mindedsecurity / jstillery Goto Github PK

View Code? Open in Web Editor NEW

849.0 849.0 143.0 982 KB

Advanced JavaScript Deobfuscation via Partial Evaluation

License: GNU General Public License v3.0

HTML 2.34% CSS 5.78% JavaScript 91.88%

jstillery's People

Contributors

Stargazers

Watchers

Forkers

inarcissuss pl3b lovesuae democrc threatinteltest gbrindisi bbghunter xunnun avaudioplayer b1gw00d s0urcec0der yield-c petrjakubec cacker pentestingtools d4nnyk 0xsobky wisdark aancw expertasif fuhuiliu crackercat lidd1224856175 qsdj idkwim lxkxc blacktrace jack51706 andyhao567 scrapyutilsdevteam guangxb guling sumeyyesuslu hapazores h0k5 lovebair2022 lyhiving deelmind danrui joshgoodwin ruchirarya robertomalatesta kunnan mario206 y11en vanton ith4cker jymit mmg1 thedr1ver hieubct mackentoch unforeseenocean spacex-2022 seabreg kuustudio pboy0922 weituotian zzl09 gtchendong cgf150 chenzifeng cheaphunter hcygithub wanghuatao marin111 charygao metal88888 xwangkai klcbourne testpass jacobi2017 left-hai su-action wrobezin zermylf tridentl mytestlab6969 5l1v3r1 helojo 309746069 hengle 1364468984qqcom ykankaya d4tocchini dreamzhou girwarkishor cotide zhguo sa1g0n1337 odora macle-abc hhy5277 georgejzzz elig0n steadyhua hpelitebook745g2 fzhzx msewebchen zhudongjie

jstillery's Issues

Backtick is not being processed

Try this one:

a = String.fromCharCode`41`;
b = a

Expected result:

a = ')';
b = ')';

Сurrent result:

a = String.fromCharCode`41`;
b = String.fromCharCode`41`;

Lots of errors on my sample file

I'm creating a JavaScript module for DVWA and this is the high security level JS code:

https://github.com/digininja/DVWA/blob/javascript/vulnerabilities/javascript/source/high.js

I've just ran it through JStillery and got a few errors including this repeated for 7, 8 and 9:

EXC [TypeError: Cannot read property '9' of undefined] TypeError: Cannot read property '9' of undefined

And this:

[RangeError: Maximum call stack size exceeded]

I'm running nodejs in Ubuntu 16.04 which seems to be quite an old version (v4.2.6) so it may be that that is causing the problems. I know it doesn't have the ** operator so had to fudge that a bit to get the script to run.

Fails with Katakana

Love this project! Finally, a way to deobfuscate JSFuck 👍

But not all my code gets cleaned up. Eg test this one:

ウ=""   ,ア=     !ウ+     ウ,ネ     =!ア     +ウ,    ホ=ウ
+{},    ヌ=ア    [ウ++    ],セ=     ア[ミ    =ウ]    ,ハ=
++ミ    +ウ,     ヘ=ホ    [ミ+ハ    ],ア[    ヘ+=    ホ[ウ
]+(ホ  .ホ+ホ    )[ウ]    +ネ[ハ    ]+ヌ+    セ+ア   [ミ]+
ヘ+ヌ            +ホ[     ウ]+セ    ][ヘ]    (ネ[
ウ]+             ネ[ミ              ]+ア     [ハ]+
                 セ+ヌ+            "(ウ)"
                 )()

It will to an alert(1), too – but the resulting code can't be evaluated.

PS: Taken from http://aem1k.com/

For loop + incrementation

var x = 0; for (var i = 0; i < 1; i++) x++
if (x) alert("a");

var x = 0;
for (var i = 0; i < 1; i++)
    x++;
if (0)
    alert('a');

Temporary objects are not recognized

Example code:

var x = { y: { foo:42} }
return x.y.foo;

It does replace the x but then fails due to the object having no name which makes it search in the global scope. Possibly also/instead when foo is a function (returning a const)

Writing in arrays cause invalid result

Hello.

