search

j4k0xb / webcrack

Deobfuscate obfuscator.io, unminify and unpack bundled javascript
https://webcrack.netlify.app
MIT License
647 stars 73 forks source link

Webcrack doesn't fully remove deadcode #57

Open mobapedia opened 5 months ago

mobapedia commented 5 months ago

This code obfuscated with obfuscator.io (high):

function hi() {
  console.log("Hello World!");
}
hi();

Returns this when deobfuscated:

function a() {
  console.log("Hello World!");
}
a();
(function () {
  function a() {
    var a;
    try {
      a = Function("return (function() {}.constructor(\"return this\")( ));")();
    } catch (b) {
      a = window;
    }
    return a;
  }
  var c = a();
  c.setInterval(b, 4000);
})();
mobapedia commented 5 months ago

Not sure if this is the same issue but it also fails to deobfuscate this: https://agma.io/js/ag251.js?v=240

j4k0xb commented 5 months ago

cant reproduce from the example but its random if it works or not. removing dead code is a known issue: #44

Not sure if this is the same issue but it also fails to deobfuscate this: agma.io/js/ag251.js?v=240

this one is obfuscated multiple times in a row and has dead code, possibly a custom/forked version image image

mobapedia commented 4 months ago

The dead code is not removed when mangle variables is on. Otherwise it deobfuscates it fine.

Obfuscated multiple times makes sense. Webcrack usually works on forked versions of obfuscator.io.

Also, why wouldn't it work on code thats obfuscated multiple times?

j4k0xb commented 4 months ago

Also, why wouldn't it work on code thats obfuscated multiple times?

it usually works, but if there dead code is left over it could mess up the next deobfuscations completely (e.g. string array isnt found) compared to a single obfuscation where at least some things succeed

mobapedia commented 4 months ago

ah ok. it was probably a custom version then.