Almost all Javascipt obfuscation schemes that I've come across in the wild can be defeated by Closure Compiler with advanced optimizations and pretty print turned on & if necessary a little extra manual intervention. It just optimizes out all the cruft. I'd like to see what it does to this code but the author hasn't provided a raw file.
I did too - you need to poke around with the compiler settings.
For jjEncode's sample `alert("Hello, JavaScript" )`[0], the first step of the post's analysis is done for you[1], if you set closure compiler on "advanced mode".
That being said, double-jjEncoding the sample `alert("Hello, JavaScript" )` stumps the closure compiler.
What's particularly cute about the hexadecimal "constants" is that their names correlate to their binary digits. E.g. 0xA = 1010 = $_$_ ; 0xF = 1111 = $$$$ and so on.
Assuming the syntax is valid, tacking (console.log("foo")) on the end of lots of things should log foo, even if there's an error elsewhere. The "console.log('foo')" will be evaluated before trying to call the rest as a function, so even "undefined(console.log('foo'))" logs "foo" when tested in the Firefox JS console:
undefined(console.log('foo'))
TypeError: undefined is not a function
"foo"
This may be an unpopular opinion especially on HN but the fact that you can do this sort of thing in JavaScript is one of the reasons that I am not particularly a fan of the language.
Edit: I was right, it is not a popular opinion and therefore not a valuable one. Let the downvotes rain.
I think the negative reaction is more due to the fact that it doesn't seem to be a well thought-out opinion. There are all sorts of bad things you can say about JavaScript, but I'm not sure that "It permits code obfuscation" makes sense to include on the list.
Online closure compiler: http://closure-compiler.appspot.com