Advanced Javascript Obfuscation

Question

I've been training heavily in JS obfuscation, starting to know my way around all advanced concepts, but I recently found an obfuscated code, I believe it is some form of "Native Javascript Code", I just can't find ANY documentation on this type of obfuscation :

Here is a small extract :

'\141\75\160\162\157\155\160\164\50\47\105\156\164\162\145\172\40'

It is called this way :

eval(eval('\141\75\160\162\157\155\160\164\50\47\105\156\164\162\145\172\40'))

Since the code is the work of another and I encoutered it in a JS challenge I'm not posting the full code, so the example I gave won't work, but the full code does work.

So here is my question: What type of code is this? And where can I learn more about it?

Any suggestions appreciated :)

Answer 1

It's just a string with the characters escaped. You can read it in the JavaScript console in any browser:

console.log('\141\75\160\162\157\155\160\164\50\47\105\156\164\162\145\172\40')

will print:

"a=prompt('Entrez "

Answer 2

It's just escaped characters, one part outputting the string of a query and another actually running the returned string - try calling it in a console.

eval('\160\162\157\155\160\164\50\47\105\156\164\162\145\172\47\51')

Might help?

Answer 3

These numbers is the ascii codes (http://www.asciitable.com/index/asciifull.gif) of characters (in Octal representation). You can convert it to characters. This is used when somebody wants to make an XSS attack, or wants to hide the js code.

So the string what you written represents:

 a=prompt('Entrez 

The js engines, browsers can translate the octal format to the 'real' string. With eval function it could run. (in case the 'translated' code has no syntax errors)