search

pagpeter / deob-transformations

Some babel transformations for deobfuscating nasty javascript
37 stars 5 forks source link

rename_identifiers not working #1

Closed 3052 closed 11 months ago

3052 commented 11 months ago 
const transformations = require('deob-transformations');

const code = `
const c=n.a.get("API.lemonade.url"),d=n.a.get("API.lemonade.urlLinear"),u=n.a.get("API.lemonade.urlVod"),p=n.a.get("API.lemonade.platform"),m=n.a.get("API.lemonade.timeout");
`;

ast = transformations.code_to_ast(code);
transformations.rename_identifiers(ast);
deobbed = transformations.ast_to_code(ast);
console.log(transformations.beautify_code(deobbed));

result:

const c = n.a.get("API.lemonade.url"),
  d = n.a.get("API.lemonade.urlLinear"),
  u = n.a.get("API.lemonade.urlVod"),
  p = n.a.get("API.lemonade.platform"),
  m = n.a.get("API.lemonade.timeout");

using another tool, I get:

const const1_ = n.a.get("API.lemonade.url"),
  const2_ = n.a.get("API.lemonade.urlLinear"),
  const3_ = n.a.get("API.lemonade.urlVod"),
  const4_ = n.a.get("API.lemonade.platform"),
  const5_ = /* global */ n.a.get("API.lemonade.timeout");

https://richsnapp.com/tools/code-unmangler

using another tool, I get:

const varFastenedWheel = n.a.get('API.lemonade.url'), varHairStepped = n.a.get('API.lemonade.urlLinear'), varFourRising = n.a.get('API.lemonade.urlVod'), varCourageYouth = n.a.get('API.lemonade.platform'), varBellRain = n.a.get('API.lemonade.timeout');

https://github.com/relative/synchrony

pagpeter commented 11 months ago

Hey,

The documentation is actually wrong here. rename_identifiers only renames function arguments. In many anti-bot systems, like Cloudflare, this has the same result, because all variables are function parameters (example) I will update the documentation and the name, and will add another function to actually rename identifiers

3052 commented 11 months ago

I will update the documentation and the name, and will add another function to actually rename identifiers

uh OK cool, but you closed the issue. are you gonna comment once that is done? or am I expected to just check the commits daily until its implemented?

pagpeter commented 11 months ago

Ill comment once I fixed it. You can create a PR too if you want / need it quickly, only a few lines.

3052 commented 11 months ago

I am using this for now:

https://richsnapp.com/tools/code-unmangler

it seems to be the best option of the ones I looked at - but if it gets added here I will check it out - thank you sir

pagpeter commented 11 months ago

I just released deob-transformations@1.1.0!

const code = `const c=n.a.get("API.lemonade.url"),d=n.a.get("API.lemonade.urlLinear"),u=n.a.get("API.lemonade.urlVod"),p=n.a.get("API.lemonade.platform"),m=n.a.get("API.lemonade.timeout"); `;

const ast = transformations.code_to_ast(code);

transformations.rename_identifiers(ast);
transformations.rename_function_arguments(ast);

const deobbed = transformations.ast_to_code(ast);
console.log(transformations.beautify_code(deobbed));

Will now result in 

const var_aaa = n.a.get("API.lemonade.url"),
  var_aab = n.a.get("API.lemonade.urlLinear"),
  var_aac = n.a.get("API.lemonade.urlVod"),
  var_aad = n.a.get("API.lemonade.platform"),
  var_aae = n.a.get("API.lemonade.timeout");

You can supply a custom set of names (like, commonly used, a list of first names for readability) by giving rename_identifiers a list of strings as the second argument. (E.g. rename_identifiers(ast, ["John", "Jake", "Peet"])) Hope this covers everything you need.

An online solution, like code-unmangler, will come soon, probably here

3052 commented 11 months ago

looks great, much appreciated