Sep 17, 2011

Nice JS Obfuscation Techniques

Earlier this week, I got a tweet about JavaScript Obfuscation Challenge and I give it a try. To be honest, I did enjoy solving the challenge and guess what, I managed to get the correct answer for the challenge and my name will be included in the drawings of iPad 2. Well, in regards to the prize drawings, I didn't give much hope on that, since I usually sucks at getting good luck. But hey, that is not about it, it's about having fun, isn't it? isn't it? Away from focusing on the prize, I did learn a lot of new stuff about JavaScript obfuscation, especially on toString() method that brought up in the challenge.

Most of the time, I happened to came across with obfuscation that use toString() method technique to hide the suspicious keyword in malicious code such as eval(). toString() method returns a string from the specified number passed to the method as well as integer between 2 - 36 as the base used to represent the number values. From the example below, we can see a radix 32 used with those combinations of number and all we get are the same output:

In the challenge, on the other hand, apply a bit more confusing technique with toString() method. In my limited obfuscation analysis, this is a first time I saw the technique used in such way. From the example below, I hide the eval() function with the help of toString() obfuscation technique,

With such technique, it gives a 'complex' looks towards the code. It is a bit of a morale game, which if I am a faint-hearted, I might just leave the code and let it solve by itself. I think in real in-the-wild malicious code, adversaries just want that to happen, and leave their bad code unrevealed. Anyways, that was quite a challenge, look forward for something like this in the future.