What does this anti-theft code in Javascript do?

9

What does this anti-theft code in Javascript do?

<html><head></head><body onload="challenge();">
<script>
eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\b'+e(c)+'\b','g'),k[c]);return p}('1 6(){2.3=\'4=5; 0-7=8; 9=/\';a.b.c()}',13,13,'max|function|document|cookie|Anti-Robot|ee2c23967cffbc6dff69153929fd8155017def99|challenge|age|86400|path|window|location|reload'.split('|'),0,{}))
</script>
</body></html>

A few weeks ago I saw a discussion about Parsear sites where one of the members posted this code anti-robo it was also reported that the software used by him during the process was an exorbitant time trying to download a single page and in the end there was only this anti-theft code and no content of the desired page, unfortunately I no longer have the link of the discussion or the site whose page has this anti-theft.

Note: He was informed that he was using the PhantomJS software configured with a user-agent so it looks like chrome / firefox).

Obs2: This is the original code format

    
asked by anonymous 19.05.2015 / 16:47

1 answer

11

The original code is:

function challenge() {
    document.cookie = 'Anti-Robot=ee2c23967cffbc6dff69153929fd8155017def99; max-age=86400; path=/';
    window.location.reload()
}

It basically sets the cookie Anti-Robot and then refreshes the page.

The cookie is probably used later on the server to prevent a form from being submitted or a request from automated scripts.

Perhaps the value of the cookie will be invalidated on each request and generated again, such as a token type with a limited duration. This is a common technique in several frameworks of different languages to avoid duplicate requests (user double clicks the button, the browser makes 2 submits, but the second is ignored by the server because the token has already been used in the first request) and some security holes.

However, you would need to evaluate the code in context to be sure.

    
19.05.2015 / 18:44