The Daily WTF: Curious Perversions in Information Technology

2024-10-08 Reply Admin

eval("fi" . "rst")

mynameishidden · 2024-10-08 Reply Edit Admin

Amateur. Real programmers who obfuscate things in publically visible Javascript convert the function to hex first. Even better ones convert the entire Javascript codebase to hex and then decode it before execution. Even better ones convert it to hex, then rot13, then back to hex, then pig latin, and finally Egyptian hieroglyphic unicode before repeating everything twice for good measure.

Mr. TA · 2024-10-08 Reply Edit Admin

This is PHP, not Javascript.

Remy Porter · 2024-10-08 Reply Edit Admin

Think how obfuscated it'd be if they wrote their PHP in JavaScript!

Mr. TA · 2024-10-08 Reply Edit Admin

That's an idea. Imagine if JavaScript creates PHP code using string concatenation (for obfuscation purposes, obviously - we're all about security), then sends it to the server using XHR, and that code is executed using PHP's eval. This would achieve total obfuscation (and therefore security!) - nobody can ever find the PHP code which runs in the PHP source files.

2024-10-08 Reply Admin

eval, my favorite function for making something secure!

Dragnslcr · 2024-10-08 Reply Edit Admin

Think how obfuscated it'd be if they wrote their PHP in JavaScript!

I'd rather not. Thanks for the nightmares, though.

2024-10-08 Reply Admin

That how my ransomware remains undetected. Good luck with your heuristics.

Barry Margolin · 2024-10-08 Reply Edit Admin

Using function names that have nothing to do with the actual function seems to be part of the obfuscation.

A Cache Exists

Leave a comment on “A Cache Exists”