User Tools
Sidebar
symbolicjs
This is an old revision of the document!
Table of Contents
Notes on JavaScipt obfuscation
Inspired by JSFuck, but here's the rules:
- 7-bit printable ASCII (32 to 126)
- No alphanumerics (
[a-zA-Z0-9]), no spaces, only``quotes
Build some strings with keywords
Use either `${<code>}` or (<code>+[]) to obtain useful keywords:
| keyword | code |
|---|---|
[object Object] | {} |
true | !`` |
false | ![] |
NaN | -`!` |
undefined | [][[]] |
-Infinity | ~[]/[] |
Index the strings with numerals
| number | code |
|---|---|
| -4 | ~-~-~!`` |
| -3 | ~-~!`` |
| -2 | ~!`` |
| -1 | ~`` |
| -0 | -`` |
| 0 | +`` |
| 1 | +!`` |
| 2 | -~!`` |
| 3 | -~-~!`` |
| 4 | -~-~-~!`` |
Build a basic alphabet
We can use variables, but only those whose name contains `$` and `_` so we'll use some sort of morse code-based encoding, with `$`⇒`.` and `_`⇒`-`, and a prefix to differentiate lowercase and uppercase:
| code | |
|---|---|
| a | $$_=`${![]}`[+!``] |
| b | $_$$$=`${{}}`[-~!``] |
| c | $_$_$=`${{}}`[-~-~-~-~!``] |
| d | $_$$=`${[][[]]}`[-~!``] |
| e | $$=`${!``}`[-~-~!``] |
| f | $$$_$=`${![]}`[-``] |
| i | $$$=`${[][[]]}`[-~-~-~-~!``] |
| j | $$___=`${{}}`[-~-~!``] |
| l | $$_$$=`${![]}`[-~!``] |
| n | $_$=`${[][[]]}`[+!``] |
| o | $___=`${{}}`[+!``] |
| r | $$_$=`${!``}`[+!``] |
| s | $$$$=`${![]}`[-~-~!``] |
| t | $_=`${!``}`[-``] |
| u | $$$_=`${!``}`[-~!``] |
| y | $_$__=`${-~[]/[]}`[-~-~-~-~-~-~!``] |
| I | _$$=`${~[]/[]}`[+!``] |
| N | __$=``${-`!`}`[-``] |
| O | ____=`${{}}`[-~-~-~-~-~-~-~!``] |
| space | ____$=`${{}}`[-~-~-~-~-~-~!``] |
Actually, we can just use the [a,b]=“ab” notation to make it way shorter. Note that using +[] or +`` is now shorter due to the lack of need of parentheses.
[,$___,$_$$$,$$___,$$,$_$_,$_,____$,____]={}+[], [$$$_$,$$_,$$_$$,$$$$]=![]+[], [,$$_$,$$$_]=!``+[], [__$]=-`!`+[], [,_$$,$_$,$$$_$,$$$,$_$,,,$_$__]=~[]/[]+[], [$$$_,,$_$$]=[][[]]+[]
Execute arbitrary code
Now we have enough letters to execute arbitrary code:
$=(_=>_)["constructor"] // returns Function
$=(_=>_)[$_$_$+$___+$_$+$$$$+$_+$$_$+$$$_+$_$_$+$_+$___+$$_$]
Build more letters
We can then use `btoa` to get a lot of the letters we're missing:
[K,C,g,h]=Function("return btoa`((!`")() // returns 'KCgh'
[,,$__$,$$$$$]=$($$_$+$$+$_+$$$_+$$_$+$_$+____$+$_$$$+$_+$___+$$_+`\`((!\``)()
Build the global object
_=Function("return this")()
_=$($$_$+$$+$_+$$$_+$$_$+$_$+____$+$_+$$$$$+$$$+$$$$)()
Access global variables and run some code
_["console"]["log"]("hello")
_[$_$_$+$___+$_$+$$$$+$___+$$_$$+$$][$$_$$+$___+$__$]($$$$$+$$+$$_$$+$$_$$+$___)
Final result
[,$___,$_$$$,$$___,$$,$_$_$,$_,____$,____]={}+[],[$$$_$,$$_,$$_$$,$$$$]=![]+[],[,$$_$,$$$_]=!``+[],[__$]=-`!`+[],[,_$$,$_$,$$$_$,$$$,$_$,,,$_$__]=~[]/[]+[],[$$$_,,$_$$]=[][[]]+[],$=(_=>_)[$_$_$+$___+$_$+$$$$+$_+$$_$+$$$_+$_$_$+$_+$___+$$_$],[,,$__$,$$$$$]=$($$_$+$$+$_+$$$_+$$_$+$_$+____$+$_$$$+$_+$___+$$_+`\`((!\``)(),$($$_$+$$+$_+$$$_+$$_$+$_$+____$+$_+$$$$$+$$$+$$$$)()[$_$_$+$___+$_$+$$$$+$___+$$_$$+$$][$$_$$+$___+$__$]($$$$$+$$+$$_$$+$$_$$+$___)
symbolicjs.1747080436.txt.gz · Last modified: by Yuki