How to decrypt a javascript file - javascript

I just discovered a virus in my computer that uses a .js file to attack. I opened the file in notepad to check out the code, but it is completely encrypted. I can see some data that makes sense (such as bhynivmao.length!=4), but the majority of the file is filled with gibberish.
There is also an autorun.inf and even though I can see some of the shell \open\command, I am not able to figure out the rest of the gibberish that is present.
Looks like both the autorun and the .js file are obfuscated the same way. Can someone please help me to get back the readable code? I am really curious to know how this thing works.

Try using something like a JS beautifier:
http://jsbeautifier.org/
It will still keep the old variable names, but will definitely make the code more readable.

You might also consider using http://jsnice.org, which uses statistical analysis of code to identify variable names. It complements http://jsbeautifier.org well by altering variable names but not structure.

Related

How is Javascript (js) encrypted and decrypted?

I am learning javascript by studying many file .js but I can't understand anything. Many of them start with:
(function(){var aa=encodeURIComponent,f=window,ba=setTimeout,n=Math,ea=RegExp;function fa(a,b){return a.name=b}function Pc(a,b){return a.href=b}...
I think this is one way to encrypt the code to protect. Am I right? If it's true, how can I do it? If I want to decrypt it, plz show me how to do.
Thanks.
p/s: I'm a newbie
You cannot really encrypt javascript. You can obfuscate which makes it harder to read and minify (which is arguebly also harder to read, but more importantly has a smaller footprint)
MINIFY
http://jscompress.com/ is one such minifier.
If you wish to obfuscate your code (thus making it harder to read, but not making it smaller (in fact usually you end up with more bytes), you could look at this:
OBFUSCATE
http://javascriptobfuscator.com/
BEAUTIFY
Like the comments here said, to 'decrypt' said piece of code, you could go to http://jsbeautifier.org/. Although when it's obfuscated it won't do you much good.
The code you present:
(function(){var aa=encodeURIComponent,f=window,ba=setTimeout,n=Math,ea=RegExp;function fa(a,b){return a.name=b}function Pc(a,b){return a.href=b}...
Is JavaScript minification. You can use tools such as jscompress for minification
Instead of encryption, obfuscation is used for JavaScript which is used to protect your code making it harder to read and understand. There are tools for obfuscation aswell. Check out javascriptobfuscator
It Means the file.js a minified version Compresd Javascript file
You will have to work hard to convert minified version to normal js files, but we have some tools see below..
http://jsbeautifier.org/

How to find unused/dead code in web projects (90% code in javascript)

I did find a very interesting tool for identify unused css definitions in a web project.
http://www.sitepoint.com/dustmeselectors/
Are there similar tools also for javascript projects?
P.S.
I know there is no program for deterministically finding unused code. But I am looking for a report to identify possible unused code. Then the last decision will always be your own.
Problem is there is no way to be really sure. Suppose the following:
The initial HTML site is practically empty. There is a lot of JS code though, which seems to be unused.
OnLoad, a function is called which launches an AJAX query to the server. The server returns a lot of HTML code, which is the body of the site. This body contains lots of JavaScript functions.
The initial body is replaced with the body received via AJAX. Suddenly, all code is used.
Static analysis utilities are therefore useless. I do not know whether there exists a browser extension that marks all JS usage from a running browser though.
You can try using tombstones to safely locate and remove dead code from your JavaScript.
https://blog.bugsnag.com/javascript-refactoring-with-bugsnag-and-tombstones/
In order to find the unused assets, to remove manually, you can use deadfile library:
https://m-izadmehr.github.io/deadfile/
It can simply find unused files, in any JS project.
Without any config, it supports ES6, JSX, and Vue files:
The one that comes to mind most quickly is Javascript LINT (http://www.javascriptlint.com/) and JSLint (http://www.jslint.com/).
Beware though: the latter hurts your feelings.

breakpoints in single-lined js-scripts with firebug

i want to analyze an external js-file. but the file is single-lined and obfuscated. so i cannot set meaningful breakpoints. (though automatical unobfuscation, code-indentation is assumed to be possible).
first of all, what would your suggestion be to overcome that impairement?
i wonder if it is possible to replace an external js-file with an unobfuscated nice-looking (maybe altered one) and have this one executed instead. any ideas?
i found a way. i am not accepting my answer as the answer b/c its not as comfortable as i would like it to be. so i am interested in further ideas.
you install foxyproxy and configure a new proxy for '*filename.js' (mind the asterisk!). as you host you use a local server, so '192.168.?.?' or 'localhost'.
thing is if the URL of the js-file to be replaced is 'http://www.abc.net/dir1/dir2/filename.js' then you have to make your new js-file accessible at 'http://[host]/dir1/dir2/filename.js'.
that setup is somewhat complicated. it should be possible to have the js-file replaced by another file anywhere on your disk. but it does the job.
Take some tool which has reformat code option. JetBrains WebStorm for example. It should break the lines so they will be suitable for setting breakpoints.
This should take 5-10 minutes. I doubt you will be able to do anything more without spending much time.

Protecting Processing.js source

Is there anyway to protect Processing.js sketch?
My company has a sketch that he wants to show to the world and in the mean time, he wants to ensure that no one can see his source code.
I've done protecting (partially) my javascript from browsers but the problem that I'm facing now is that firebug could reveal (XHR) my partially, protected source code.
So, I was wondering if I could obfuscate my source code. But would doing that cause processing.js to stop interpreting my source?
Is there anyway that I can use to protect my sketches?
No, obfuscation won't break your source code. Everything should work fine, just like when using normal source code.
Have you thought about doing it some other way? For example, after making a sketch, why not convert it to SVG or some other image format and show that instead to the world?
File a bug with us on dealing with your obfuscated code, it should parse fine:
http://processing-js.lighthouseapp.com/projects/41284-processingjs/overview
You can generate the sketch data on the server and upload it via ajax, sending most of the processed result directly to the browser. But there will always be some readable code.
It's not in javascript nature to be hide itself.

why use external javascript?

What are pros of using an external javascript file? I just can't figure it out, I see big websites using them all around several times instead of server-side includes. Is it just for caching?
If it's a matter of clean code and seperation of concerns, then you can still include it from the serverside into the html. For example I use SMARTY and I can just include the file {include file='javascript.js} inside <script></script> tages.
If it's for performance I can't see anything other than an extra http request that makes the external file slower involved. I'm sure I must be missing something because all the big websites still do this.
Is it because of caching the file? my javascripts are dynamic and shouldn't be cached anyway.
could someone help me out to make the right decision to choose what to do with my javascript files.
ps:can a 1.5K user create a tag for external-javascript?
The most important is that the file is cached by the browser. The fewer bytes that need to be sent from the server the better. This is a big part of web performance.
Second to that, it provides modularity.
I'm not sure why your JavaScript is dynamic, but I suggest you rewrite it in a way that removes that need. That in itself might be an issue for you down the road.
In your case where there is no caching because the entire javascript file is generated dynamically, inline is probably superior. It saves you the HTTP overhead.
Source: http://developer.yahoo.com/performance/rules.html#external
they also help the developers separate different conceptual areas of their code. It can get real annoying looking at hundred to thousands of lines of js in a single file, on top of complicated html.
Besides what #Gabriel said, it also helps you use the same function in different pages, withouth the need for them (.html docs) to be larger.

Categories

Resources