http://j.gs/3DYv

[azedlal12]

uBloc Origin detected on http://j.gs/3DYv

[jspenguin2017]

@uBlock-user I have the solution for ay.gy, it also skips countdown. I'll have a look at this one.

if (a.domCmp(["ay.gy"])) {
    //Disable open() before page starts to load and set abgo to an empty function when the page loads
    a.readOnly("open", function () { });
    a.on("load", function () {
        a.win.abgo = function () { };
    });
    //Skip countdown
    const _setInterval = a.win.setInterval;
    a.win.setInterval = function (func) {
        return _setInterval(func, 10);
    };
}

[jspenguin2017]

@uBlock-user OK, this is the evaled code: http://pastebin.com/FEHEdHqH Well... Looks like we'll need a custom tool to decompile this...

[jspenguin2017]

The countdown gets stuck at 1s...

[jspenguin2017]

Hum, do you have other custom filters?

[jspenguin2017]

Man that's some next level obfuscation. There are "URL expander" online, how do they work...

[jspenguin2017]

@uBlock-user URL expanders: http://urlex.org/ http://deadfly.crazytec.net/ <- Doesn't seem to give the correct URL...

[jspenguin2017]

These guys are using bit wise operations to hide strings, there must be another way...

[jspenguin2017]

@uBlock-user Well, at least we can skip the 5 sec countdown... Until they have implementation on server side to force the client to respect the countdown... like Cloudflare... At the end of the day, users only have control over their own devices. We open source volunteers, after all, can't can fight paid professionals whose only job is to shove ads down your throat. Their obfuscation is the best I've seen so far, I'm wondering what tool they used to do that...

[jspenguin2017]

They seems to have anti-view-source mechanism. I know sometimes you see:

            function counter() {
                countdown -= 1;

                $('#countdown').html(countdown);

                if (countdown <= 0) {
                    $('#continue').show();
                    $('#wait').hide();
                    clearInterval(t);
                }
            }

But that is actually fake.

[jspenguin2017]

Also it seems their website is polymorphic, if you refresh view-source a couple times, you'll see the source changes.

[jspenguin2017]

Well, I... surrender... I will NEVER surrender! I recall that eval is called multiple times when the page launches, I bet 2 or 3 of them are decoys. Blocking the whole adf.ly network seems to be a wise choice, considering most adf.ly links are either BS or scam. Look on Yahoo Answers, so many bots abuse this.

BTW your solution https://github.com/reek/anti-adblock-killer/issues/2891#issuecomment-282594498 doesn't work for me.

[jspenguin2017]

An update: Looks like my script still partially works. I think j.gs and q.gs are "premium" hard blocking mode...

Test links:

http://adf.ly/1XHJoS http://adf.ly/249cf http://adf.ly/249hE

http://ay.gy/1kXaTE

http://j.gs/3DYv http://j.gs/8evu

http://q.gs/AtRuw

[jspenguin2017]

@uBlock-user We got a (fully functional... at least for now) solution, it is added to 6.64. Many thanks to @ghajini and developers of AdsBypasser! Looks like the power of open source volunteers are way higher than I thought.

if (a.domCmp(["adf.ly", "ay.gy", "j.gs", "q.gs"])) {
    //Based on: AdsBypasser
    //License: https://github.com/adsbypasser/adsbypasser/blob/master/LICENSE
    a.doc.write = function () { };
    a.win.btoa = function () { };
    a.on("DOMContentLoaded", function () {
        a.win.cookieCheck = function () { };
        let encodedURL = a.doc.head.innerHTML.match(/var eu = '(?!false)(.*)'/)[1];
        const index = encodedURL.indexOf('!HiTommy');
        if (index >= 0) {
            encodedURL = encodedURL.substring(0, index);
        }
        let var1 = "", var2 = "";
        for (let i = 0; i < encodedURL.length; ++i) {
            if (i % 2 === 0) {
                var1 = var1 + encodedURL.charAt(i);
            } else {
                var2 = encodedURL.charAt(i) + var2;
            }
        }
        let decodedURL = a.win.atob(var1 + var2);
        decodedURL = decodedURL.substr(2);
        if (a.win.location.hash) {
            decodedURL += a.win.location.hash;
        }
        a.win.onbeforeunload = null;
        a.win.location.href = decodedURL;
    });
}