Introduction:
Code deobfuscation is an important skill to learn if we want to be skilled in code analysis and reverse engineering. Obfuscation is a technique used to make a script more difficult to read by humans but allows it to function the same from a technical point of view, though performance may be slower. This article will explain what is code deobfuscation, the reasons for using it, and its potential advantages and disadvantages.
Deobfuscated code:
This is usually achieved automatically by using an obfuscation tool, which takes code as input, and attempts to re-write the code in a way that is much more difficult to read, depending on its design
For example consider the following two snippets of code and their output
Snippet 1:
console.log("Hello by Dhanush")
Output of Snippet 1:
Hello by Dhanush
Snippet 2:
eval(
(function (p, a, c, k, e, d) {
e = function (c) {
return c;
};
if (!"".replace(/^/, String)) {
while (c--) {
d[c] = k[c] || c;
}
k = [
function (e) {
return d[e];
},
];
e = function () {
return "\\w+";
};
c = 1;
}
while (c--) {
if (k[c]) {
p = p.replace(new RegExp("\\b" + e(c) + "\\b", "g"), k[c]);
}
}
return p;
})('0.1("2 3 4")', 5, 5, "console|log|Hello|by|Dhanush".split("|"), 0, {}),
);
Output of Snippet 2:
Hello by Dhanush
Snippet 1 contains a simple JavaScript script. It logs the string "Hello by Dhanush" to the console using the console.log() function. In JavaScript, this is a typical method of message output.
A more advanced piece of code, found in Snippet 2, uses the eval() function to run a JavaScript function that is generated dynamically. Here is a summary of what is occurring
Because the code is generated and less human-readable, it is obfuscated and difficult to interpret.
A function with the arguments p, a, c, k, e, and d is executed by the eval() function. These serve as the function's parameters.
The function converts the input string "0.1("2 3 4")" into a console.log("Hello by Dhanush") statement by performing string substitution and manipulation using regular expressions (RegExp).
Different sections of the original string are dynamically replaced with their corresponding values by the code.
The resultant JavaScript code is then run.
Reverse engineering: Deobfuscation:
The practice of reverse engineering or deciphering code that has been purposefully obfuscated or made more challenging to understand is known as deobfuscation. Deobfuscation would entail converting the obfuscated code in the second code snippet back into its original, more readable form.
In the second snippet, to make it difficult to understand at first glance, the code has been purposefully obfuscated. Here, the obfuscation strategy entails swapping out meaningful variable names and codes for obscure ones and convoluted reasoning.
This type of obfuscation is known as "packing", which is usually recognizable from the six function arguments used in the initial function "function(p,a,c,k,e,d)".
There are many online tools also available to obfuscate javascript code like
and many more.
Reasons for Code Deobfuscation:
Protection of Intellectual Property: By making it more difficult for rivals or unauthorized users to reverse engineer and copy the software, obfuscation can be used to safeguard intellectual property, such as algorithms, proprietary business logic, or unique code.
Security: Code obfuscation can occasionally be used to improve security by hiding important data, including encryption keys or authentication methods. This makes it more difficult for bad actors to take advantage of flaws or obtain unauthorized access.
License Enforcement: Obfuscation makes it harder for users to tamper with license checks or remove limitations from trial versions of software, which helps enforce software licensing agreements.
Protection Against Malware Analysis: To make it more difficult for security researchers, antivirus software, and threat analysts to analyze and detect harmful code, malware creators occasionally obfuscate their code.
Advantages of Code Deobfuscation:
Prevents haphazard reverse engineering
In some circumstances adds a second degree of security
Protects delicate algorithms and code.
Disadvantages of Code Deobfuscation:
Does not offer impenetrable defense against determined assailants
Makes it more difficult to maintain and debug code
Can occasionally add performance overhead.
Conclusion:
Obfuscation of code should be employed sparingly and in conjunction with other security safeguards like encryption, access controls, and routine security audits. It is most frequently employed in situations when securing information or preserving intellectual property are major priorities.
Thanks for reading, share this article on social media if you found it useful
Connect with me on Twitter, Threads, Instagram, GitHub and subscribe to my YouTube channel ❤️