Defining an array, then writing to it and using it causes invalid result. Here is a minimal example showing the behavior:

Original:
====================
var a = ["hello"];
a[0] = "bye";
console.log(a[0]);

====================
____________________
Deobfuscated Code
var a = ['hello'];
'hello' = 'bye';
console.log('hello');

Custom scope implementation: Reasoning

I'm interested in why the custom scope implementation was done and what exactly it does. There are other scope-resolving implementations (e.g. escope) which could be used instead. Why are they not?

how to handle comma?

example:

        return e[n].call(o.exports, o, o.exports, t),
        o.loaded = !0,
        o.exports

what i want :

        e[n].call(o.exports, o, o.exports, t);
        o.loaded = !0;
        return o.exports;

function.toString not recognized

I found that function foo(){return 1;}.toString() is not transformed while ""+function foo(){return 1;} is.

However there is also a major problem in that not the original function including formatting is returned which breaks further code.

array.join('') doesn't work as expected

// original
Ye = ['p', 'r', 'o', 't', 'o', 't', 'y', 'p', 'e'].join('');
// deobfuscate
Ye = 'p,r,o,t,o,t,y,p,e';
// expect
Ye = 'prototype';

TypeError: Converting circular structure to JSON

https://static.meituan.net/bs/yoda-static/file:file/i/js/yoda.67cf2f12a78741c0.js

enhancement: IfStatement expressions has mutil

great repo! and i have some suggest to improve it!

one user case:

var a = Math.ramdom();
var b = Math.ramdom();
if (a = a + 0.2, b = b + 0.1, a > b) {
    console.log('haha');
}

i want it to

var a = Math.ramdom();
var b = Math.ramdom();
a = a + 0.2;
b = b + 0.1;
if (a > b) {
    console.log('haha');
}

does it easy to do it?

Added replacing of hexadecimal chars in strings

Just a snippet

'\x4d\x6f\x75\x73\x65\x4d\x6f\x76\x65\x6d\x65\x6e\x74': {
                        '\x66\x69\x65\x6c\x64\x73': {
                            '\x74\x69\x6d\x65': {
                                '\x74\x79\x70\x65': p7b,
                                '\x69\x64': +X0x.y1B
                            },
                            '\x78': {
                                '\x74\x79\x70\x65': I0x.w3y(+c0x.i0B),
                                '\x69\x64': X0x.I7B * I0x.f5l
                            },
                            '\x79': {
                                '\x74\x79\x70\x65': I0x.r3y(+c0x.i0B),
                                '\x69\x64': +c0x.b5B
                            },
                            '\x77\x78': {
                                '\x74\x79\x70\x65': I0x.w3y(+c0x.i0B),
                                '\x69\x64': I0x.x5l
                            },
                            '\x77\x79': {
                                '\x74\x79\x70\x65': I0x.w3y(c0x.i0B - I0x.J5l),
                                '\x69\x64': +G0x.f6B
                            }
                        }
                    },

It could be very usefull to do replace of hex chars to ascii equivalent.

Be aware, if you will try, to avoid replacing of escaped one !

So \x3a need to be replaced, but \x3a not !

Implicit String Coercion Not Reliably Handled

Hi, Stefano!

I see that the tool can now handle this correctly:
x = 'al'+(top+0)[4]+'r'+(top+0)[6];eval(x)(1);

However, the tool still fails to handle similar cases:

$ ./jstillery_cli.js obfuscated.js
Original:
====================
eval((typeof!this)[5]+(typeof!this)[3]+(typeof!this)[4]+'rt')(0);
====================
____________________
Deobfuscated Code
undefinedundefinedundefinedrt;(0);

The correct output should rather be alert(0);. I haven't taken a look at the code yet, but I hope it's something trivial to fix.

Thanks!

Values are propagated from conditionals which don't execute

Input:

x = 1;
if (false) {
	x--;
}
if (x == 0) {
  alert(1);
}

Output:

x = 1;
if (false) {
    1;
}
if (true) {
    alert(1);
}

Stringifying functions

Converting a function to a string can give different results depending on which environment is running the code.

"" + console.log

gives

"function () { [native code] }"

in JStillery while in chrome it gives

"function log() { [native code] }"

and in firefox

"function log() {\n    [native code]\n}"

"" + function() {/* Hello world */}

should also return

"function() {/* Hello world */}"

instead of

"function () {\n}"

like it does right now.

