Replies: 1 comment 5 replies
-
Suppose, that nothing hard to find external key |
Beta Was this translation helpful? Give feedback.
5 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
It seems relatively easy to deobfuscate code using online tools. The result is still gibberish, however the used strings can be read. This shows a little too much of the inner workings of our code.
The deopfuscation process seems to be able to find the decodekey for the rc4 directly in the code. So my question is, if it is possible to provide this key as an option when obfuscating, and then provide it, fx. as an variable on the script tag used to run the obfuscated script and then fetch this key using the currentScript global.
If the script is removed after load, it becomes extremely difficult to even see that such key is provided, and it would make the deobfuscation much harder.
What do you think?
Cheers
Beta Was this translation helpful? Give feedback.
All reactions