VCHR0MBI3'S DIARY

Make it happen.

Mad Code

26 August 2017 5 mins read

Hello People,

I am here with one more topic to share with you. Cool!!

Recently, being a Quoran, I was simply scrolling down the stories and all of a sudden I saw this

on the terminal

I was awestruck to see this, #donut, on a terminal and this is supercalifragilisticexpialidocious simply saying awesome! I was curious to know how could one can write a c code which prints a twirling donut on the terminal when executed. Then I scrolled down for the code, I saw the code and I was like

img

I am pretty sure you will also feel the same after seeing the code, here it is


  //
                 k;double sin()
             ,cos();main(){float A=
           0,B=0,i,j,z[1760];char b[
         1760];printf("\x1b[2J");for(;;
     ){memset(b,32,1760);memset(z,0,7040)
     ;for(j=0;6.28>j;j+=0.07)for(i=0;6.28
    >i;i+=0.02){float c=sin(i),d=cos(j),e=
    sin(A),f=sin(j),g=cos(A),h=d+2,D=1/(c*                
    h*e+f*g+5),l=cos      (i),m=cos(B),n=s\
   in(B),t=c*h*g-f*        e;int x=40+30*D*
   (l*h*m-t*n),y=             12+15*D*(l*h*n
   +t*m),o=x+80*y,           N=8*((f*e-c*d*g
    )*m-c*d*e-f*g-l          *d*n);if(22>y&&
    y>0&&x>0&&80>x&&D>z[o]){z[o]=D;;;b[o]=
    ".,-~:;=!*#$@"[N>0?N:0];}}/*#****!!-*/
     printf("\x1b[H");for(k=0;1761>k;k++)
      putchar(k%80?b[k]:10);A+=0.04;B+=
        0.02;}}/*****####*******!!=;:~
          ~::==!!!**********!!!==::-
            .,~~;;;========;;;:~-.
                ..,--------,*/

Face turned blank, right? 😂 Now here comes our topic Obfuscation.

What is Obfuscation?

According to Wikipedia, Obfuscation is the deliberate act of creating obfuscated code, i.e. source or machine code that is difficult for humans to understand. Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic or implicit values embedded in it, primarily, in order to prevent tampering, deter reverse engineering, or even as a puzzle or recreational challenge for someone reading the source code

For seasoned developers or devops engineers, it’s easy to make this garbled code readable again by deobfuscation. Deobfuscation is essentially reverse-engineering obfuscated code, and for experienced developers, it’s not a difficult task.

What tools for obfuscation are there?

For PHP: Base64 (encode and decode), GLOBAL(), preg_replace, eval(), gzinflate()

For JavaScript: Base64, Eval

There are countless other ways to obfuscate code into all different types of characters, like this tool that obfuscates any code using just a few symbols: (, [, !, +, ], ) try the obfuscation. Open the above link and type your name as

alert("v_chrombie")
([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()[(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]])((+[]+[][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+!+[]+[+[]]]+[][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()[(![]+[])[+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()+[])[!+[]+!+[]]](+[]+[+!+[]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]])[+!+[]]+([][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+[][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()[(![]+[])[+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()+[])[!+[]+!+[]]]((![]+[])[+!+[]]+(+[![]]+[])[+[]])[+[]]+(!![]+[])[+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+((+[])[([][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[+!+[]+[+!+[]]]+([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()+[])[!+[]+!+[]]+(![]+[]+[][[]])[+!+[]+[+[]]]+(!![]+[])[!+[]+!+[]+!+[]])

Let’s work backwards, I will just type this heavy code and I will get output printing vchrombie. This is called deobfuscating the code.

Why should you avoid using obfuscated code

  1. Code runs slower. The first reason to avoid obfuscators is that obfuscation causes code to run extremely slowly. Obfuscators increase the size of your source code many times over. Just look at example I gave. The sample obfuscated code has roughly 4,316 symbols while the original code has only 10. That’s more than 430 times more characters.

    Let’s test something. Below, we’ll obfuscate some minified Google Analytics Counter Code, analytics.js. The original script has 26,258 symbols, but when it’s obfuscated..

    img

    …you get 2,155,258 symbols from 26,258!

    With this in mind, an option is to use obfuscation only for securing parts of code where speed of execution is not a primary goal.

  2. Debugging is more difficult. If you obfuscate your code, other developers will be unable to fix bugs within that code. Also, you should turn off obfuscator to test or debug your own code.

  3. Code is less secure. Obfuscators make your application less secure. Security through obscurity (the principle of all obfuscators) is less secure than other crypto services like ionCube or Zend Guard.

  4. You’ll have platform dependencies. If you use tools from the Internet to obfuscate your code, you run the risk of it being unstable and not working in the future. This obfuscated code will be entirely dependent on the platform, which is subject to change—say, if browsers close security bugs or stop supporting certain older styles of descriptors.

How Do You Deobfuscate Code?

The process of deobfuscation is similar to removing layers of onion. Usually, a code author will package code inside other code, which is inside other packages of code, and so on. Typically, there will be around 2-5 layers of code, but you can find examples with a lot of layers—anywhere from 10-20, and more. Deobfuscating removes these layers, leaving you with clean, readable code. There are a few tools and techniques to do this, deobfuscation.

Then, there are two ways to decode it: manually or automatically. If you’ve never decoded obfuscated code, try automatically with any of the following online services:

There are, however, obfuscated programming competitions, like The International Obfuscated C Code Contest, and there’s a good deal of play around the concept online. It can be a good way to show off to a prospective employer that you have a clever and creative mind and are interested in the just how far you can push a language.

Now save the following C code as Demo.c and try running the code and comment the output you see in the comment section. (feel patriotic!!)

#include
int main() {
  int a = 10, b = 0, c = 10;
  char* str = "TFy!QJu ROo TNn(ROo)SLq SLq ULo+UHs UJq "
              "TNn*RPn/QPbEWS_JSWQAIJO^NBELPeHBFHT}TnALVlBL"
              "OFAkHFOuFETpHCStHAUFAgcEAelclcn^r^r\\tZvYxXyT|S~Pn SPm "
              "SOn TNn ULo0ULo#ULo-WHq!WFs XDt!";
  while (a != 0) {
    a = str[b++];
    while (a-- > 64) {
      if (++c == 90) {
        c = 10;
        putchar('\n');
      }
      else {
        if (b % 2 == 0) putchar('!');
        else putchar(' ');
      }
    }
  }
  return 0;
}

Thank you and make sure you do the above task. 😜