In order to execute the binary on a different OS, it is necessary to include, inside the file, a conspicuous amount of metadata that describes how the binary is structured. However, this advantage has a drawback from a security point of view. NET Core technology, which supports the execution of the same binary on different operating systems (OSs). Conversely, a managed binary is written in a high-level language such as C# or F#, and compiles to an intermediate language.Īn advantage of unmanaged programs over managed programs is that the latter are easier to port to another system. An unmanaged binary is a program written in a language, such as C/C++, that is compiled directly to native code. Two relevant examples, where this trade-off assumes very different values, are the analysis of an unmanaged binary versus the analysis of a managed binary. This trade-off might assume a very different weight according to the technology used to develop the malware and the available tools used to analyze the malware binary. The decision to adopt a specific technique is mostly driven by weighing the complexity of the implementation versus its effectiveness.
An example of an advanced obfuscation technique is the usage of a software Virtual Machine or Control-Flow Obfuscation (an example of a Control-Flow Obfuscation technique was discussed in another post analyzing the Maze ransomware obfuscation ).
In other cases, the obfuscation can be very complex to remove, and time spent on analysis might easily become unsustainable. An example of a trivial technique is the encryption of the strings with a hardcoded key. In some cases, the obfuscation is not complex and is trivial to remove. Nowadays, almost every malware uses obfuscation to hinder the analysis and try to evade detection. If you're interested in just uglyfing and compressing your code, I suggest of the most tedious tasks in malware analysis is to get rid of the obfuscated code. There are also a number of plugins, such as: webpack-obfuscator, gulp-javascript-obfuscator and grunt-contrib-obfuscator.Īlso, this web app is open-source as well. You can go to its GitHub page and read more there.
This tool uses a free and open source (BSD-2-Clause licensed) obfuscator written in TypeScript. I want to run the obfuscator on my own server/machine. Does this tool works with Node.js source code? No, it's impossible to revert the obfuscated code back to your original code, so keep the original safe.
Can I recover the original source code from the obfuscated one? The source is processed by our application server, then to the obfuscator and back to the browser, so it only stays on our server memory for a brief period of time (usually milliseconds). You can run your code through a minifier before to make sure that it removes dead code and do other optimizations, though. No, it's not recommended and in some cases it'll break the code (such as if you enable self-defending). Can I run a minifier such as UglifyJS or Google Closure Compiler on the obfuscated output? You don't have to worry too much about code size because there is a lot of repetition, so the obfuscated code will be compressed extremely well by your webserver (if you have GZIP compression enabled on your server, which most do nowadays). Also strings are converted to \xAB hexadecimal code to make things a little bit harder to understand. Why is my obfuscated code larger than my original source?īecause the obfuscator introduces new pieces of code that are meant to protect and defend against debugging and reverse-engineering. And any tool that promises that is not being honest. Since the JavaScript runs on the browser, the browser's JavaScript engine must be able to read and interpret it, so there's no way to prevent that. No, while it's impossible to recover the exact original source code, someone with the time, knowledge and patience can reverse-engineer it. You can show your work to the client knowing that they won't have the source code until the invoice has been paid. Protection of work that hasn't been paid for yet.Making it faster to load and harder to understand Removal of comments and whitespace that aren't needed.This is specially important on 100% client side projects, such as HTML5 games Prevent anyone from simply copy/pasting your work.There are numerous reasons why it's a good idea to protect your code, such as: FAQ Why would I want to obfuscate my JavaScript code?