JavaScript deobfuscation a little start

Posted: December 6, 2008 in (anti)Forensics
Tags: , , , ,

So I’ve been trying to get more information about the funky world of JavaScript deobfuscation. It’s really fascinating what kind of protective measures and obfuscation JavaScript can reach. So whith what kind of stuff have i been playing around?

SpiderMonkey FTW!

No really, it’s easy, it’s proven and it works.  Installing is really easy…lotsa documentation also. The best part of it was that…spidermonkey does not have default support for things like document.write(); After googling I found out about 2 ways to achieve it. The first method involved changing the C files and recompiling and such…the other method was so much easier. Have a look:

part1 for a nice introduction

part2 with the solution to add document.write(); support.

For the ones interested here is the method where you need to recompile spidermonkey and such.

There are a lot more of interesting deobfuscation tools out there to play with though.

Ultimate deobfuscator

malzilla

So this has been my little introduction to javascript deobfuscation I will certainly keep playing it’s fun, I never thought javascript could be used for so much evil but fun things.

Advertisements
Comments
  1. […] Since the publication of the “Inside the Black Hole. Part I” I have read a couple of articles on the topic: the 1st is by Symantec – The Black Hole Theory and the 2nd is DVLabs’ post Black Hole Exploit Kit. There are also several interesting articles about javascript (JS) deobfuscation here. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s