Javascript obfuscators used in the wild

Published: 2010-03-05
Last Updated: 2010-03-05 16:43:23 UTC
by Kyle Haugsness (Version: 1)
2 comment(s)

I have been doing some research on Javascript obfuscators.  Various handlers have done stories in the past on how to reverse engineer obfuscated javascript that does evil things.  But I would be interested in hearing what kind of obfuscators people have been finding being used in the wild.  Are you able to identify the obfuscator just by looking at it?  What are the hardest off-the-shelf obfuscators to reverse-engineer?  I will collect responses and post them throughout the day (unless you wish the information to remain private).

-Kyle Haugsness

2 comment(s)

Comments

The Dean Edwards Packer is used quite a bit for packing/obfuscating scripts. Additionally stunnix is used quite a bit too.

Both of these can be identified.
I'm not sure how to identify a given packer/obfuscator; JSUnpack (http://jsunpack.jeek.org/dec/go) takes care of them all, though. I've never met a script it couldn't handle.

Diary Archives