Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Programming The Internet

Machine Learning Used For JavaScript Code De-obfuscation 31

Posted by Soulskill
from the cleaning-up-the-digital-streets dept.
New submitter velco writes: "ETH Zurich Software Reliability Lab announced JSNice, a statistical de-obfuscation and de-minification tool for JavaScript. The interesting thing about JSNice is that it combines program analysis with machine learning techniques to build a database of name and type regularities from large amounts of available open source code on GitHub. Then, given new JavaScript code, JSNice tries to infer the most likely names and types for that code by basing its decision on the learned regularities in the training phase."
This discussion has been archived. No new comments can be posted.

Machine Learning Used For JavaScript Code De-obfuscation

Comments Filter:
  • Hahahaha! (Score:4, Funny)

    by pigiron (104729) on Tuesday June 03, 2014 @05:34PM (#47160483) Homepage

    The development of tools like these started out of necessity for figuring out old COBOL code.

    • If DIVIDE X BY Y GIVING Z REMAINDER W is the minified version, I'm not sure I want to see the un-minified one!
      • Re: (Score:2, Funny)

        by Anonymous Coward

        That would be
            "DIVIDE REC-WORKER-TOTAL-ANNUAL-SALARY BY WS-HOURS-IN-FISCAL-YEAR
            GIVING WS-HOURLY-RATE REMAINDER WS-ANNUAL-BONUS."
        or something similar.

  • by orionpi (318587) on Tuesday June 03, 2014 @05:50PM (#47160569)

    Now we just run every JavaScript program through an obfuscator then JSNice and we have consistent naming.

    • by Anonymous Coward

      Now we just run every JavaScript program through an obfuscator then JSNice and we have consistent naming.

      You laugh, but I have tried it.

      The naming isn't as good as you would like, but for some projects, it may be an improvement. o.O

  • I tried it on a minified jquery 1.7.2 and got:

    Error compiling input:

    Line 3: Parse error. missing ) after condition
    Line 3: Parse error. unterminated string literal
    Line 4: Parse error. missing ; before statement
    Line 4: Parse error. syntax error
    Line 4: Parse error. missing ) in parenthetical
    Line 4: Parse error. missing } after property list
    Line 4: Parse error. illegal character
    Line 4: Parse error. syntax error
    Line 4: Parse error. illegal character
    Line 4: Parse error. illegal character

  • by guardiangod (880192) on Tuesday June 03, 2014 @08:28PM (#47161377)

    This tool looks very intriguing, so I gave it some malicious code for a spin (all codes are from malicious drive-by sites in the last 24 hours.)
     
     

    /** @type {function (string): *} */
    e = eval;
    /** @type {string} */
    v = "0" + "x";
    /** @type {number} */
    a = 0;
    try {
      a *= 2;
    } catch (q) {
    /** @type {number} */
      a = 1;
    }
    if (!a) {
      try {
        document["bod" + "y"]++;
      } catch (q$$1) {
    /** @type {string} */
        a2 = "_";
      }
      z = "2f_6d_*snip*"["split"](a2);
    /** @type {string} */
      za = "";
    /** @type {number} */
      i = 0;
      for (;i < z.length;i++) {
        za += String["fromCharCode"](e(v + z[i]) - sa);
      }
      zaz = za;
      e(zaz);
    }
    /**
      * @param {string} n
      * @param {string} k
      * @param {number} v
      * @param {string} reason
      * @return {undefined}
      */
    function SetCookie(n, k, v, reason) {
    /** @type {Date} */
      var defaultCenturyStart = new Date;
    /** @type {Date} */
      var expiryDate = new Date;

    Sort of useful, I guess. But ultimately not an essential feature for malicious javascript analysis. I think the tool would be more useful to legitmate JS reverse-engineering tasks as their obfuscated JS are much much bigger.

To avoid criticism, do nothing, say nothing, be nothing. -- Elbert Hubbard

Working...