0

So I saw something on the net that I want to understand how it's done. It's a page with hundred of functions like this one:

    ba: function(z) {
        var l = this.cj
          , n = z.ff;
        l[n] || (l[n] = []),
        l[n].push(z)
    },

Normally I would just run unminify but in this case it's not enough. If there's no existing solution, how would I proceed to programmatically deobfuscate the code? It's safe to assume that if a js file can be understood by the browser it can be reversed to be understood by human.

bunden
  • 149
  • 2
  • 3
    To your last sentence, yes and no. Humans rely on variable names to extract meaning, whereas computers only care that the name is correct; not that it's descriptive. When code is obfuscated, you lose the names, which permanently hurts readability unless you figure out their intent and rename the variables. Look up JSFuck. The browser is able to figure it out fine, but 99% of people will have no clue what it means. – Carcigenicate Sep 04 '17 at 16:57
  • Browsers don't understand js files. They just interpret them mechanically. Yes, a human would be able to do the same, but he either would have no idea afterwards about how something worked. – Bergi Sep 04 '17 at 16:58
  • If some one minified code and had a map you can unminify it. this SO question has a lot of discussion related to your question it might be useful https://stackoverflow.com/questions/194397/how-can-i-obfuscate-protect-javascript – Shyam Babu Sep 04 '17 at 17:02
  • Typically, we package dev and test environments with non-minified js, so we can debug easily. When we deploy on live, we want compressed js, using something like https://github.com/mishoo/UglifyJS2 . There are many libraries that minify. So, i don't typically see a de-obf function. Just a one-way compression in the distribution (gulp, grunt, webpack, or custom server-side code). Not saying you absolutely cannot unminify it, if you knew how it was minified. Commonly dont see the need for a way to do this, since we store the unminified code in the repo, and distribute minified at deploy time. – Tim Sep 04 '17 at 17:04
  • 1
    In this particular case: You have to recognise the algorithm to figure out its meaning. It's *obviously* a callback to `arr.forEach(…,this)` that groups the elements of `arr` in a map at `this.cj` by their `.ff` property. – Bergi Sep 04 '17 at 17:06

0 Answers0