Hi. I am doing some research on JS and PHP code obfuscation. It seems that there are many methods to do this: base64, gz_inflate, etc. Custom algorithms could even be used for obfuscation purposes. I am simply overwhelmed by the number of obfuscation techniques.
I have two questions which I am unsure of:
How do we detect obfuscated code since there are so many algorithms that could be used?
How do we run obfuscated code? Do we need to de-obfuscate it first?
I apologise if my questions are amateur. I am just a beginner in Computer Security.
First and foremost. DO NOT USE code obfuscation. It is just worthless.
You can detected obfuscated code easily, its looks like a mass of random letters and number and other things. Detecting what obfuscating algorithm requires reversing the de-obfuscated function.
Depends on how it was obfuscated, is some cases yes in others no.
This is not to say you shouldn’t consider minification, which has some similarities in that it is difficult for people to read.
eg.
a(r);
vs.
check_syntax(name_input);
jQuery is a good example of how much file weight can be saved by minification. But I sure wouldn’t want to work with the minified version.