# JavaScript Obfuscation/Deobfuscation

## Obfuscation

Obfuscation is a technique used to make a script more difficult to read by humans but allows it to function the same from a technical point of view, though performance may be slower. This is usually achieved automatically by using an obfuscation tool, which takes code as an input, and attempts to re-write the code in a way that is much more difficult to read, depending on its design.

<figure><img src="/files/UtrfDk3LzTmw7XpJWreT" alt=""><figcaption></figcaption></figure>

### Run and test Javascript on online console

{% embed url="<https://jsconsole.com/>" %}

### Minificating a JavaScript

Code Minification involves compressing the code into a single, often lengthy line. This greatly reduces its readability by humans while maintaining its functionality from a technical perspective.&#x20;

**Online Resources for JavaScript Minifiers:**

{% embed url="<https://www.toptal.com/developers/javascript-minifier>" %}

### &#x20;Packing a JavaScript&#x20;

A `packer` obfuscation tool usually attempts to convert all words and symbols of the code into a list or a dictionary and then refer to them using the `(p,a,c,k,e,d)` function to re-build the original code during execution. The `(p,a,c,k,e,d)` can be different from one packer to another. However, it usually contains a certain order in which the words and symbols of the original code were packed to know how to order them during execution.

While a packer does a great job reducing the code's readability, we can still see its main strings written in cleartext, which may reveal some of its functionality. This is why we may want to look for better ways to obfuscate our code.

Online Javascript Obfuscator makes javascript code harder to read or understand.

{% embed url="<https://beautifytools.com/javascript-obfuscator.php>" %}

### Advanced obfuscation

Completely obfuscate the code and hide any remnants of its original functionality.

{% embed url="<https://obfuscator.io/#code>" %}

{% embed url="<https://jsfuck.com/>" %}

{% embed url="<https://utf-8.jp/public/jjencode.html>" %}

{% embed url="<https://utf-8.jp/public/aaencode.html>" %}

## Deobfuscation

Just as there are tools to obfuscate code automatically, there are tools to beautify and deobfuscate the code automatically.

### Deobfuscation online tools

{% embed url="<https://matthewfl.com/unPacker.html>" %}

{% embed url="<http://www.jsnice.org/>" %}

### Beautify minified JavaScript codes

1. Browser tool, CTRL+ALT+I and then click on the '{}' button on the Debugger tab which will Pretty Print the script into its propoer JavaScript formatting
2. Online resources like Prettier or Beautifiier

{% embed url="<https://prettier.io/playground/#N4Igxg9gdgLgprEAuEcBuBDANgCgGYCuUYMAltAAQ4AOANBRvWPQNb1z0AmAlBcBXAoBeCoWJlKOML34AnODAKyoFMADoYEAMoxZpKAHMcAZgBsvAL4BuCqTxUAhAHIna+dSwYwcHAHoAer70OnqG3DIUAO4AFqRYglIAtIkRnADa6poh+kYY3AC6whQsGYUAPmWqGtq6OTh5FBbFRWliJOQqOHAR8orKFOlwhRb5NoIibRKdPQpKKk4AOksLkQDUTo02YEUAjJtRsfFUYMkRdlQlYPkR1EXUbnAeXj5QcJEUAEpwBgCiAB7UHCLZYAIw2qwEUl4EOBSzB9CcBic3FYpUsjQovTmFFuFiBBgoABYcNxgAAGCgAViECxApmAAHYHBZaVYKTshAAOBgktkUABMNJAvgAnGowKydmpODhaXBabR+bQ8NwrFKQSZuBYnPQdgzdfqKE5MLIyn9oqalFgylACFhrQYEHBZBh4FpnaRsGU8J4DGUABIAFQAQmUdgB9QkAW3DDOixnDlOMsh2hKw4YMxigycJDLJptekTKAGcPV6ABoAWQAMv6YDBqF8AI4EODFmAlhCcMrUaLUMoQagIMoABQA8lpA2VdK3vUR2tBXMWPKQYECysj6GT6MALOEQLQQIOpsXkKAMLJZBBIiOLwhTyhsJEMABPU+HkEusAsBRaDBRuBq30OBkDwbBSw-L8fxgLRqC8HJkBnDgQFLKNSEQ2RW0POAAQ9ADYGwQNnSgC9SDbUDwOQ4scniABFAgIHgCisAgkAACtiz+LQaLgejGJApAwJY5CW34kcr2oB8QAwYtEleOBOAUg8QF0DA4hyABhCAoyjDBkGk+1lOowx4gAQXrPQQQIeAR2dIDXmY1johgKMsAAdVieBl2ed0oGosg0FXF99LAYt3xANBWwASSgRTYC0MA9GoGBTNinQX3iRzkOoK9Szcl1qH0nK22dNAQMPfRS1kGBxIwAxdKyw84NkKr9JBDAQTgLBlJy-QYDc0hOBgaJkE5bcQHkFtSHkWr6r0wTKMPGAOoGoaRqQJUQAIUtAw6h8hNYuAo06zhFM4asMEMAg6rgAAxCBZF0+sEMfayIBACwLCAA>" %}

{% embed url="<https://beautifier.io/>" %}

## Base64/HEX/ROT13 encoding and decoding

Refer to the page [Encoding/decoding](/general/encoding-decoding.md)

## Resources:

{% embed url="<https://academy.hackthebox.com/>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.hackjiji.org/web-pentesting/javascript-obfuscation-deobfuscation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.