Open 9382 opened 5 months ago
generally it merges strings and inlines objects at the same time to avoid this:
but when looking up properties (_0x4fa635["EIrI" + 'Y']
), they aren't visited/merged yet:
function main() {
var _0x4fa635 = {
'EIrIY': "Running",
'nFgHG': function (_0x4a2455, _0x1fc706) {
return _0x4a2455 + _0x1fc706;
}
};
console["log"](_0x4fa635["EIrI" + 'Y']);
for (var _0x26704d in [0x1, 0x2, 0x3, 0x4]) {
console["log"](_0x4fa635["nFgH" + 'G'](_0x26704d, 0x5));
}
}
haven't seen that happen before because https://obfuscator.io/#splitstringschunklength defaults to 10, but these properties always have length 5
maybe I'll merge strings earlier when decoding _0x37295b(3) + "Y"
-> "EIrIY"
String concatenations prevent the deobfuscator from realising it could simplify table references to be inlined The below scripts have string arrays enabled (obfuscator.io stuff) since otherwise the deobfuscator wont even attempt to minify the table references Flattened (deobfuscation is perfectly fine):
Flattened + Split strings (doesn't deobfuscate well):
(I assume its essentially an order of operations issue. I'd attempted to look into this myself but couldn't get the build process to cooperate at all)