Javascript obfuscation

The article contains well-known and extremely perverted methods. I decided to write this article after a recent reading of the Badass JavaScript blog post and decided to add it with my own finds.

First way

He is known to everyone - obfuscation with minimizers such as JS Packer, JSmin, YUI Compressor, Closure compiler, or you can simply crawl “JavaScript Obfuscator” and there will be a hundred more different obfuscators.
They transform existing code

function MyClass(){ this.foo = function(argument1, argument2){ var addedArgs = parseInt(argument1)+parseInt(argument2); return addedArgs; } var anonymousInnerFunction = function(){ // do stuff here! } } 

In some such view:

 function MyClass(){this.foo=function(c,b){var d=parseInt(c)+parseInt(b);return d};var a=function(){}}; 

Or this:

 var _0xd799=["\x66\x6F\x6F"];function MyClass(){this[_0xd799[0]]=function (_0xefcax2,_0xefcax3){var _0xefcax4=parseInt(_0xefcax2)+parseInt(_0xefcax3);return _0xefcax4;} ;var _0xefcax5=function (){} ;} ; 

Or this:

 eval(function(p,a,c,k,e,d){e=function(c){return c};if(!''.replace(/^/,String)){while(c--){d[c]=k[c]||c}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('4 0="3 5!";9 2(1){6(1+"\\7"+0)}2("8");',10,10,'a|msg|MsgBox|Hello|var|World|alert|n|OK|function'.split('|'),0,{})) 

But it costs nothing to restore it using jsbeautifier.org or just remove eval and get the source code, we lose a lot, but we will restore the meaning of the code. Well, at first glance, we see that we face JavaScript.

All these were flowers under the cut hard obfuscation methods.

Second way

Changing the code beyond recognition, which will turn our tiny script:
alert(0)

In such a braifuck-like look:
([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()[(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]])(+[])

Or in this (the code may not work for habraprisers):
ﾟωﾟﾉ= /｀ｍ´）ﾉ ~┻━┻ //*´∇｀*/ ['_']; o=(ﾟｰﾟ) =_=3; c=(ﾟΘﾟ) =(ﾟｰﾟ)-(ﾟｰﾟ); (ﾟﾟ) =(ﾟΘﾟ)= (o^_^o)/ (o^_^o);(ﾟﾟ)={ﾟΘﾟ: '_' ,ﾟωﾟﾉ : ((ﾟωﾟﾉ==3) +'_') [ﾟΘﾟ] ,ﾟｰﾟﾉ :(ﾟωﾟﾉ+ '_')[o^_^o -(ﾟΘﾟ)] ,ﾟﾟﾉ:((ﾟｰﾟ==3) +'_')[ﾟｰﾟ] }; (ﾟﾟ) [ﾟΘﾟ] =((ﾟωﾟﾉ==3) +'_') [c^_^o];(ﾟﾟ) ['c'] = ((ﾟﾟ)+'_') [ (ﾟｰﾟ)+(ﾟｰﾟ)-(ﾟΘﾟ) ];(ﾟﾟ) ['o'] = ((ﾟﾟ)+'_') [ﾟΘﾟ];(ﾟoﾟ)=(ﾟﾟ) ['c']+(ﾟﾟ) ['o']+(ﾟωﾟﾉ +'_')[ﾟΘﾟ]+ ((ﾟωﾟﾉ==3) +'_') [ﾟｰﾟ] + ((ﾟﾟ) +'_') [(ﾟｰﾟ)+(ﾟｰﾟ)]+ ((ﾟｰﾟ==3) +'_') [ﾟΘﾟ]+((ﾟｰﾟ==3) +'_') [(ﾟｰﾟ) - (ﾟΘﾟ)]+(ﾟﾟ) ['c']+((ﾟﾟ)+'_') [(ﾟｰﾟ)+(ﾟｰﾟ)]+ (ﾟﾟ) ['o']+((ﾟｰﾟ==3) +'_') [ﾟΘﾟ];(ﾟﾟ) ['_'] =(o^_^o) [ﾟoﾟ] [ﾟoﾟ];(ﾟεﾟ)=((ﾟｰﾟ==3) +'_') [ﾟΘﾟ]+ (ﾟﾟ) .ﾟﾟﾉ+((ﾟﾟ)+'_') [(ﾟｰﾟ) + (ﾟｰﾟ)]+((ﾟｰﾟ==3) +'_') [o^_^o -ﾟΘﾟ]+((ﾟｰﾟ==3) +'_') [ﾟΘﾟ]+ (ﾟωﾟﾉ +'_') [ﾟΘﾟ]; (ﾟｰﾟ)+=(ﾟΘﾟ); (ﾟﾟ)[ﾟεﾟ]='\\'; (ﾟﾟ).ﾟΘﾟﾉ=(ﾟﾟ+ ﾟｰﾟ)[o^_^o -(ﾟΘﾟ)];(oﾟｰﾟo)=(ﾟωﾟﾉ +'_')[c^_^o];(ﾟﾟ) [ﾟoﾟ]='\"';(ﾟﾟ) ['_'] ( (ﾟﾟ) ['_'] (ﾟεﾟ+(ﾟﾟ)[ﾟoﾟ]+ (ﾟﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ (ﾟΘﾟ)+ (ﾟﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟｰﾟ)+ (ﾟﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ ((o^_^o) - (ﾟΘﾟ))+ (ﾟﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ (ﾟｰﾟ)+ (ﾟﾟ)[ﾟεﾟ]+((ﾟｰﾟ) + (ﾟΘﾟ))+ (c^_^o)+ (ﾟﾟ)[ﾟεﾟ]+((o^_^o) +(o^_^o))+ (c^_^o)+ (ﾟﾟ)[ﾟεﾟ]+((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟΘﾟ)+ (ﾟﾟ)[ﾟoﾟ]) (ﾟΘﾟ)) ('_');

From the first time, you cannot say that we have working JavaScript.
Tulsa making code of type one , code of type two. Vladson found another julcode
')

Explanation of some points of method two

Example:

 ($=[$=[]][(__=!$+$)[_=-~-~-~$]+({}+$)[_/_]+ ($$=($_=!''+$)[_/_]+$_[+$])])()[__[_/_]+__ [_+~$]+$_[_]+$$](_/_) 

We have some kind of mesyo characters, but in fact there is an alert(1) , but there’s not a single line and not a single character, where does it come from ?!

We'll figure out:
$=[] is an empty array
$=[$=[]] is an array with a link to an array
The variable $ will be 0.
Now we have 0 and we can refer. Make __ = "false" through (__ = !$ + $ )
Further _ = -~-~-~$
The ~ operator in javascript means - (n + 1) therefore -~ = +1
If $ = 0 then -~-~-~$ = 3
We get: _ = 3

Thus _/_ = 3/3 = 1

(__ = !$ + $ )[ _ = -~-~-~$]
("false")[_]
("false")[3]
"false"[3] = s

({} + $)[_/_]
(" object")[_/_]
(" object")[1]
" object"[1] = o

$$ = ( $_ = !'' + $)[_/_]
$$ = ( "true")[1]
"true"[1] = r
$_[+$] = "true"[0] = t

$_ = "true"null
$$ = rt

($$ = ( $_ = !'' + $)[_/_] + $_[+$] ))

!'' = "true"
$_ = (true)
$_[1] = r
$_[0] = t
$$ = rt

Thus the first line will be ($ = [] ["s" + "o"+ "r"+ "t" ] )()
($=[]["sort"])()

We go delche
[__[_/_]+__[_+~$]+$_[_]+$$](_/_)

$ = 0
_ = 3
__ = "false"
$_ = "true"
$$ = "rt"

The string turns ...
[__[_/_]+__[_+~$]+$_[_]+$$](_/_)

Is turning…
[__[1] + __[3 + -1] + $_[3] + $$)(1);

Is turning…
["false"[1] + "false"[3 + -1 ] + "true"[3] + "rt"] (1)

Turns into
[ "a" + "l" + "e" + "r" + "t" ](1)

At the end we get ($=[]["sort"])()["alert"](1)

Break in parts
a = [] //
b = a["sort"] // sort
c = b() // window
d = c["alert"] // window.alert
d(1) // window.alert 1

Total: window["alert"](1)

This, of course, is an artificial example and none of the obfuscators can do this.

Third way

The first method made the code look like JavaScript, the second one was completely different, and the third would make the code invisible at all.

I did not see ready solutions, a concept peeped from one of the videos of JS conferences.
The code will consist of two parts: a visible honor - you can use something described above for its obfuscation and an invisible part.
If everything is clear with the visible, then the secret of the invisible is this: The existing “bad code” (otherwise why hide it) we pass through our izfuskator-izchezator, which turns the visible script into an invisible one. in a line consisting of tabs (bit 1) and spaces (bit 0).
As a result, we get 8 times more code than we had. The visible part will decode the invisible part and execute it: decodes the bits into a number, and String.fromCharCode() number into the symbol String.fromCharCode() well, then eval

In the end, you get something like this (the invisible part does not have to be hidden in the element)
decodeAndEval(document.getElementById("evilCode").innerHTML);
<div id="evilCode">

</div>

deex wrote obfuscator-ischezzator

Based on: badassjs.com/post/2929065287/obfuscation adamcecc.blogspot.com/2011/01/javascript.html

I will be glad to answer your questions and see ways of obfuscation known to you.

PS The presented code may not work, because habraparser ©, links to tools are available - in which case make your code.

UPD In the comments several times wrote about the way obfuscation in png more