a backslash character is not correctly obfuscated (with the options.strings set true): both '\\' and '\x5c' get obfuscated into "\underfined".
a vertical tab specified as '\v' or `\x0b' gets obfuscated into "\xb".
In both cases I got a fatal error from node when executing the obfuscated codes of some large production code base as shown below. However I could not reproduce the same fatal error when testing with a simple test program. In both programs, the behaviors are incorrect.
SyntaxError: Unexpected token ILLEGAL
at exports.runInThisContext (vm.js:53:16)
at Module._compile (module.js:413:25)
at Object.Module._extensions..js (module.js:452:10)
at Module.load (module.js:355:32)
at Function.Module._load (module.js:310:12)
at Function.Module.runMain (module.js:475:10)
at startup (node.js:117:18)
at node.js:951:3
The problem lies in /lib/utils.js:exports.hex() -
if (map[char]) {
result += map[char];
} else if ('\\' == char) {
result += '\\' + str[++i];
} else {
result += '\\x' + str.charCodeAt(i).toString(16);
}
In the case of a single character of escaped backlash, it will cause str[++i] producing "undefined". For the case of '\v', the leading zero is perhaps dropped by the charCodeAt(i).
On this version of obfuscator:
'\\'and'\x5c'get obfuscated into"\underfined".'\v'or`\x0b'gets obfuscated into"\xb".In both cases I got a fatal error from node when executing the obfuscated codes of some large production code base as shown below. However I could not reproduce the same fatal error when testing with a simple test program. In both programs, the behaviors are incorrect.
The problem lies in /lib/utils.js:exports.hex() -
In the case of a single character of escaped backlash, it will cause
str[++i]producing"undefined". For the case of'\v', the leading zero is perhaps dropped by thecharCodeAt(i).Suggested fix: expanding the map object in /lib/utils.js to include all the official JavaScript special characters as defined in https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Grammar_and_types: