search

0v41n / JSConfuser-String-Decryptor

a simple algorithm for statically decrypting the strings of a program obfuscated with JSConfuser
MIT License
24 stars 4 forks source link

Decompile the decompiled #2

Closed AnnonyA closed 3 months ago

AnnonyA commented 11 months ago

Some guys, compile the compiled code, so what i mean whit this?, if can decompile the decompiled, if can do decompile the strings and the entire code like the name of variables and functions. Thanks

Probabilities commented 9 months ago

depends what compiler they are using. It is usually quite easy to decompile nodejs programs. The main compilers are pkg and nexe which there are decompilers on github for both of these. To find out what compiler is used you can open the compiled program in a text editor like vscode and search for the term "pkg" or "nexe".

AnnonyA commented 9 months ago

So, there's no possible way to get the real source code or some of them good, or just the strings?

0v41n commented 9 months ago

Hello, sorry for the long response time, first of all if you have an executable you'll need to decompile it, decompiling depends on the compilation method, in the case of malicious software made in javascript with NodeJS, it may be with pkg or directly with NSIS, then once the obfuscated program is obtained, if it's obfuscated by JSConfuser, it is possible via my project to recover the strings of the decrypted base program, now if you're looking to reconstitute the program completely, to the best of my knowledge there is no program that can automate this, so you have to do it manually, JSConfuser obfuscation isn't as complex as all that, it's just very strange compared to other obfuscations such as obfuscator. io or even JSDefender, the only problem is that this task takes a lot of time, so for lack of time I preferred to at least do a string decryptor to get the important values, currently I don't have enough time to work on this, I'm swamped with classes, I apologise, but to answer your question, if the code is compiled you'll have to decompile it first, and it is indeed possible to unobfuscate and reconstitute an obfuscated program using JSConfuser, but that takes a lot of time. Furthermore, an obfuscation does not guarantee the security of a system; any determined person given enough time will sooner or later succeed in breaking an obfuscation.

Documation12 commented 9 months ago

is this for? https://js-confuser.com/

0v41n commented 9 months ago

Hello, yes this is a JSConfuser string decryptor. Due to lack of time I was unable to create the entire desobfuscator :c

Documation12 commented 8 months ago

this is nice but due to me being on a cromebook idk if i can use this

0v41n commented 8 months ago

I've never used a chromebook, but as long as you can install nodejs, you should be able to use it. If not, it should also work on Linux, so if you have an Android phone, you should be able to use it via Termux.

Documation12 commented 8 months ago

yea bro i got it