Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
Thread: De-Obsfucating JS Code
08-20-2010, 10:44 AM #1
- Join Date
- Oct 2009
- Thanked 0 Times in 0 Posts
De-Obsfucating JS Code
I am working on a website for an online store, and all has been going well for the past few months - the site has been running successfully for a while now.
Unfortunately, some git has hacked the site and inserted obfuscated JS code at the bottom of several pages of code. I need to find out what this code is doing in order to find out what's going on and who is doing this.
I have seen other people looking to de-obsfucate JS code, and they seem to get accused of stealing code. I have to insist that what I am doing is completely ethical and honest, and given half a chance I'd like to see these f**kers crucified.
Thanks for any pointers or suggestions you guys can give me.
08-20-2010, 05:48 PM #2
- Join Date
- Sep 2002
- Saskatoon, Saskatchewan
- Thanked 2,659 Times in 2,628 Posts
Interpreted languages still need to be interpreted, so it must follow the rule of standard syntax. So the answer is yes you can always reverse any obfuscated code.
The code can also be followed as a normal block of programming code; the problem with it is that your variable names have been altered and you must follow it ignoring what the variable names are and viewing it only as code. Not fun, but doable. JS, PHP and Perl don't really suffer from this as much since the languages are all datatype weak, so you needn't care about what variable is of what type, only what is actually being assigned to it.
A better option than worrying about what is in the JS code is to worry about why the code is there in the first place. Injections are usually caused by an insecure server language that is allowing the writing to these files. Instead, remove the JS completely and scour your access logs to determine how it got there; I'd start by looking at anything that has been put or post to your site. That will tell you where to start looking.
header('HTTP/1.1 420 Enhance Your Calm');