search

ben-sb / obfuscator-io-deobfuscator

A deobfuscator for scripts obfuscated by Obfuscator.io
https://obf-io.deobfuscate.io
Apache License 2.0
275 stars 61 forks source link

SyntaxError when running on the website #10

Closed mbomb007 closed 7 months ago

mbomb007 commented 7 months ago

On both Firefox and Chrome-like, I get this error in my browser console when clicking "Deobfuscate".

Uncaught SyntaxError: This experimental syntax requires enabling one of the following parser plugin(s): "jsx", "flow", "typescript". (1:0)
    at constructor (parser.js:372:21)
    at Parser.raise (parser.js:3267:21)
    at Parser.expectOnePlugin (parser.js:3316:20)
    at Parser.parseExprAtom (parser.js:11346:18)
    at Parser.parseExprSubscripts (parser.js:10999:25)
    at Parser.parseUpdate (parser.js:10981:23)
    at Parser.parseMaybeUnary (parser.js:10957:25)
    at Parser.parseMaybeUnaryOrPrivate (parser.js:10794:63)
    at Parser.parseExprOps (parser.js:10799:25)
    at Parser.parseMaybeConditional (parser.js:10776:25)
ben-sb commented 7 months ago

Are you trying to deobfuscate TypeScript or JSX (e.g. React code)? If so it isn't supported via the website. You can try cloning the repo and enabling the Babel parser plugins that the error message mentions, but the deobfuscator isn't intended to support them so can't guarantee it will work.

mbomb007 commented 7 months ago

No. It was HTML and JavaScript that I got from a malicious/spam email attachment

Does the website not support pasting full HTML? Spam emails often put attributes or other strings of the malicious attachment into HTML.

If it's not supported, it'd be great if the UI would show an error or something, rather than expecting users to open the console.

ben-sb commented 7 months ago

It doesn't support deobfuscating HTML, no. You can paste the content of any JS script tags into the deobfuscator though and it should work.

I will add better error handling to my to-do list.

mbomb007 commented 7 months ago

Is there a nice way to deobfuscate JS that has different parts of its JS script placed as pieces of or inside of HTML elements? For example, to have a virtual DOM and watch as it is run? The best way I can think of is to unplug the computer from the network and open in a browser inside a VM, but the code will still be messy as can be and unreadable.

ben-sb commented 7 months ago

You could use a HTML parser and select the content of any JS script tags. If you wanted it to work for non-inline JS then you would have to also fetch the source before deobfuscating.