Code Review


We start with Code Review, where we will learn about basic code review techniques and obfuscated JavaScript reverse engineering.


JavaScript basic functions and variables

At first glance, after visiting our website, we are welcomed with an empty page, as if the site has no content.

Empty Page

We can look at the source code of the page (by clicking [Ctrl + U] in Firefox), and we see that there are three JavaScript within the page:

Source Code

<!DOCTYPE html>
<meta charset="utf-8"/>
<html>
	<head>
		<script src="md5.min.js"></script> 
		<script src="urlParams.min.js"></script> 
		<script src="sendCode.js"></script>
		<script type="text/javascript">sendCode();</script>
	</head>
</html>

Two JavaScript scripts appear to be minified, and a third JavaScript script sendCode.js. We also see a call to the sendCode() function, which may be linked to sendCode.js. So, let's check it out by clicking on it to view its content.

sendCode.js

We see that the script consists of a very long and obfuscated line. It seems that the sendCode function is obfuscated, and not much else can be told without de-obfuscating the code.

sendCode.js - Obfuscated

eval(function (p, a, c, k, e, d) { e = function (c) { return ...SNIP... gmYotfJBq'.split('|'), 0, {}));

So, in our next section, we will learn how to prettify and reverse the code, using static and dynamic analysis.