Results 1 to 4 of 4
Apr 10, 2013, 23:06 #1
Hi. I am doing some research on JS and PHP code obfuscation. It seems that there are many methods to do this: base64, gz_inflate, etc. Custom algorithms could even be used for obfuscation purposes. I am simply overwhelmed by the number of obfuscation techniques.
I have two questions which I am unsure of:
1. How do we detect obfuscated code since there are so many algorithms that could be used?
2. How do we run obfuscated code? Do we need to de-obfuscate it first?
I apologise if my questions are amateur. I am just a beginner in Computer Security.Repay one's country with utmost loyalty
Apr 11, 2013, 00:07 #2
First and foremost. DO NOT USE code obfuscation. It is just worthless.
1) You can detected obfuscated code easily, its looks like a mass of random letters and number and other things. Detecting what obfuscating algorithm requires reversing the de-obfuscated function.
2) Depends on how it was obfuscated, is some cases yes in others no.
In either case. Do not bother.Logic without the fatal effects.
All code snippets are licensed under WTFPL.
Apr 12, 2013, 07:11 #3
- Join Date
- May 2003
- Washington, DC
- 3 Post(s)
- 0 Thread(s)
Security-wise it is no help -- it is a poor attempt at Security by Obscurity which is very little security when it comes down to it.
Apr 12, 2013, 10:16 #4
- Join Date
- Jul 2005
- West Springfield, Massachusetts
- 117 Post(s)
- 1 Thread(s)
I agree with not obfuscating code.
This is not to say you shouldn't consider minification, which has some similarities in that it is difficult for people to read.
jQuery is a good example of how much file weight can be saved by minification. But I sure wouldn't want to work with the minified version.