Javascript OBFUSCATION and DEOBFUSCATION
Hi everyone i’am khireddine IT student and security lover, this is my first Article that i write in medium, i decided to write articles in medium because i’am very believer in “learning and share” methology.
So today I've been in simple CTF that talks about javascript OBFUSCATION, and how it’s used by good and bad people, and i wanted to share what i’ve learned.
javascript obfuscation is a technique used to write a js code in other format, but the code still works, with a little loss of performance.
it’s main objectif is make the code hard to read and analyse, copy and reuse .
How js OBFUSCATION used:
good actors “programmer”:
programmers use js obfuscation to make some functionalities and there code hard to analyse and hard to know what the code actually is, from the others who do not have the permission to reuse or rewrite it.
add some security to the code, and make the code hard to analyse for finding vulnerabilities.
bad actors “hacker”:
JS obfuscation also used to by hackers, in writing malicious softwares and scripts.
It make the malicious code hard to detect by “IPS/IDS”, or reverse engineer the code.
You can obfuscate your javascript code in two ways, manually but this is not practical because sometimes you need to obfuscate code containing thousands of lines or by using tools that are available opensource or online tools.
Types of javascript obfuscation:
The are a lot of tools used to obfuscate javascript code, in automated way, sometimes you need to build your own tool, it depends.
minifying javascript code:
“JavaScript minification” this is the simple way for obfuscating js code without losing the effectiveness or performance of the code, it used to write the entire js code in one line, it’s useful only for longer code.
many tools are available one of them: https://javascript-minifier.com/
packing javascript code
another method of obfuscating js code called packing, this method is all about the eval function and other function that represent the code.
packing is like pointers it create vars that points to the actual code, so the packer will transfer all words in the code into a list or map “dictionary in python”, and then create a function with more then one argument “ex: fun(a,b,c,d,e,f)” and use those vars to point to the code and rebuild it.
the function and the args and list “code” are represented as a string which will be then evaluated using the eval function.
to read about eval function “use this url”.
the tool used: https://beautifytools.com/javascript-obfuscator.php#
advanced methods:
the problem with the above methods, are containing human readable format, so it’s possible to know what the actually code do, or in other term reverse engineer the obfuscate js code.
there are also other advanced methods that transfer your code to completely new format, 100% different from the source code “initial js code format”, and the result code will have the same functionality like the initial code with some lose of performance.
the tool used https://obfuscator.io/, it also provide other functionalities like anti-debugging …etc, “it’s better to try it yourself”.
DEOBFUSCATION
now after getting familiar with what is obfuscation, it’s time to the opposite operation, deobfuscation is the process of getting from the obfuscating js code to the initial js code, using also automated tools.
There are several tools used: beautifier prettier and the built in browser tools like pretty print.
The problem with the automated tools, that is can’t deal with any obfuscation method. especially if the tool was written by the programmer or the hacker and it’s not available publicly, in this case you need manually reverse engineer the code to understand it’s functionality.
FOLLOW me in twitter and lets learn together.
CONTACT me in linkedin.