NSFW! avgle.com

[user375s]

Test link (required):

https://avgle.com/video/128459/

Screenshot of the web page (including address bar and extension icons) (required):

Screenshot of the console (press F12 to bring up the console) (required):

Explain what was not right (optional if obvious):

Anti-adblock when trying to play video.

Environment (Required):

• Operating System and Version: Windows 10 Home Version 1709
• Browser and Version: Chrome Version 63.0.3239.132 (Official Build) (64-bit)
• Adblocker and Version: uBlock Origin v1.14.24

Your filter lists (Required):

Your custom filters (Required if you have any):

[jspenguin2017]

@mapx- (it's hard anti-adblock)

[mapx-]

already fixed in uBo

[jspenguin2017]

Broke again.

[mapx-]

||avgle.com/templates/frontend/videojs-$script

[mirrorplease123]

It's not working again.

[hoonkai]

Is it fair to say they've managed to defeat anti-adblock killers?

[jspenguin2017]

If they are watching us, there isn't much we can do...

[Fezreal]

https://github.com/reek/anti-adblock-killer/issues/3854 @mapx- please help

[mun3]

Try this https://github.com/mun3/F-ckAvgleAntiAdblock

[jspenguin2017]

There are ways around everything, if they are determined, they will break that in 2 days as well.

[jspenguin2017]

Let's see how long can that Userscript hold. If it fails I'll put up a proprietary solution like for lolalytics.

[jspenguin2017]

It's not possible to beat obfuscated code with clear ones. When a battle goes to this stage, it's pretty much about who has the most time to defeat the other side's obfuscation. The only reasonable way to win is to put in so much obfuscation that the other side gives up. There will never be a "once for all" solution, there are hundreds of solutions burnt at this stage and there are thousands more to come, that is, if the fight continues.

The only other possibility is to have a browser that loads unfiltered page but render a filtered one, but that only works for non-intrusive sites, as prerolls, popups, and crypto mining can't be blocked this way.

[jspenguin2017]

The idea is to have the script interact with unfiltered version of the page, where ads elements will exist; but show the user the filtered version. There is no implementation, just theory at this point.

[jspenguin2017]

OK, the fight just escalated. The Userscript is now obfuscated and the website started IP banning on detection. Doesn't matter what people say, IP banning is effective. I do that too for my proprietary solutions.

[ghajini]

@jspenguin2017 why not make patches day to day/ less frequently until avgle gives up!!! just like done for noadblock.....

@gorhill why adblocker to be on backfoot???

[jspenguin2017]

@ghajini NoAdBlock didn't give up because I keep patching them, they give up because my final solution cannot be bypassed as it hooks directly into Cloudflare's code before NoAdBlock can do anything.

[jspenguin2017]

Also they have IP ban plus heavy obfuscation. I'm making a deobfuscation engine but it didn't go very far since fingerprinting framework functions manually is a huge pain. I need to explore some machine learning algorithms to handle that automatically, but so far no progress.

[jspenguin2017]

Might be able to roll out a fix in ND Extra.

[jspenguin2017]

This issue is referenced in https://gitlab.com/xuhaiyang1234/NanoAdblockerSecretIssues/issues/18 (huge page, around 15k lines of dump)

[jspenguin2017]

OK, NVM, this isn't happening before https://github.com/jspenguin2017/JavaScriptDeobfuscator

[jspenguin2017]

An update on the deobfuscator, I have a decent self-defending buster going, which is pretty useless TBH. Debug protection buster and rotated RC4 string array buster are way more important.

Domain lock seems to be obfuscated with regular code, which is a pain to undo, but undoing it is near useless anyway. I honestly have no idea about how to undo control flow flattening, too many things depend on the runtime. Dead code injection should be undoable when string array is taken care of.

[jspenguin2017]

Alright, I got rotated RC4 string array buster working, here's the result: https://pastebin.com/LNF4kWjh It now fits in Pastebin but still need quite a few cleanups. String array is unfortunately not the only trick that was used.