search

MichaelXF / js-confuser

JS-Confuser is a JavaScript obfuscation tool to make your programs *impossible* to read.
https://js-confuser.com
MIT License
246 stars 37 forks source link

fix `__getGlobal` in BufferToStringTemplate #112

Closed Le0Developer closed 3 months ago

Le0Developer commented 1 year ago

The current implementation does not work as expected. If global is not known, it immediately throws a ReferenceError and does not even try window or new Function("return this")()

MichaelXF commented 3 months ago

Implemented in 1.7.2 through a very similar way

doctor8296 commented 3 months ago

@MichaelXF little note about getting global object. Code can be wrapped in other function like this:

(function(window, globalThis, self, global) {
    // code
})(fakeProxyWindow, fakeProxyWindow, fakeProxyWindow, fakeProxyWindow)

and Function can be easily redefined.

window.Function = Function.prototype.constructor = new Proxy(Function, {
    apply(target, thisArg, args) {
         return Reflect.apply(target, thisArg, args).bind("fakeProxyWindowObject")
    }
});

image

The only way to get pure this with ability to check is by eval. Eval has unique behaviour. It has access to the local scope, unless it is redefined.

let check = false;
eval("check = true")
if (!check) {
    throw new Error("Eval was redefined")
}

const root = eval("this");

Example: image

doctor8296 commented 3 months ago

Also I should note that we can get root by other NON-global function constructors, like GeneratorFunction or AsyncFunction or AsyncGeneratorFunction.

Screenshot 2024-08-05 at 13 58 54
MichaelXF commented 3 months ago

The only way to get pure this with ability to check is by eval. Eval has unique behaviour. It has access to the local scope, unless it is redefined.

let check = false;
eval("check = true")
if (!check) {
    throw new Error("Eval was redefined")
}

const root = eval("this");

This is great, I'll try to find a way to implement this trick.