search

ben-sb / deobfuscator-io-archived

73 stars 17 forks source link

RangeError: Invalid string length #8

Open Joe-Palmer opened 3 years ago

Joe-Palmer commented 3 years ago

Thanks for sharing this great tool!

I am getting the following error when I run it on my code:

Removed a self defending expression
Removed string array wrappers
Reversed string obfuscation
/deobfuscator-io/src/deobfuscator.js:136
            editedSource = editedSource.replace(nodeSource, `'${string}'`);
                                        ^

RangeError: Invalid string length
    at String.replace (<anonymous>)
    at esprima.parseScript (/deobfuscator-io/src/deobfuscator.js:136:41)
    at Parser.proxyDelegate [as delegate] (/deobfuscator-io/node_modules/esprima/dist/esprima.js:93:14)
    at Parser.finalize (/deobfuscator-io/node_modules/esprima/dist/esprima.js:2159:19)
    at Parser.parsePrimaryExpression (/deobfuscator-io/node_modules/esprima/dist/esprima.js:2325:30)
    at Parser.inheritCoverGrammar (/deobfuscator-io/node_modules/esprima/dist/esprima.js:2285:37)
    at Parser.parseLeftHandSideExpressionAllowCall (/deobfuscator-io/node_modules/esprima/dist/esprima.js:2899:26)
    at Parser.inheritCoverGrammar (/deobfuscator-io/node_modules/esprima/dist/esprima.js:2285:37)
    at Parser.parseUpdateExpression (/deobfuscator-io/node_modules/esprima/dist/esprima.js:3004:26)
    at Parser.parseUnaryExpression (/deobfuscator-io/node_modules/esprima/dist/esprima.js:3048:26)

Any idea what the problem is? Would you like me to share the code that causes this error?

Thanks for you help.

ben-sb commented 3 years ago

Hi, can you send a sample script that this error occurs on.

Joe-Palmer commented 3 years ago

@sd-soleaio here you go

Thanks

Joe-Palmer commented 3 years ago

I managed to deobfuscate with de4js but it looks like it has been double obfuscated. I now get this error when I try and use your script:

> deobfuscator-io@1.0.0 start deobfuscator-io
> node src/deobfuscator.js

/deobfuscator-io/node_modules/esprima/dist/esprima.js:1995
            throw this.unexpectedTokenError(token, message);
            ^
Error: Line 1624: Unexpected number
    at ErrorHandler.constructError (/deobfuscator-io/node_modules/esprima/dist/esprima.js:5012:22)
    at ErrorHandler.createError (/deobfuscator-io/node_modules/esprima/dist/esprima.js:5028:27)
    at Parser.unexpectedTokenError (/deobfuscator-io/node_modules/esprima/dist/esprima.js:1985:39)
    at Parser.throwUnexpectedToken (/deobfuscator-io/node_modules/esprima/dist/esprima.js:1995:21)
    at Parser.expect (/deobfuscator-io/node_modules/esprima/dist/esprima.js:2168:19)
    at Parser.parseConditionalExpression (/deobfuscator-io/node_modules/esprima/dist/esprima.js:3148:19)
    at Parser.parseAssignmentExpression (/deobfuscator-io/node_modules/esprima/dist/esprima.js:3250:26)
    at Parser.isolateCoverGrammar (/deobfuscator-io/node_modules/esprima/dist/esprima.js:2269:37)
    at Parser.parseAssignmentExpression (/deobfuscator-io/node_modules/esprima/dist/esprima.js:3330:39)
    at Parser.inheritCoverGrammar (/deobfuscator-io/node_modules/esprima/dist/esprima.js:2285:37)

I've uploaded this version here.

Thanks for any help you can provide.

ben-sb commented 3 years ago

Hi, could you upload the script to pastebin (or any other site that doesn't require a download) and I'll take a look, thanks.

Joe-Palmer commented 3 years ago

Sure, this is the original and this is the partially deobfuscated version. Sorry they only have 24 hours to access, this was the only services that supported big enough file sizes.

Thanks

Joe-Palmer commented 3 years ago

Sorry @sd-soleaio, the previous scripts kept expiring so I found another pastebin alternative that supports large enough files and longer time periods:

Original version (first error): https://ghostbin.com/paste/JAXmf De4js version: (second error): https://ghostbin.com/paste/WtKS5

Let me know if there is anything else I can do to help get this deobfuscated. Thanks

Joe-Palmer commented 3 years ago

OK, I have a newer version of the script which is not so heavy and is available here:

https://ghostbin.com/paste/J5rDl

This gives me a new error:

> deobfuscator-io@1.0.0 start /deobfuscator-io
> node src/deobfuscator.js

Removed string array wrappers
Reversed string obfuscation

/deobfuscator-io/node_modules/esprima/dist/esprima.js:5035
            throw this.createError(index, line, col, description);
            ^
Error: Line 1: Unexpected token ILLEGAL
    at ErrorHandler.constructError (/deobfuscator-io/node_modules/esprima/dist/esprima.js:5012:22)
    at ErrorHandler.createError (/deobfuscator-io/node_modules/esprima/dist/esprima.js:5028:27)
    at ErrorHandler.throwError (/deobfuscator-io/node_modules/esprima/dist/esprima.js:5035:21)
    at Scanner.throwUnexpectedToken (/deobfuscator-io/node_modules/esprima/dist/esprima.js:5164:35)
    at Scanner.scanStringLiteral (/deobfuscator-io/node_modules/esprima/dist/esprima.js:5938:19)
    at Scanner.lex (/deobfuscator-io/node_modules/esprima/dist/esprima.js:6240:26)
    at Parser.nextToken (/deobfuscator-io/node_modules/esprima/dist/esprima.js:2079:34)
    at Parser.expect (/deobfuscator-io/node_modules/esprima/dist/esprima.js:2166:27)
    at Parser.parseArguments (/deobfuscator-io/node_modules/esprima/dist/esprima.js:2802:15)
    at Parser.parseLeftHandSideExpressionAllowCall (/deobfuscator-io/node_modules/esprima/dist/esprima.js:2913:76)

Any idea why this might be?

Thanks for looking into this.