Sneaky trick to de-obfuscate Omniture JavaScript plugins

My current job involves working extensively with Omniture products. The company has an annoying habit of secrecy, with documentation only available on request for many aspects of their products.

De-obfuscate Omniture JavaScript plugins

They also attempt to obfuscate their JavaScript, despite the fact that a determined viewer should be able to work it out eventually. I'm told this is so that people aren't tempted to play with the code. The obvious methods of deobfuscation are pretty tedious, and because Omniture don't use standard (minify et al) methods of obfuscation so it seems a little more difficult. Fortunately I lucked onto a better approach.

You'll need Firebug, and if you don't have that already you should anyway. Go to a page that already has the Omniture "plugin" (function) you want. Open the Firebug console and run alert(s.functionNameYouWant) and run it. You'll be shown a nicely-formatted anonymous function, which will be much easier to read than the line noise you'll see in the actual s_code.js file.

In my case I'm after Cross-Visit Participation, and that's used on the Omniture site itself (though an older version than the latest available from Omniture which has a very useful additional feature).

Update on 22nd March 2010

I discovered, while trying to reverse-engineer the s.Media() functions, that some plugins are loaded as "Modules" which presents a further layer to get through. But it's still pretty simple. Using this handy snippet you can decode the objects. So, for example, to get readable source for s.Media, do this in Firebug:


function concatObject(obj) {
  for(prop in obj)
    str+=prop + " value :"+ obj[prop]+"\n";
Another update
I received a better way to do this, detailed in this post.
0 responses