Showing posts from October, 2018

Obfuscated JavaScript

[Imported From X-Sec Blog, just for backup]

Recently we got a JavaScript file with heavily obfuscated codes. Let's try to de-obfuscate it and find out what it will do!

As you can see, the original file only has one line(exclude the comment line), its code is also being obfuscated, so first step we need to do is just formatting the code.

After formatted, we noticed the notification from Visual Studio Code:

And in the code we care about, there are lots of useless parameters in function call:

But we found a function whose parameter is being used:

r=2183, r-2183+2=2, n[2]=e.

In fact, this function will return the parameter we passed to it.

We also found a function called "hpd" which has never been called.

So, after removed such obfuscations, we get the following code(only shows main part):

Looks much better.

But, as for the second image, we still need to find out which string will each function return, so it's time to use Internet Explorer ;-)

After function resolve and …