Bytecoin

Prerequisites & Requirements

• Technical Knowledge:
  • Intermediate JavaScript: Ability to read and understand JS syntax, specifically how arrays, functions, and the Document Object Model (DOM) interact.
  • Code Obfuscation Concepts: A basic understanding of why and how code is hidden ( e.g ., variable renaming, string array mapping, and control flow flattening).
  • Command Line Interface (CLI): Comfort navigating directories and executing commands in a terminal (Bash, PowerShell, or Zsh).
• System Requirements:
  • Node.js & NPM: Required to install and run the de-obfuscation tools.
  • Text Editor/IDE: A code editor like VS Code or Sublime Text to analyze the large script files efficiently.

What will you learn?

• Identify Obfuscation Patterns: Recognize the signature characteristics of Obfuscator.io (such as large string arrays, hex-encoded strings, and rotating array shuffles).
• Perform Automated Static Analysis: Use specialized tools to reverse engineer code without executing it, mitigating the risk of running potential malware.
• De-obfuscate JavaScript: Master the use of Webcrack to unpack flattened control flows and restore readable variable names.
• Extract Indicators of Compromise (IoCs): Locate hidden malicious payloads (in this case, a cryptocurrency wallet address) buried within complex logic.

Tools

• Webcrack :
  • Description: A powerful de-obfuscator specifically designed to reverse modifications made by popular tools like obfuscator.io and uglify. It excels at unscrambling arrays and simplifying complex logical expressions.
  • Installation: npm install -g webcrack
• VS Code (or equivalent):
  • Description: Used to inspect the timezone.js file before and after de-obfuscation. Its syntax highlighting and "Go to Definition" features are essential for tracing variables in large scripts.
• Beautifier (Optional):