tags:

views:

64

answers:

3
Q: 

create javascript code from obfuscated javascript code

I want to know is it possible to reproduce obfuscated javascript code(create javascript code from obfuscated javascript code).

I have some javascript code in my website. I want to prevent others to edit it. For that I user obfuscation. So I want to know, is it possible to create original javascript code from an obfuscated code.

A: 

If you only have obfuscuated code and want to modify/make sense of it, the only thing you can do is indent it properly so it's more readable, then start from the begining of the process and rename the functions and variables yourself trying to work out what the purpose and function of each is. It's a time consuming and slow process and can be very tricky.

Tom Gullen  2010-06-24 11:45:14
+2  A: 

You can use a code formatter like JavaScript beautifier to bring the code back into a more or less readable structure. It is impossible to re-build meaningful variable names from compressed ones, though, so in the end, it's not possible. And it's a good thing that it isn't - that's the point of obfuscating code, isn't it?

Pekka  2010-06-24 11:46:17
+1  A: 

It's fairly straightforward to turn the obfuscated code back into the effective javascript that runs - typically you just need to expand a bunch of eval calls.

The tricky part, as others have stated, is giving names to the variables so that you can work out what something like v7 = a4.l2(h8, n1, p9) means. Something I've found helpful is to start from the "edges" (library calls that can't be renamed" and then rename things as helpfully as possible. You'll often find that this knowledge then ripples through the code, making it easier to grasp the next layer down and give it a sensible name.

So for example, if you had some code like this:

z4 = "a";
o0 = "href"

...

pr = window.document;

...

q8 = pr.getElementByTagName(z4)[0];

...

function rr(o8, em)
{
   return o8.getAttribute(em);
};

...

y5 = rr(q8, o0);

Then the last line is initially impenetrable, but if you decide that rr could be called getNamedAttribute, rename z4 as LITERAL_A, o0 as LITERAL_HREF and pr as document; then we can see that q8 is the result of document.getElementByTagName(LITERAL_A)[0], so we might call it firstAnchor. Then q8 = getNamedAttribute(firstAnchor, LITERAL_HREF) and all of a sudden it's clear it's the (string) target of the first hyperlink.

Since this transformation requires inference on behalf of the reader, it's not possible for this to be an automatic process (for exactly the same reason that a compiler won't warn you about inappropriate variable names).

Andrzej Doyle  2010-06-24 12:05:43
+1 for good explanation of the issues.
Pekka  2010-06-24 12:09:55

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript