0xdevalias

Deobfuscating / Unminifying Obfuscated Web App / JavaScript Code

Some notes and tools for reverse engineering / deobfuscating / unminifying obfuscated web app code.

Table of Contents

• tl;dr: AKA: devalias's shortlist
• PoC
• Benchmarks / Leaderboards / etc

michaelboke

FROM golang:alpine as builder
WORKDIR /app
#the following 2 steps are optional if your image does not already have the certificate
# package installed, golang:alpine now seems to have it. But a more base image could be missing it.
#RUN apk update && apk upgrade && apk add --no-cache ca-certificates
#RUN update-ca-certificates
ADD main.go /app/main.go
RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-s -w" -installsuffix cgo -o app .

FROM scratch

andrisasuke

$> brew install openssl
$> brew install swig
$> env LDFLAGS="-L$(brew --prefix openssl)/lib" \
CFLAGS="-I$(brew --prefix openssl)/include" \
SWIG_FEATURES="-cpperraswarn -includeall -I$(brew --prefix openssl)/include" \
pip install m2crypto

hkhamm

Installing Cassandra on Mac OS X

Install Homebrew

Homebrew is a great little package manager for OS X. If you haven't already, installing it is pretty easy:

ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"

jo

JavaScript Crypto Libraries

List some crypto libraries for JavaScript out there. Might be a bit out dated. Scroll to the bottom.

WebCryptoAPI

http://www.w3.org/TR/WebCryptoAPI/

This specification describes a JavaScript API for performing basic cryptographic operations in web applications, such as hashing, signature generation and verification, and encryption and decryption. Additionally, it describes an API for applications to generate and/or manage the keying material necessary to perform these operations. Uses for this API range from user or service authentication, document or code signing, and the confidentiality and integrity of communications.