[melissalobos]

To answer your question, yes. Someone absolutely can decode that and figure out the odds. If they couldn't then there would be less obfuscation used. A browser ABSOLUTELY has to be able to run the javascript. Anyone dedicated enough can de-compile that javascript to a program. Is it easy? No, but people do it all the time.

I have had to deal with client that thought they could keep some bit of code secret on a browser before. I have had to explain many many times that anything the browser can do a human can do. So if a browser can run the code, at some point a human can too.

[throwntoday]

I think what the parent meant was, can someone looking at it decode what is going on. Not asking whether it is possible in general.

[michaelsbradley]

That's why they wrote "Anyone dedicated enough can de-compile that javascript..."

Meaning, effectively, it can be de-obfuscated into code with control flow that's readily understood by a human, even if it would take some patience and practice (and the right tools) to perform the de-obfuscation.

Re: the FreeSlots.com program, https://deobfuscate.io shows that most of the obfuscation is related to decoding characters per some algorithm of their devising and eventually eval'ing the string as a JS program. There are likely several tricky rounds of that technique (and others) used at layers within the obfuscated code.

If the FreeSlots devs are clever, then they likely have a scheme to randomly generate the code they want (producing their desired result in terms of odds), where the random part is w.r.t. how the obfuscation layers are composed. Done well, that could make it rather difficult to mechanically de-obfuscate their code changing over time, i.e. without a human intervening to help identify the distinct layers because... parsers are hard.

[zamadatix]

As the other commenter said I think everyone understands it is feasible for someone here to accomplish de-obfuscating the code but the actual question was "Can anyone decode this and figure out the odds generator?". As in "can anyone take out the trash" like actually take the time to do the work of taking out the trash. Not as in explain that it is in fact possible for a dedicated person to tie up a bag, lift it out of the bin, take it outside, and put it in a dumpster. One of those quirks of speech.

I gave it a quick shot with some spare time, was selfishly hoping someone else had done the work when I checked back :p.

[michaelsbradley]

If the economic incentive (or some other abstruse incentive) is great enough for a someone, then that someone will do it, if it's strictly possible and within the scope of their resources, i.e. because they stand to gain / be fulfilled / for the fun of it / experience fame and glory / etc.

[zamadatix]

Perhaps the original ask is better explained as: a request for someone here do the actual deobfuscation.

[michaelsbradley]

Nice way to put it. :-)

I don't feel so incentivized at present, sorry if I'm letting you down.

[gernb]

nothing special about code in a browser. there are regular reports from bug finders where they detail how they disassembled iOS or some native app etc and worked out how some exploit worked

[lovingCranberry]

The Hexrays decompilation plugin for ARM architecture works very fine and produces more readable code than this js :D