Stack Overflow
Stack Overflow

Questions tagged [deobfuscation]

Figuring out how a program works when that program has been deliberately made difficult to understand

Deobfuscation is the reverse process of . It means figuring out how a program works when that program has been deliberately made difficult to understand.

Deobfuscation is related to . If the question is about reverse engineering rather than programming then posting on the Reverse Engineering site should be considered instead.

Do not use this tag merely to indicate that you don't understand how a program works: use it only when the program was made obfuscated on purpose.

External links

392 questions
8
votes
4 answers

Recover javascript source code from uglifyjs source map

I am reverse engineering one magical script. I have an uglified source code and source map generated by uglifyjs. Does anybody know any straightforward way how to achieve at least partly readable source code from that? I have found some obscure ways…
yety
  • 701
  • 2
  • 16
  • 26
8
votes
1 answer

Crashlytics not deobfusticating code

I'm new to Crashlytics, and I'm having a problem where it is not de-obfusticating my stack traces. According to Crashlytics this should be happening automatically. It should be using the mappings.txt file that's included in your .apk to decrypt…
user1743524
  • 655
  • 1
  • 7
  • 14
7
votes
3 answers

Logging WorkManager Workers

I am trying to get some logging information on WorkManager Workers that i have running in my app. I am using version 2.4.0-alpha01 which uses the new diagnostics added by the Android Framework…
Etienne Lawlor
  • 6,817
  • 18
  • 77
  • 89
7
votes
5 answers

Why is this expression evaluated to "a" in JavaScript?

I got hold of some obfuscated JavaScript code. I tried to understand it, and doing this, I typed pieces of it in the console. I can't understand why > ((!!+[]+"")[+!![]]) < "a" Why is ((!!+[]+"")[+!![]]) equal to "a" in JavaScript? Is there some…
WayToDoor
  • 1,180
  • 9
  • 24
7
votes
3 answers

How is this valid Java code? (obfuscated Java)

This code looks obviously incorrect and yet it happily compiles and runs on my machine. Can someone explain how this works? For example, what makes the ")" after the class name valid? What about the random words strewn around? class M‮{public static…
WoodenKitty
  • 6,521
  • 8
  • 53
  • 73
7
votes
2 answers

How to decrypt a javascript file

I just discovered a virus in my computer that uses a .js file to attack. I opened the file in notepad to check out the code, but it is completely encrypted. I can see some data that makes sense (such as bhynivmao.length!=4), but the majority of the…
Flipsyde
  • 806
  • 1
  • 7
  • 6
7
votes
2 answers

Deparsing/Decomposing - step-by-step this obfuscated perl script

As the title - please can anyone explain how the next scripts works this prints the text: "Perl guys are smart" ''=~('(?{'.('])@@^{'^'-[).*[').'"'.('-[)@{:__({:)[{(-:)^}'^'}>[,[]*&[[[[>[[@[[*_').',$/})') this prints only "b" use strict; use…
cajwine
  • 3,100
  • 1
  • 20
  • 41
6
votes
2 answers

What does this perl line from a "bleached" file do?

I have some perl files which have been "bleached" (don't know if it was from ACME::Bleach, or something similar). Not being very fluent in perl, I'd like to understand what the one-liner that starts the file does to decode the whitespace that…
JimB
  • 104,193
  • 13
  • 262
  • 255
6
votes
1 answer

How do I de-obfuscate a Lua script?

I have some Lua code that I suspect is obfuscated. How do I go about de-obfuscating it? I believe the code is obfuscated because it looks very different from normal Lua code, but I know it is valid Lua code because the Lua interpreter will still…
DarkWiiPlayer
  • 6,871
  • 3
  • 23
  • 38
6
votes
1 answer

What does means in Proguard deobfuscated trace?

In my Playstore's, I noticed that the deobfuscated code contains quite amount of in the stack traces. (Example at .onAttach(ProfileLandingFragment.java)). What does the really means? at…
KittoKatto
  • 544
  • 6
  • 23
6
votes
4 answers

Help Deobfuscate This JS attack

I have a piece of nasty javascript that I would like to de-obfuscate. I know that I can spin up a VM and behold the malware in all of its glory, but I am more interested in not having it run, but viewing it in a non-obfuscated form. If it needs to…
TCCV
  • 3,142
  • 4
  • 25
  • 30
6
votes
3 answers

How is obfuscation done in Java?

Today I came across an obfuscated class (well a lot of obfuscated classes in a jar) and I do not have a clue on how this kind of obfuscation is done. An example: protected void a(ChannelHandlerContext ☃, ByteBuf ☃, ByteBuf ☃) throws Exception …
fill͡pant͡
  • 1,147
  • 2
  • 12
  • 24
6
votes
1 answer

Which encoding uses"Zq" prefix?

I'm attempting to decode the following text with hexadecimal characters prefixing by "Zq". I've tried to decode this from base 16, 32, 64 whithout success. It's an encoded instruction from a JavaScript source code. I would like to understand what it…
Adrien Gadeau
  • 61
  • 2
6
votes
1 answer

How to de-obfuscate the ctk.c code the winner of 2001's IOCCC?

I have seen ctk.c obfuscated code, but How can I start to de-obfuscate it? #include #include #include #include #include #define m(b)a=b;z=*a;while(*++a){y=*a;*a=z;z=y;} #define…
0x90
  • 39,472
  • 36
  • 165
  • 245
6
votes
3 answers

Android how to read obfuscated Java code after getting through reverse engineering

I got the Java classes from an APK after using some tools like dex2jar and JD-GUI. As everybody knows Java byte code can be converted to Java classes back so mostly it is optimized and obfuscated through some tools (like ProGuard is used in the case…
Umar Qureshi
  • 5,985
  • 2
  • 30
  • 40
1 2
3
26 27