{"id":3467,"date":"2011-06-19T19:26:18","date_gmt":"2011-06-20T02:26:18","guid":{"rendered":"http:\/\/multimedia.cx\/eggs\/?p=3467"},"modified":"2011-07-22T11:34:30","modified_gmt":"2011-07-22T18:34:30","slug":"deobfuscation-redux-javascript","status":"publish","type":"post","link":"https:\/\/multimedia.cx\/eggs\/deobfuscation-redux-javascript\/","title":{"rendered":"Deobfuscation Redux: JavaScript"},"content":{"rendered":"

Google recently released version 12 of their Chrome browser. This version adds a new feature that automatically allows deobfuscating obfuscated JavaScript source code.<\/p>\n

Before:<\/strong><\/p>\n


\n\"\"
\n<\/center><\/p>\n

After:<\/strong><\/p>\n


\n\"\"
\n<\/center><\/p>\n

As a reverse engineering purist, I was a bit annoyed. Not at the feature, just the naming. This is clearly code beautification<\/em> but not necessarily deobfuscation<\/em>. The real obfuscation comes not from removing whitespace but from renaming variable and function names to terse 1- and 2-letter identifiers. True automated deobfuscation — which entails recovering the original variable and function identifiers as well as source code comments — is basically impossible.<\/p>\n

Still, it makes me wonder if there is any interest in a JavaScript deobfuscator that operates similar to my Java deobfuscator<\/a> which was one of the first things I published on this blog. The general idea is automatically replace function names with random English verbs (since functions correspond to actions) and variable names with random animal names (I decided “English nouns” encompassed too broad a category of words). I suspect the day that someone releases a proprietary multimedia codec in a pure (though obfuscated) JavaScript format is that day that I will try to accomplish this, if it hasn’t been done already.<\/p>\n

See also:<\/strong><\/p>\n