chacko chacko - 1 year ago 157
Javascript Question

javascript in google - what's it doing ? and is it trying to encrypt its work

the first javascript < script >< /script > in google
looks like this: (note I have used jsbeautifier.org to render it nicely)

window.google = {
kEI: "Eqx4TailJIez8QOhrtAxSw",
kEXPI: "17259,17291,28460,21559,28595,28605,29014,29135,29249,29254,29265,29279",
kCSI: {
e: "17159,17291,21460,28559,28595,28605,29014,29135,29249,29254,29265,29279",
ei: "Ex4TailJIez8QOhrtGwBA",
expi: "17159,17291,28460,28559,28595,28605,29014,29135,29249,29254,29265,29279"
},
ml: function () {},
pageState: "#",
kHL: "en",
time: function () {
return (new Date).getTime()
},
log: function (c, d, b) {
var a = new Image,
e = google,
g = e.lc,
f = e.li;
a.onerror = (a.onload = (a.onabort = function () {
delete g[f]
}));
g[f] = a;
b = b || "/gen_204?atyp=i&ct=" + c + "&cad=" + d + "&zx=" + google.time();
a.src = b;
e.li = f + 1
},
lc: [],
li: 0,
j: {
en: 1,
l: function () {
google.fl = true
},
e: function () {
google.fl = true
},
b: location.hash && location.hash != "#",
bv: 5,
pl: [],
mc: 0,
sc: 0.5,
u: ""
},
Toolbelt: {} };


Can somebody expain what it does ?
is it capturing information about me ?
or are they just trying to encrypt their javascript to protect their code ?

Many thanks,

Answer Source

What it does:

This code, apparently, defines the top-level global google object, which has one main function, google.log.

google.log seems to grab an image from the url: www.google.com/gen_204?atyp=... with a time-stamp to avoid caches. After this image loads, it deletes itself.

google.log then appears to be using some tracking mechanism (similar to Google Analytics) to track visits to the page.


Explanation for the weird obfuscation:

All Google code is compiled by the Closure Compiler in Advanced mode, which automatically obfuscates the entire site.

The Dojo Library is the only common JavaScript library (outside of the Closure Library) which can be used with the Closure Compiler's Advanced mode.

Compiled code has exactly the same behavior as plain-text code, except that it is much smaller (average 25% over minifiers), runs much faster (especially on mobile devices), and is almost impossible to reverse engineer, even after passing through a beautifier, because the entire code base (including the library) is obfuscated.

Code that is only "minified" (e.g. YUI compressor, Uglify) can be easily reverse-engineered after passing through a beautifier.

You have been only reading "minified" JavaScript before. Closure Compiler goes way further than this.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download