Can't seem to deobfuscate this

[g0dzcsgo]

Hello, I am trying to deobfuscate some JavaScript that has been obfuscated by obfuscator.io

But this deobfuscator seems to fail

Gist for obfuscated code: https://gist.github.com/g0dzcsgo/fa6e0402b54718a77656a28affd9c396

Output:

[2024-04-14T11:01:34.385Z]: Starting pass 1
[2024-04-14T11:01:34.387Z]: Executing UnusedVariableRemover
Error: TypeError: Property left of ForOfStatement expected node to be of a type ["VariableDeclaration","LVal"] but instead got undefined
[2024-04-14T11:01:34.808Z]: Executed UnusedVariableRemover, modified false
[2024-04-14T11:01:34.808Z]: Executing ConstantPropgator
[2024-04-14T11:01:35.361Z]: Executed ConstantPropgator, modified true
[2024-04-14T11:01:35.361Z]: Executing ReassignmentRemover
[2024-04-14T11:01:35.920Z]: Executed ReassignmentRemover, modified true
[2024-04-14T11:01:35.920Z]: Executing DeadBranchRemover
[2024-04-14T11:01:36.334Z]: Executed DeadBranchRemover, modified false
[2024-04-14T11:01:36.335Z]: Executing ObjectPacker
[2024-04-14T11:01:36.862Z]: Executed ObjectPacker, modified true
[2024-04-14T11:01:36.863Z]: Executing ProxyFunctionInliner
Error: SyntaxError: 'await' is only allowed within async functions and at the top levels of modules. (1:1)
[2024-04-14T11:01:37.079Z]: Executed ProxyFunctionInliner, modified false
[2024-04-14T11:01:37.079Z]: Executing ExpressionSimplifier
[2024-04-14T11:01:37.579Z]: Executed ExpressionSimplifier, modified true
[2024-04-14T11:01:37.580Z]: Executing SequenceSplitter
[2024-04-14T11:01:37.893Z]: Executed SequenceSplitter, modified true
[2024-04-14T11:01:37.894Z]: Executing ControlFlowRecoverer
[2024-04-14T11:01:38.123Z]: Executed ControlFlowRecoverer, modified false
[2024-04-14T11:01:38.123Z]: Executing PropertySimplifier
[2024-04-14T11:01:38.734Z]: Executed PropertySimplifier, modified true
[2024-04-14T11:01:38.734Z]: Executing ObjectSimplifier
[2024-04-14T11:01:38.962Z]: Executed ObjectSimplifier, modified false
[2024-04-14T11:01:38.963Z]: Executing StringRevealer
[2024-04-14T11:01:39.543Z]: Executed StringRevealer, modified true

[2024-04-14T11:01:39.544Z]: Starting pass 2
[2024-04-14T11:01:39.544Z]: Executing UnusedVariableRemover
Error: TypeError: Property left of ForOfStatement expected node to be of a type ["VariableDeclaration","LVal"] but instead got undefined
[2024-04-14T11:01:39.903Z]: Executed UnusedVariableRemover, modified false
[2024-04-14T11:01:39.904Z]: Executing ConstantPropgator
[2024-04-14T11:01:40.430Z]: Executed ConstantPropgator, modified true
[2024-04-14T11:01:40.430Z]: Executing ReassignmentRemover
[2024-04-14T11:01:41.051Z]: Executed ReassignmentRemover, modified false
[2024-04-14T11:01:41.052Z]: Executing DeadBranchRemover
[2024-04-14T11:01:41.535Z]: Executed DeadBranchRemover, modified true
[2024-04-14T11:01:41.535Z]: Executing ObjectPacker
[2024-04-14T11:01:42.080Z]: Executed ObjectPacker, modified true
[2024-04-14T11:01:42.080Z]: Executing ProxyFunctionInliner
Error: SyntaxError: 'await' is only allowed within async functions and at the top levels of modules. (1:1)
[2024-04-14T11:01:42.276Z]: Executed ProxyFunctionInliner, modified false
[2024-04-14T11:01:42.276Z]: Executing ExpressionSimplifier
[2024-04-14T11:01:42.727Z]: Executed ExpressionSimplifier, modified true
[2024-04-14T11:01:42.727Z]: Executing SequenceSplitter
[2024-04-14T11:01:42.851Z]: Executed SequenceSplitter, modified false
[2024-04-14T11:01:42.851Z]: Executing ControlFlowRecoverer
[2024-04-14T11:01:43.021Z]: Executed ControlFlowRecoverer, modified false
[2024-04-14T11:01:43.021Z]: Executing PropertySimplifier
[2024-04-14T11:01:43.513Z]: Executed PropertySimplifier, modified false
[2024-04-14T11:01:43.513Z]: Executing ObjectSimplifier
[2024-04-14T11:01:43.695Z]: Executed ObjectSimplifier, modified true
[2024-04-14T11:01:43.695Z]: Executing StringRevealer
[2024-04-14T11:01:44.198Z]: Executed StringRevealer, modified false

