Closed jimmywarting closed 3 years ago
After finding the property name, need to check whether the new variable name is being used or not, handle duplication, ... What do you do with data like this:
let m = 'hello';
// something
m += ' world!';
const a = 'success', b = 'error';
const alertStore = [
{
type: a,
message: m,
},
{
type: b,
message: m,
},
{
type: b,
message: m,
},
{
type: b,
message: m,
},
{
type: a,
message: m,
},
];
It is a complicated job should be a separate project. I'm afraid my knowledge is not enough. By the way, this is the output from UglifyJS 3:
function hello(n) {
return {
action: 'alert',
message: n,
};
}
function init() {
hello('world');
}
Ps: Oh, I see your nickname quite familiar, I have used StreamSaver.js in a few projects. :tada:
I haven't looked into the in and out of your code to see how you de-fuck javascript. But I assume some AST (abstract syntax tree) is used to parse the code into plain objects?
for the case of duplication eg:
let m = 'hello'
const alertStore = [
{ message: m },
{ message: m }
];
then equivalent corresponding AST object would look something like this:
{
scope: [
{ type: variable, using: 'let': key: 'm', value: {type: 'string', value: 'hello'} },
{ type: variable, using: 'const': key: 'alertStore', value: {type: 'array', value: [
{ type: 'object', keys: {
message: __REFERENCE_TO_OBJECT_M__
} },
{ type: 'object', keys: {
message: __REFERENCE_TO_OBJECT_M__
} }
] } },
]
}
(ps: long time ago since i had a look at AST but it's something like this)
for the case of { message: m }
you won't have to actually replace code or string since it's just a object reference in AST to { type: variable, using: 'let': key: 'm', value: {type: 'string', value: 'hello'} }
so you only have to change one object { type: 'variable', key: 'm', ...}.key = 'message'
to replace the hole AST and it's output?
ofc there is also some concern about the scope also (i'm guessing)
Ps: Oh, I see your nickname quite familiar, I have used StreamSaver.js in a few projects. đ
Cool đ
My code is a mess, take a look at lib/utils.js and lib/obfuscatorio.js. I mainly use regex to parse some strings needed for decoding, but not the entire source code to have the complete AST.
There are other projects that use AST like deobfuscator-io, I will probably still use my way for a while... to look different.
Ps: I'm looking at the project I linked above, here's what you said - update the variable name: https://github.com/sd-soleaio/deobfuscator-io/blob/b0be2cb04845d6a6d5f4bb8eed3f8574837fe141/src/deobfuscator.js#L154-L167
Short variable names ain't nice, JS nice uses a subset of variable names but isn't the right word
It would be cool if if it could be context aware and convert 1 length variable names to the same property name if they are used in a object.
Example input:
output
a
gets converted toaction
, cuz the variable gets renamed to match the property name in the objectm
gets converted tomessage
, cuz the variable gets renamed to match the property name in the objectAnother example that can expand on function argument names (based on the above output)
outputs
AST knows that
hello
s first argument name ismessage
so it can use the same variable name