I think it would be great if options were added to JStillery where you could specify which environment should be emulated, where you could choose a browser for example.

[EE] Error: Should not happen

https://static.meituan.net/bs/yoda-static/file:file/i/js/slider.ceecec38ebfa35cd.js

TypeError

TypeError: Cannot set property 'firstObj' of undefined

how to handle Trinocular operator?

hi, i meet som problem in translate Trinocular operator.

offsetPoint.x > 0 && 0 === offsetPoint.y ? a = 0 : 0 === offsetPoint.x && offsetPoint.y < 0 ? a = 270 : offsetPoint.x < 0 && 0 === offsetPoint.y ? a = 180 : offsetPoint.x < 0 && offsetPoint.y < 0 ? a = 180 + r : offsetPoint.x < 0 && offsetPoint.y > 0 ? a = 180 - r : offsetPoint.x > 0 && offsetPoint.y > 0 ? a = r : offsetPoint.x > 0 && offsetPoint.y < 0 && (a = 360 - r)

what i want is

        if (0 === offsetPoint.x && offsetPoint.y > 0) {
            let a = 90;
        } else {
            if (offsetPoint.x > 0 && 0 === offsetPoint.y) {
                a = 0;
            } else {
                if (0 === offsetPoint.x && offsetPoint.y < 0) {
                    a = 270;
                } else {
                    if (offsetPoint.x < 0 && 0 === offsetPoint.y) {
                        a = 180;
                    } else {
                        if (offsetPoint.x < 0 && offsetPoint.y < 0) {
                            a = 180 + r;
                        } else {
                            if (offsetPoint.x < 0 && offsetPoint.y > 0) {
                                a = 180 - r
                            } else {

                                if (offsetPoint.x > 0 && offsetPoint.y > 0) {
                                    a = r;
                                } else {
                                    if (offsetPoint.x > 0 && offsetPoint.y < 0) {
                                        a = 360 - r
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }

        if (0 === offsetPoint.x && offsetPoint.y > 0) {
            let a = 90;
        } else if (offsetPoint.x > 0 && 0 === offsetPoint.y) {
            a = 0;
        } else if (0 === offsetPoint.x && offsetPoint.y < 0) {
            a = 270;
        } else if (offsetPoint.x < 0 && 0 === offsetPoint.y) {
            a = 180;
        } else if (offsetPoint.x < 0 && offsetPoint.y < 0) {
            a = 180 + r;
        } else if (offsetPoint.x < 0 && offsetPoint.y > 0) {
            a = 180 - r
        } else if (offsetPoint.x > 0 && offsetPoint.y > 0) {
            a = r;
        } else if (offsetPoint.x > 0 && offsetPoint.y < 0) {
            a = 360 - r
        }

it may so hard to make this, but it is helpful to debundle js. thanks!

{"toString":[...]} does not return correct return value

""+{toString:function(){ return "" }} or ""+{valueOf:function(){ return "" }} should return "" but JStillery returns "[object Object]".
The following code should execute alert(/pass/) but due to this behavior an inifinity loop happens on JStillery.

x = ""+{
    toString: function() {
        return "";
    }
};
if (x) {
    Function("while(1){};return;")();
} else {
    alert(/pass/);
}

Cant deobfuscate

js error:deobfuscate is not defined

Some opaque predicates

I don't know if opaque predicates are in bound, but in the REPL,

const a = !!(Math.random() < 2)
const b = !!(new Date().getYear())
const c = !!Date.now()
const d = !((+c/0) == (+c/0))

deobfuscates to

const a = !!(Math.random() < 2);
const b = !!new Date().getYear();
const c = !!Date.now();
const d = !(+!!Date.now() / 0 == +!!Date.now() / 0);

JSFuck single quotations

JSFuck'd x = 'a':

[].filter.constructor('x = ' + [].filter.constructor('return unescape')()('undefined27') + 'a' + [].filter.constructor('return unescape')()('undefined27'))();

Invalid behavior when using identifiers

undefined + 2;
NaN + 2;
Infinity + 2;

results in:

