Comments (10)
I've also added function evaluation as a somewhat experimental feature, you can read the details here https://github.com/sd-soleaio/javascript-deobfuscator#advanced-usage
from javascript-deobfuscator.
Have added a shuffled list of 25k of those names in latest commits
from javascript-deobfuscator.
Hi, the renaming hex identifiers is a good idea, I'll add that.
As for the array of strings and string decoder function, that's a very common obfuscation pattern, your script is obfuscated with https://obfuscator.io
Since this repo is general purpose and not meant to target any specific obfuscator and there are lots of different variants of string encoding like that (so it would be more effort than it's worth to detect them all), I'm probably not going to add support for removing that.
However adding an option to mark a specific function as the string decoder (_0x5ce7 in your case) is something that could work, I'll consider adding that.
I previously did make a (now outdated) deobfuscator, https://github.com/sd-soleaio/deobfuscator-io-archived which could be useful to take a look at if you're interested in further deobfuscating your script (although word of warning, the code isn't the best in that repo).
from javascript-deobfuscator.
Have added renaming of hex identifiers as an option to https://deobfuscate.io
Thanks for the suggestion
from javascript-deobfuscator.
Thank you for all these great new features! If I may make a small suggestion, perhaps it would be better if the trigger to evaluate a function was not something that could be added by a malicious obfuscator. I'm imagining an out-of-band signal, such as a separate data file listing function names. (The web interface could have checkboxes where the user could select which functions should be evaluated.)
from javascript-deobfuscator.
Oh, and perhaps this isn't possible, but if the deobfuscator can tell which variables are being called as functions, it would be nice if they were given more easily differentiable names. One letter function names are harder for me to quickly scan through the source code.
For example, you might have:
var a = ["href", "310326TemamY", "$1//$2", "3789jqLAjI", "201260CufYBR", "includes", "location", "624856ogdMrz", "28pRWhXX", "10734yvtFqz", "352RuMMpQ", "1339PvpRAh", "392868PctkdY", "indexOf", "596BmZxvY"];
var bravo = function (d, e) {
d = d - 440;
var f = a[d];
return f;
};
var charlie = bravo;
charlie(442);
from javascript-deobfuscator.
I agree there are better names than a,b,c etc however any name list used needs to consist of at least 5k words (so it's unlikely to run out). I couldn't find such a list of suitable words (that's not just the dictionary), if you find a good one I'm happy to add it.
As for the trigger to evaluate a function, adding that option to the web interface is a good idea however I'm not a frontend dev and not able to modify the website substantially (without tearing my hair out).
The reason it's best to have it as a directive within the function is it's often not clear (programmatically) what the name of a function is in obfuscated scripts.
i.e.
var someFunc = somePredicate ? 56 : (() => { return function() { /* this function */ } }();
in this case passing the name someFunc to the deobfuscator wouldn't be helpful (as it can't tell what it actually refers to it without executing that conditional expression), whereas the directive within the function makes it easy to tell.
from javascript-deobfuscator.
Thank for the explanation.
Good point about needing a name list that will not run out. I've created a list of names for you from baby name records.
https://github.com/hackerb9/ssa-baby-names .
I still suggest the first 26 functions should be the NATO phonetic alphabet, but after that, functions can be named in order of most commonly given (in a single year): linda
, james
, michael
, robert
, et cetera.
And variables that aren't used as functions should probably remain single letters, but that's just my preference and it sounds like it might be tricky to implement.
from javascript-deobfuscator.
Thanks, will take a look
from javascript-deobfuscator.
For convenience, I've created a list ready to be used as identifiers: identifiers.txt. It contains over 100,000 entries in (roughly) popularity order, but with the NATO phonetic alphabet prepended.
from javascript-deobfuscator.
Related Issues (20)
- Replace proxy functions breaks on function that returns string literal HOT 1
- Deobfuscate array shifting technique efficiently HOT 1
- Function executor does not deal with array of literals and deletes code even if no replacement is found HOT 1
- Does not respond to the script.
- npm ERR! could not determine executable to run HOT 6
- Handle arithmetic double negation HOT 6
- [Bug] Simplify Expression: Fails when variables are present
- [Feature Request] Unpack Objects
- [Bug] Handle separated declaration and assignment
- [Bug] Mishandling of scope HOT 1
- [Feature Request] Remove intermediary variables (or constants)
- [Bug] Proxy function not detected due to variable declaration.
- Comma Expression: different results
- js-deobfuscator: command not found HOT 4
- Unexpected token "{" HOT 4
- Unable to Load
- unnecessary freezing after pasting large code into textarea HOT 3
- DIscord invite down
- npm missing version 1.0.20 HOT 1
- Uncaught Error: Failed to find scope for node FunctionBody HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from javascript-deobfuscator.