[slig]

I'm curious: can you can undo the obfuscation of JScrambler and Obfuscator.io easily? Some time ago I tried to run both through Closure Compiler, but it was way harder than I thought would be.

[zemnmez]

JScrambler I actually did de-obfuscate to bypass some very significant bot detection a few years ago, but it took a bit more doing -- it uses ES6 features IIRC so I had to transpile it down to ES5 via babel first, but it worked OK after that.

has a pretty good crack at obfuscator.io, too: https://closure-compiler.appspot.com/home#code%3D%252F%252F%...

That's the example from the site. "console.log('Hello world')" gets deobfuscated to "console[a(482)]("Hello World!");"

[stavros]

> That's the example from the site. "console.log('Hello world')" gets deobfuscated to "console[a(482)]("Hello World!");"

That does not look deobfuscated to me.

[ByteJockey]

Anyone familiar with JS is going to have some really good guesses at what a(482) is in this case.

And, even if you don't, you can always call a(482)

[stavros]

Yes, but "obfuscated" means "To make so confused or opaque as to be difficult to perceive or understand". That's obfuscated, not deobfuscated.

[_jsza]

Is that difficult? Harder, but still quite easy.

[stavros]

My point was that the GP seems to have mixed the words "obfuscate" and "deobfuscate".