[2024-04-14T11:01:44.199Z]: Starting pass 3
[2024-04-14T11:01:44.199Z]: Executing UnusedVariableRemover
Error: TypeError: Property left of ForOfStatement expected node to be of a type ["VariableDeclaration","LVal"] but instead got undefined
[2024-04-14T11:01:44.535Z]: Executed UnusedVariableRemover, modified false
[2024-04-14T11:01:44.535Z]: Executing ConstantPropgator
[2024-04-14T11:01:45.024Z]: Executed ConstantPropgator, modified true
[2024-04-14T11:01:45.024Z]: Executing ReassignmentRemover
[2024-04-14T11:01:45.542Z]: Executed ReassignmentRemover, modified false
[2024-04-14T11:01:45.542Z]: Executing DeadBranchRemover
[2024-04-14T11:01:45.977Z]: Executed DeadBranchRemover, modified false
[2024-04-14T11:01:45.977Z]: Executing ObjectPacker
[2024-04-14T11:01:46.476Z]: Executed ObjectPacker, modified false
[2024-04-14T11:01:46.477Z]: Executing ProxyFunctionInliner
Error: SyntaxError: 'await' is only allowed within async functions and at the top levels of modules. (1:1)
[2024-04-14T11:01:46.660Z]: Executed ProxyFunctionInliner, modified false
[2024-04-14T11:01:46.660Z]: Executing ExpressionSimplifier
[2024-04-14T11:01:47.102Z]: Executed ExpressionSimplifier, modified true
[2024-04-14T11:01:47.102Z]: Executing SequenceSplitter
[2024-04-14T11:01:47.223Z]: Executed SequenceSplitter, modified false
[2024-04-14T11:01:47.223Z]: Executing ControlFlowRecoverer
[2024-04-14T11:01:47.383Z]: Executed ControlFlowRecoverer, modified false
[2024-04-14T11:01:47.384Z]: Executing PropertySimplifier
[2024-04-14T11:01:47.814Z]: Executed PropertySimplifier, modified false
[2024-04-14T11:01:47.814Z]: Executing ObjectSimplifier
[2024-04-14T11:01:47.987Z]: Executed ObjectSimplifier, modified false
[2024-04-14T11:01:47.988Z]: Executing StringRevealer
[2024-04-14T11:01:48.520Z]: Executed StringRevealer, modified false

[2024-04-14T11:01:48.520Z]: Starting pass 4
[2024-04-14T11:01:48.520Z]: Executing UnusedVariableRemover
Error: TypeError: Cannot read properties of undefined (reading 'buildError')
[2024-04-14T11:01:48.889Z]: Executed UnusedVariableRemover, modified false
[2024-04-14T11:01:48.889Z]: Executing ConstantPropgator
[2024-04-14T11:01:49.438Z]: Executed ConstantPropgator, modified false
[2024-04-14T11:01:49.438Z]: Executing ReassignmentRemover
[2024-04-14T11:01:49.911Z]: Executed ReassignmentRemover, modified false
[2024-04-14T11:01:49.911Z]: Executing DeadBranchRemover
[2024-04-14T11:01:50.332Z]: Executed DeadBranchRemover, modified false
[2024-04-14T11:01:50.332Z]: Executing ObjectPacker
[2024-04-14T11:01:50.860Z]: Executed ObjectPacker, modified false
[2024-04-14T11:01:50.860Z]: Executing ProxyFunctionInliner
Error: SyntaxError: 'await' is only allowed within async functions and at the top levels of modules. (1:1)
[2024-04-14T11:01:51.045Z]: Executed ProxyFunctionInliner, modified false
[2024-04-14T11:01:51.045Z]: Executing ExpressionSimplifier
[2024-04-14T11:01:51.472Z]: Executed ExpressionSimplifier, modified false
[2024-04-14T11:01:51.472Z]: Executing SequenceSplitter
[2024-04-14T11:01:51.584Z]: Executed SequenceSplitter, modified false
[2024-04-14T11:01:51.585Z]: Executing ControlFlowRecoverer
[2024-04-14T11:01:51.739Z]: Executed ControlFlowRecoverer, modified false
[2024-04-14T11:01:51.739Z]: Executing PropertySimplifier
[2024-04-14T11:01:52.155Z]: Executed PropertySimplifier, modified false
[2024-04-14T11:01:52.155Z]: Executing ObjectSimplifier
[2024-04-14T11:01:52.336Z]: Executed ObjectSimplifier, modified false
[2024-04-14T11:01:52.337Z]: Executing StringRevealer
[2024-04-14T11:01:52.838Z]: Executed StringRevealer, modified false
Wrote deobfuscated file to client_decrypt.js

[ben-sb]

That looks like an older version of obfuscator.io which isn't supported by this tool currently. Looks like this tool can though

[ben-sb]

Have added support for this older version in #25

[g0dzcsgo]

Have added support for this older version in #25

Thank you so much!

I just wanted to ask you one more question, why doesnt these work? I assume it's not the same issue as the one I put originally in the post.

https://gist.github.com/g0dzcsgo/f79de3ac143ebdbc30b6718e42d5aa24 https://gist.github.com/g0dzcsgo/ea795ab77f9f930ab5a441162b8d203c https://gist.github.com/g0dzcsgo/da498a683fe3217866c7c1e47f8a7ace

Just curious

[ben-sb]

Those are also slightly different/modified versions of the obfuscator. I'll make an issue for supporting them but probably not something I have time to do at the moment.