~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

spam-L toys

NOTE: I do not possess a copy of the HayWyre Javascript obfuscator. Please don't bother to ask me for a copy, as I don't have it. I just ported the Javascript decoder (included in encoded messages) to Perl.

There are a lot of folks using the HayWyre Javascript obfuscator for bad, nasty, evil things, like AOL password grabbers (taking advantage of the brain-dead people of the world) and spam mail that automatically decodes itself inside HTML-savvy mailreaders (taking advantage of the brain-dead browsers and mailreaders of the world).

For kicks, I went ahead and wrote a Perl script that decodes these foul, beastly, things. I don't claim to have created a perfect script, nor do I claim that it is beautiful. But it does work, and it's now also available as a handy CGI script. Please report any bugs to schampeo+spam-l@hesketh.com.

Here's the test document I used (courtesy Morton Goldberg).

Run it like this:

example% ./decode_haywyre.pl [file-to-be-decoded]

Download the script, or the CGI script. The template I use simply contains a form that looks like this:

<form>
<textarea rows=8 cols=72>
<!--output-->
</textarea><br>
</form>
and expects input to come from a textarea named raw.

Here is another version of the script, courtesy Bob Thrush, along with two more example files. I've incorporated Bob's fixes into my script and into the CGI script.

Links to the examples as text documents:
credit.txt
join900.txt

Another Bob suggests that if you encounter a Haywyre-encoded file, you save it and edit the file so that document.write is replaced by a call to window.alert instead. This will allow you to view the raw HTML, if that's all you want, but won't allow you to copy/paste the text.

Joel Rubin writes:

It works fine with Perl for Win32 (Activestate version 5.005_03 build
515) although it's easier to use Sam Spade's recommended method with
IE5:

http://samspade.org/d/javascript.html

download the free MS Web Developers' Accessory Pack and use "view
partial source".

More test documents, this time from Paul Bender (links are to .txt files, so you can open the documents without fear of executing the Javascript):

spammedsite2.txt
spammedsite3.txt

Here's another decoder, from net.demon.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Back Home

Contents copyright © 1996, 1997, 1998, 1999, 2000 Steve Champeon. All rights reserved.