Member-only story
Common Text Encoding Methods for Code Obfuscation
There are many ways to make code more difficult to read and detect by systems. One common technique is to use encoding methods that convert text into a different form. In this discussion, we will explore three popular encoding methods: base64, hex, and rot13.
Base64
Base64 encoding is frequently employed to minimize the usage of special characters. When a string is encoded in base64, the resulting encoded string consists solely of alphanumeric characters, along with the symbols “+” and “/”. Regardless of the input format, such as binary, the resulting base64 encoded string will only utilize these characters.
Identifying base64 encoded strings is relatively straightforward as they exclusively comprise alphanumeric characters. Additionally, base64 encoding utilizes padding with “=” characters. The length of a base64 encoded string must always be a multiple of 4. If the output is only 3 characters long, for example, an extra “=” character is added as padding.
To encode any text into base64 on Linux, you can use the “echo” command followed by a pipe (“|”) to “base64”:
Base64 Encode
$ echo https://www.example.com/ | base64
aHR0cHM6Ly93d3cuZXhhbXBsZS5jb20vLw==To decode a base64 encoded string, you can use the “base64 -d” command:
Base64 Decode
$ echo aHR0cHM6Ly93d3cuZXhhbXBsZS5jb20vLw== | base64 -d
https://www.example.com/Hex
Another widely used encoding method is hex encoding, which represents each character as its corresponding hexadecimal value in the ASCII table. For instance, the character “a” is encoded as “61” in hex, “b” as “62”, “c” as “63”, and so on. The complete ASCII table can be referenced in Linux using the “man ascii” command.
Identifying hex encoded strings is as simple as recognizing that they consist solely of hexadecimal characters, including the digits 0–9 and the letters a-f, totaling 16 characters.
To encode any string into hex on Linux, you can use the “xxd -p” command:
Hex Encode
$ echo https://www.example.com/ | xxd -p
68747470733a2f2f7777772e6578616d706c652e636f6d2fTo decode a hex encoded string, you can utilize the “xxd -p -r” command:
Hex Decode
$ echo 68747470733a2f2f7777772e6578616d706c652e636f6d2f | xxd -p -r
https://www.example.com/