Ludochaordic
Fantaisies programatico-ludiques

Fun with Javascript string obfuscation

Inspired by this tweeter post by Marcus Lagergren and the JS1K competition, here is a valid Javascript code snippet for you obfuscated code lovers:

ー=!+[]+!+[]+!+[]+!+[],ߺ=ー+ー,ǀ=ߺ+ߺ,ꓹ=!+[]+[],ǃ=!+[]+!+[]+!+[],ᚐ=ꓹ[+[]],ꓹ=ᚐ+ꓹ[ǃ]+(![]+[])[ǃ]+ᚐ,ᚐ=/,/[ꓹ]+[],ꓹ=ǀ+ߺ+!+[]+!+[],ꓹ=ᚐ[ǃ]+ᚐ[ー+!+[]+!+[]],ǃ=+[],ᚐ=+!+[],ǃ=ꓹ[ǃ]+ꓹ[ᚐ]+([][[]]+[])[ᚐ]+(![]+[])[!+[]+!+[]+ᚐ]+(!+[]+[])[ǃ]+(!+[]+[])[ᚐ]+([][[]]+[])[ǃ]+ꓹ[ǃ]+(!+[]+[])[ǃ]+ꓹ[ᚐ]+(!+[]+[])[ᚐ],ᚐ=ǃ[ǃ]+[],ǃ=!+[]+!+[],ꓹ=(!+[]+[])[+[]]+ꓹ[+!+[]]+ᚐ[ߺ+!+[]]+ᚐ[ߺ+ǃ]+ᚐ[ߺ+ǃ+!+[]]+ᚐ[ߺ+ー]+ᚐ[ߺ+ー+!+[]]+ᚐ[ߺ+ー+ǃ],ǃ=ǀ+ǀ+ー,(+[]+!+[]+!+[]+ー+ߺ)[ꓹ](ǃ)+(+[]+!+[]+!+[]+ー+ǀ)[ꓹ](ǃ)+(!+[]+!+[]+!+[]+ߺ)[ꓹ](ǃ)+(+[]+!+[]+!+[]+ߺ)[ꓹ](ǃ)+(+[]+!+[]+!+[]+ー+ߺ+ǀ)[ꓹ](ǃ)+(+[]+ー+ߺ)[ꓹ](ǃ)+(!+[]+ǀ)[ꓹ](ǃ)+(+[]+!+[]+!+[]+ー+ߺ)[ꓹ](ǃ)+(!+[]+!+[]+!+[]+ǀ+ǀ)[ꓹ](ǃ)+ᚐ[ߺ]+(+[]+!+[]+!+[]+ー+ǀ)[ꓹ](ǃ)+(+[]+ߺ+ǀ)[ꓹ](ǃ)+(+[]+!+[]+!+[]+ǀ)[ꓹ](ǃ)+ᚐ[ߺ]+(+[]+ߺ)+ᚐ[ǀ]

Just click here to check on http://repl.it what this snippet evaluates to.

This snippet has been generated by an home-made algorithm, whose goal is to produce Javascript code containing ZERO character, that outputs a string when evaluated. Maybe not very useful, but it's a kind of constrained code writing I guess :) I won't reveal all the tricks I used here, maybe in a later post. There is another one for you:

ー=!+[]+!+[]+!+[]+!+[],ߺ=ー+ー,ǀ=ߺ+ߺ,ꓹ=!+[]+[],ǃ=!+[]+!+[]+!+[],ᚐ=ꓹ[+[]],ꓹ=ᚐ+ꓹ[ǃ]+(![]+[])[ǃ]+ᚐ,ᚐ=/,/[ꓹ]+[],ꓹ=ǀ+ߺ+!+[]+!+[],ꓹ=ᚐ[ǃ]+ᚐ[ー+!+[]+!+[]],ǃ=+[],ᚐ=+!+[],ǃ=ꓹ[ǃ]+ꓹ[ᚐ]+([][[]]+[])[ᚐ]+(![]+[])[!+[]+!+[]+ᚐ]+(!+[]+[])[ǃ]+(!+[]+[])[ᚐ]+([][[]]+[])[ǃ]+ꓹ[ǃ]+(!+[]+[])[ǃ]+ꓹ[ᚐ]+(!+[]+[])[ᚐ],ᚐ=ǃ[ǃ]+[],ǃ=!+[]+!+[],ꓹ=(!+[]+[])[+[]]+ꓹ[+!+[]]+ᚐ[ߺ+!+[]]+ᚐ[ߺ+ǃ]+ᚐ[ߺ+ǃ+!+[]]+ᚐ[ߺ+ー]+ᚐ[ߺ+ー+!+[]]+ᚐ[ߺ+ー+ǃ],ǃ=ǀ+ǀ+ー,(!+[]+ǀ)[ꓹ](ǃ)+(!+[]+!+[]+ー+ߺ)[ꓹ](ǃ)+(!+[]+ー+ǀ)[ꓹ](ǃ)+(!+[]+ー+ǀ)[ꓹ](ǃ)+(ߺ+ǀ)[ꓹ](ǃ)+ᚐ[ߺ]+(ǀ+ǀ)[ꓹ](ǃ)+(ߺ+ǀ)[ꓹ](ǃ)+(!+[]+!+[]+!+[]+ߺ+ǀ)[ꓹ](ǃ)+(!+[]+ー+ǀ)[ꓹ](ǃ)+(!+[]+ー+ߺ)[ꓹ](ǃ)

Again, click here to check its execution on http://repl.it




EDIT [26/11/2014] : Actually, I found out this is not breaking ground at all, there are actually plenty of similar crazy "NoAlnum" hacks & contests : http://security.stackexchange.com/a/8265. Thanks to Thibault for finding out !

Now, the commented source code of my own generic ASCII-to-NoAlnum translator can be found on GitHub.

EDIT[19/12/2014] : there is an equivalent one for Python : http://benkurtovic.com/2014/06/01/obfuscating-hello-world.html

EDIT[3/03/2016] : funnily, the recent vulnerability Ebay has been exposed to relies on the very same trick, except that with JSFuck or hieroglyphy you only need 6 non-alphanumeric characters !

EDIT[27/11/2017] : more creative codeing : http://aem1k.com