Obfuscation is the practice of concealing information in such a way that it can be understood or revealed only by someone who knows how to read it. This article explains different obfuscation techniques which can be used in deobfuscating javascript code. These techniques hide meaning in plain sight and make reverse engineering Javascript code difficult. We will see several examples of obfuscated code, and analyze them using logical thinking and reverse engineering methods to get back original source code. Let’s dive into this topic and find out what deobfuscation is, how it can be achieved, and which tools are available for this task.
What is Deobfuscation?
Deobfuscation is the process of removing obfuscation and restoring a program’s source code to its original format. It is needed when you want to recover a program’s source code by reverse engineering it. Obfuscation is an attempt to hide the intent of a program or its functionality to prevent unauthorized access. This might be done for many reasons, for example, to prevent reverse engineering efforts, as a security measure or to protect intellectual property.
Reverse Engineering Tools for Deobfuscation
There are different tools to reverse engineer obfuscated code. Some of them are capable of deobfuscating multiple obfuscation methods, while others are focused on a specific type of obfuscation. The following tools are commonly used for deobfuscating javascript code:
LightCyce: This tool can be used for reverse engineering javascript. It is capable of analyzing obfuscated code and displaying the original source code.
BrowserView: This tool can be used for reverse engineering javascript. It is capable of analyzing obfuscated code and displaying the original source code in a popup window.
Javascript Deobfuscator: This tool can be used for deobfuscating javascript. It is capable of analyzing obfuscated code and displaying the original source code.
Logic-Based Reverse Engineering Techniques
These are logical reasoning-based techniques that are used to reconstruct code by reasoning about the logical flow of program execution. The most commonly used techniques for logical reasoning-based code reverse engineering are:
Flowcharting: Here we draw flowcharts to represent the flow of program execution. We use arrows to represent the flow of control, and boxes to represent the states of variables.
Condition-Based Switching: This technique is used while reversing the conditional switch statements. It is based on the logical assumption that if the condition is true, then the code inside the braces is executed.
Data Flow Analysis: This technique is used while reversing arrays and function calls. It is based on the logical assumption that data passed in function calls is read and written to variables by arrays.
Symbolic Execution-Based Reverse Engineering Techniques
These techniques are based on the concept of symbolic execution. A piece of code is executed as if it was an oracle that gives the desired answer from a set of inputs. The desired answer is computed by evaluating the code as symbols. The executed code is transformed into the symbolic form which is then processed by an oracle to compute the desired result. The techniques for symbolic execution-based code reverse engineering are:
Prefix/Suffix Here we use the concept of prefix and suffix to find the reverse engineering tool in a symbolic execution-based deobfuscation. We assume a deobfuscation tool is hiding the deobfuscation logic inside an array. When we reverse engineer the deobfuscated code with the help of the deobfuscation tool. we get to find the logic of the tool. We assume that the deobfuscation tool is using the following code to obfuscate the original code. function obfuscate(input){ var array_of_obfuscated_strings = []; for(var i in input){ if(typeof array_of_strings[i] === ‘object’){ array_of_strings[i] = obfuscate(array_of_strings[i]); } else if(typeof array_of_strings[i] === ‘function’){ array_of_strings[i] = obfuscate(array_of_strings[i]); } } return array_of_obfuscated_strings; } We can reverse engineer this obfuscation by finding the deobfuscation tool’s id. Now when we look at the obfuscated code we get to see the deobfuscation logic that is inside the deobfuscation tool.
Hybrid Approach for Deobfuscation
This is a combination of the previous techniques to achieve a better deobfuscation result go on worldwebtool. For example, we can use flowcharting, condition-based switching, and data flow analysis to understand the logical flow of program execution. Then, we can use symbolic execution to find the reverse engineering tool’s id and data flow analysis to understand the original data flow. This hybrid approach helps in finding the deobfuscation logic and implementing it as a deobfuscation tool.
Conclusion
Deobfuscation is a process of removing the obfuscation and restoring the program’s original source code to its original format. These techniques are used to reverse engineer the code. Deobfuscate it and reconstruct the original source code. Reverse engineering is the process of breaking a program down into raw machine code or source code and then reconstructing it. Different obfuscation techniques can be used in deobfuscating code. These techniques hide meaning in plain sight and make reverse engineering difficult. We will see several examples of obfuscated code. And analyze them using logical thinking and reverse engineering methods to get back original source code. Now we have seen what deobfuscation is, how it can be achieved, and which tools are available for this task. We will see the various techniques used for deobfuscation and finally, we will come to know the benefits of deobfuscation. So let’s begin our journey.
