0

I found below javascript code to convert a string to an obfuscated base64 string.

But how to convert it back?

` 

function strobuscate(a) {
      return (a.split('').map(function(c, i) {
        return String.fromCharCode(c.charCodeAt(0) + i % 80);
      }).join('');
    }

`
k123c123
  • 23
  • 6
  • 1
    use atob to convert back. check this https://www.geeksforgeeks.org/html-window-atob-method/#:~:text=The%20Window%20atob()%20method,which%20represents%20the%20decoded%20string. – Harmandeep Singh Kalsi Jun 14 '20 at 12:38
  • @Harmandeep Singh Kalsi Yeah,i know it. but this base64 string is obfuscated, we need deobfuscate before base64decode. – k123c123 Jun 14 '20 at 12:41
  • What have you tried? Invert every operation in the inverse order. – luk2302 Jun 14 '20 at 12:41
  • @luk2302 hello,i tried to replace back "_" to "=", "." with "+" and "-" with "/". but i dont understand following code and how to reverse it. ` return y + obbtoa(a.split('').map(function(e, i) { return String.fromCharCode(e.charCodeAt(0) + i % t); }).join(''));` – k123c123 Jun 14 '20 at 12:52
  • Do you keep `t` somewhere? Otherwise might be quite hard, if I read correctly, since it seems to be a pseudo random seed. – Kaiido Jun 14 '20 at 12:56
  • 1
    @Kaiido `t` is in `y`, which is prepended to the resulting string. – luk2302 Jun 14 '20 at 12:59
  • @luk2302 right so I wasn't reading correctly ;-) – Kaiido Jun 14 '20 at 13:00

1 Answers1

1

You have to invert each operation and invert the order of the operations. I will give you a breakdown of every operation and leave it to you to actually do the inversion:

Preparation:

  • t = parseInt((+new Date()).toString().substr(11)): it gets the the last two digits of the current UTC timestamp, aka the 100th and the 1000th of a second. The || 1 is just for error handling in case the Date does not give a useful result.
  • y = ('0' + t.toString(16)).substr(-2): convert the previous t into base 16. The 0 prefix and -2 substring are once again just corner case error handling

Obfuscation:

  • a.split('').map(function(e, i) { return String.fromCharCode(e.charCodeAt(0) + i % t); }).join(''): iterate over every char of the input string and apply the inner function:
    • get the char code and add the index modulo t and get a String back from that char code
  • pass the char transformed string into obbtoa:
    • btoa the string
    • replace different special characters
  • the y is prepended to the result string so the decoding can know both the t and y.

To get an idea of the reversal:

  • take the first two characters to get y, inverse the operation we used to compute y from t to get "our" t
  • inverse the replacements, inverse the btoa
  • inverse the char transformation by basically doing a - instead of a +
luk2302
  • 55,258
  • 23
  • 97
  • 137
  • 1
    "0 prefix and -2 substring" is actually a padStart(2, '0'), to get a fixed length in case it produced 0x0n – Kaiido Jun 14 '20 at 13:02