- Feature Articles
- CodeSOD
-
Error'd
- Most Recent Articles
- Stop Poking Me!
- Operation Erred Successfully
- A Dark Turn
- Nothing Doing
- Home By Another Way
- Coast Star
- Forsooth
- Epic
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
eval("fi" . "rst")
Edit Admin
Amateur. Real programmers who obfuscate things in publically visible Javascript convert the function to hex first. Even better ones convert the entire Javascript codebase to hex and then decode it before execution. Even better ones convert it to hex, then rot13, then back to hex, then pig latin, and finally Egyptian hieroglyphic unicode before repeating everything twice for good measure.
Edit Admin
This is PHP, not Javascript.
Edit Admin
Think how obfuscated it'd be if they wrote their PHP in JavaScript!
Edit Admin
That's an idea. Imagine if JavaScript creates PHP code using string concatenation (for obfuscation purposes, obviously - we're all about security), then sends it to the server using XHR, and that code is executed using PHP's
eval
. This would achieve total obfuscation (and therefore security!) - nobody can ever find the PHP code which runs in the PHP source files.Admin
eval, my favorite function for making something secure!
Edit Admin
I'd rather not. Thanks for the nightmares, though.
Admin
That how my ransomware remains undetected. Good luck with your heuristics.
Edit Admin
Using function names that have nothing to do with the actual function seems to be part of the obfuscation.