'undefined2';
'NaN2';
'Infinity2';

Expected result:

NaN;
NaN;
Infinity;

Also when Infinity is evaluated, it is printed as 1e+400:

1 / 0

1e+400;

Eval issues

Eval places an unnecessary semicolon leading to a syntax error:

([] + eval("5 + 5"))[0]

([] + 10;)[0];

Other unexpected behavior:

eval("5") + "test";
eval("") + "test";

'undefinedtest';
({
}); + 'test';

It would also be great if more complex forms of function construction were supported, like:

[].filter.constructor("return 5 + 5")();
Array.prototype.filter.constructor("return 5 + 5")();
Array.prototype.constructor.constructor("return 5 + 5")();

Windows Script Host error

Error: Invalid character
Code:800A03F6
Source: Microsoft JScript compilation error

Invalid increment syntax, and other small issues

++[[]][0]

results in

++[]

which is invalid syntax.

When chained together

++[++[++[[]][0]][0]][0]

it results in

++++++[];

Expected result would be 1 and 3 respectively.

Add more test cases

Hi there, can you add some test case other than this one?

echo 'a= String.fromCharCode(41);b=a'|  ./jstillery_cli.js

Perhaps some malicious example downloaded from Virustotal etc.

It would help people understand the advantage of JStillery tool

Assignment is deobfuscated to undefined

JSFuck'd x = 5, deobfuscated result is

[].filter.constructor('x undefined 5')();

SyntaxError: Unexpected token *

i don't know if it is my problem...because it worked for you...but i do face the problem.
i was started in powershell.

error

command:

echo 'a= String.fromCharCode(41);b=a'| node ./jstillery_cli.js

response:

*command:

npm start

response:

*command:

node ./jstillery_cli.js

response:

my environment

node version: v6.11.2
npm version: 3.10.10
OS: windows 10 1709 x64

not execute !1

    function h(a) {
        e(a);
        return H(a) ? (d.push(l), A(a, b, [!1, !1], d)) : a
    }

    function k() {
        var a = {},
            c;
        for (c in x) a[c] = !0;
        for (c in b) a[c] = !0;
        return a
    }

