Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New Coder
    Join Date
    Oct 2009
    Posts
    34
    Thanks
    5
    Thanked 0 Times in 0 Posts

    De-Obsfucating JS Code

    Hello all,

    I am working on a website for an online store, and all has been going well for the past few months - the site has been running successfully for a while now.

    Unfortunately, some git has hacked the site and inserted obfuscated JS code at the bottom of several pages of code. I need to find out what this code is doing in order to find out what's going on and who is doing this.

    I have seen other people looking to de-obsfucate JS code, and they seem to get accused of stealing code. I have to insist that what I am doing is completely ethical and honest, and given half a chance I'd like to see these f**kers crucified.

    Thanks for any pointers or suggestions you guys can give me.

    MG

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Despite the similar sounding names, Java is not the same as Javascript. Moving from Java forum to Javascript forum.
    Interpreted languages still need to be interpreted, so it must follow the rule of standard syntax. So the answer is yes you can always reverse any obfuscated code.
    The code can also be followed as a normal block of programming code; the problem with it is that your variable names have been altered and you must follow it ignoring what the variable names are and viewing it only as code. Not fun, but doable. JS, PHP and Perl don't really suffer from this as much since the languages are all datatype weak, so you needn't care about what variable is of what type, only what is actually being assigned to it.

    A better option than worrying about what is in the JS code is to worry about why the code is there in the first place. Injections are usually caused by an insecure server language that is allowing the writing to these files. Instead, remove the JS completely and scour your access logs to determine how it got there; I'd start by looking at anything that has been put or post to your site. That will tell you where to start looking.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •