Brilliant Javascript Obfuscation Technique

One of the guys over at BreakingPoint Systems detailed a cool, new Javascript obfuscation technique. You can click here to view his blog post.

The technique he described is based on Javascript’s toString method and a base 36 radix. For those of you who don’t know, the toString function allows you to convert a number object into a string. Here’s an example:

What I didn’t know was that you can do this with it:

Isn’t that clever?! With this technique, you can hide key functions like “eval” in plain sight!

Now that you know how this technique works, you can practice what you’ve learned in a Javascript obfuscation contest. BreakingPoint will be giving you a chance to win an iPad if you can deobfuscate their script. You have until September 14, so get cracking! Here’s the link to their contest!

By the way, their obfuscated script is pretty challenging. You can crack it with a debugger but notepad and IE works just fine too.

Update (5/21/16): Greek translation provided by Nikolaos Zinas

This entry was posted in Malscript and tagged , , . Bookmark the permalink.