.1q=19.7O.1q;k 29.3u(c,19)};7k.1q=3C;k 7k;15\'2p\':k $1X(3C,29)}}k 29};o 74=N 18({br:h(R){c.3R=c.3R||[];c.3R.1g(R);k c},
etc., etc. etc.
What is this and can I decode it ? Zend, Base 64, something new?

 

[awesometbn]

Try doing a little bit of googling before posting. Found this in about two seconds. Enjoy.

Yet Another Infosec Blog: Defeating Dean Edwards' Javascript Packer

 

[kblessinggr]

Try doing a little big of googling before posting. Found this in about two seconds. Enjoy.

Yet Another Infosec Blog: Defeating Dean Edwards' Javascript Packer

yea its packer if thats out of a JS (the p,a,c,k,e,d is a dead givaway), handy for making shit smaller though. Though most just use it to try to project their scripts from being modified (lightview and other ajax style scripts use this quite a bit). You'll only see zend in PHP, and they won't start with eval().

 

[ArtDeco]

Yes it is from JS - and I really don't intend to modify it - I just want to un-pack it to see if it is really safe to run. I have another site where someone hacked the RSS feed (although not the site itself, BTW ) and I don't want to send anyone to a meat spinner or worse. Thanks.