Obfuscated Javascript and PHP code

Hi. I am doing some research on JS and PHP code obfuscation. It seems that there are many methods to do this: base64, gz_inflate, etc. Custom algorithms could even be used for obfuscation purposes. I am simply overwhelmed by the number of obfuscation techniques.

I have two questions which I am unsure of:

  1. How do we detect obfuscated code since there are so many algorithms that could be used?
  2. How do we run obfuscated code? Do we need to de-obfuscate it first?

I apologise if my questions are amateur. I am just a beginner in Computer Security.

First and foremost. DO NOT USE code obfuscation. It is just worthless.

  1. You can detected obfuscated code easily, its looks like a mass of random letters and number and other things. Detecting what obfuscating algorithm requires reversing the de-obfuscated function.

  2. Depends on how it was obfuscated, is some cases yes in others no.

In either case. Do not bother.

Security-wise it is no help – it is a poor attempt at Security by Obscurity which is very little security when it comes down to it.

I agree with not obfuscating code.

This is not to say you shouldn’t consider minification, which has some similarities in that it is difficult for people to read.

jQuery is a good example of how much file weight can be saved by minification. But I sure wouldn’t want to work with the minified version.