Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Programming The Internet

Machine Learning Used For JavaScript Code De-obfuscation 31

New submitter velco writes: "ETH Zurich Software Reliability Lab announced JSNice, a statistical de-obfuscation and de-minification tool for JavaScript. The interesting thing about JSNice is that it combines program analysis with machine learning techniques to build a database of name and type regularities from large amounts of available open source code on GitHub. Then, given new JavaScript code, JSNice tries to infer the most likely names and types for that code by basing its decision on the learned regularities in the training phase."
This discussion has been archived. No new comments can be posted.

Machine Learning Used For JavaScript Code De-obfuscation

Comments Filter:
  • by guardiangod ( 880192 ) on Tuesday June 03, 2014 @09:28PM (#47161377)

    This tool looks very intriguing, so I gave it some malicious code for a spin (all codes are from malicious drive-by sites in the last 24 hours.)

    /** @type {function (string): *} */
    e = eval;
    /** @type {string} */
    v = "0" + "x";
    /** @type {number} */
    a = 0;
    try {
      a *= 2;
    } catch (q) {
    /** @type {number} */
      a = 1;
    if (!a) {
      try {
        document["bod" + "y"]++;
      } catch (q$$1) {
    /** @type {string} */
        a2 = "_";
      z = "2f_6d_*snip*"["split"](a2);
    /** @type {string} */
      za = "";
    /** @type {number} */
      i = 0;
      for (;i < z.length;i++) {
        za += String["fromCharCode"](e(v + z[i]) - sa);
      zaz = za;
      * @param {string} n
      * @param {string} k
      * @param {number} v
      * @param {string} reason
      * @return {undefined}
    function SetCookie(n, k, v, reason) {
    /** @type {Date} */
      var defaultCenturyStart = new Date;
    /** @type {Date} */
      var expiryDate = new Date;

    Sort of useful, I guess. But ultimately not an essential feature for malicious javascript analysis. I think the tool would be more useful to legitmate JS reverse-engineering tasks as their obfuscated JS are much much bigger.

Not only is UNIX dead, it's starting to smell really bad. -- Rob Pike