function g(){throw"TheLanguage PANIC";}function aa(a,b){return[11,a,b]}function m(a){return 11===a[0]}function ba(a){for(;m(a);)a=a[2];return a}function n(a){return 0===a[0]}function p(a,b){return a===b?!0:a[1]===b[1]?(q(a,b),!0):!1}function ca(a,b){return[1,a,b]}function r(a){return 1===a[0]}function t(a){return a[1]}function da(a){return a[2]}function u(a){return 2===a[0]}function ea(a,b){return[3,a,b]}function v(a){return 3===a[0]}function fa(a){return a[1]}function ia(a){return a[2]}
function ja(a,b){return[4,a,b]}function w(a){return 4===a[0]}function la(a){return a[1]}function ma(a){return a[2]}function na(a){return 5===a[0]}function pa(a){return a[2]}function y(a,b){return[7,a,b]}function qa(a,b){return[9,a,b]}function z(a){a=A(a);if(v(a)||w(a)||r(a)||m(a))a[1]=z(a[1]),a[2]=z(a[2]);return a}function ra(a){var b=sa(a);if(v(b)||w(b)||r(b))if(b[1]=z(b[1]),b[2]=z(b[2]),m(b[1])||m(b[2])){a=[10];ta(a,b);var c=b[2];b=ra(b[1]);c=ra(c);a[1]=b;a[2]=c}else a=b;else a=b;return a}
function q(a,b){a!==b&&(a===B&&(a=b,b=B),a[0]=5,a[1]=b,a[2]=!1,a[3]=!1)}function ta(a,b){10===a[0]||g();10!==b[0]||g();a[0]=b[0];a[1]=b[1];a[2]=b[2];a[3]=b[3]}function C(a){for(var b=B,c=a.length-1;0<=c;c--)b=[1,a[c],b];return b}function ua(a,b,c){for(var d=[];r(a);)d.push(a[1]),a=a[2];return u(a)?b(d):c(d,a)}function D(a){return ua(a,function(a){return a},function(){return!1})}function E(){for(var a=[],b=0;b<arguments.length;b++)a[b]=arguments[b];return C(a)}
function G(a){if(!na(a))return a;for(var b=[];na(a);)b.push(a),a=a[1];for(var c=0;c<b.length;c++)q(b[c],a);return a}function va(a){return 6===a[0]||8===a[0]||7===a[0]||9===a[0]}function H(a){return na(a)||va(a)}function wa(a){if(6===a[0])return a;if(8===a[0])throw"WIP";if(7===a[0])throw"WIP";if(9===a[0])throw"WIP";return g()}
function A(a,b,c,d){function e(a){q(l,a);for(var b=0;b<d.length;b++)q(d[b],a);return a}function f(){c[1]=!0;return h(ya)}function h(a){e(a);return H(a)?(d.push(l),A(a,b,[!1,!1],d)):a}function k(){var a={},c;for(c in x)a[c]=!0;for(c in b)a[c]=!0;return a}void 0===b&&(b={});void 0===c&&(c=[!1,!1]);void 0===d&&(d=[]);var x={},l=a;for(a=0;H(l)&&32>a;a++)d.push(l),l=I(l);for(;H(l);){a=J(l);if(!0===b[a])return f();if(!0===x[a]){c[0]=!0;if(6===l[0])return f();if(7===l[0]){a=l[1];for(var F=l[2],X=!1,Y=0,
ha=[za,Aa,Ba,Ca,Da,Ea,Fa,Ga,Ha,Ia,Ja];Y<ha.length;Y++)if(K(ha[Y],a)){X=!0;break}if(X)return 1===F.length||g(),!1===c[1]||g(),F=A(F[0],k(),c),c[1]?h(y(a,[F])):g();if(K(a,Ka)||K(a,La)||K(a,Ma))return f();if(K(a,Na)&&(3===F.length||g(),!1===c[1]||g(),a=A(F[0],k(),c),c[1]))return h(y(Na,[a,F[1],F[2]]))}else if(8===l[0]||9===l[0])return f();return g()}x[a]=!0;d.push(l);l=I(l)}return e(l)}
function I(a){var b=G(a);!na(b)||g();a=6===b[0]?Oa(b[1],b[2],a):8===b[0]?Pa(b[1],b[2],b[3]):7===b[0]?Qa(b[1],b[2],a):9===b[0]?Ra(b[1],b[2],a):b;a=G(a);q(b,a);return a}function sa(a){for(;H(a)||m(a);)a=A(ba(a));return a}function Sa(a,b,c){for(var d=[],e=0;e<a.length;e+=2){if(K(a[e],b)){d[e]=b;d[e+1]=c;for(e+=2;e<a.length;e+=2)d[e]=a[e],d[e+1]=a[e+1];return d}d[e]=a[e];d[e+1]=a[e+1]}d[a.length]=b;d[a.length+1]=c;return d}
function Ta(a,b,c){for(var d=0;d<a.length;d+=2)if(K(a[d],b))return a[d+1];return c}function Ua(a,b){for(var c=0;c<a.length;c+=2)if(K(a[c],b))return a[c+1];return g()}function M(a){for(var b=B,c=0;c<a.length;c+=2)b=[1,E(a[c],a[c+1]),b];return[3,Va,E(b)]}function Wa(a,b){for(var c=0;c<a.length;c+=2)b(a[c],a[c+1])}
function cb(a){a=A(a);if(!v(a))return!1;var b=A(a[1]);if(!n(b)||!p(b,Va))return!1;b=A(a[2]);if(!r(b)||!u(A(b[2])))return!1;a=[];for(b=A(b[1]);!u(b);){if(!r(b))return!1;var c=A(b[1]);b=A(b[2]);if(!r(c))return!1;var d=c[1];c=A(c[2]);if(!r(c))return!1;var e=c[1];if(!u(A(c[2])))return!1;c=!0;for(var f=0;f<a.length;f+=2)if(K(a[f],d)){a[f+1]=e;c=!1;break}c&&(a.push(d),a.push(e))}return a}
function db(a,b,c,d){var e=[],f=[];a=G(a);for(var h=!0;;){if(u(a))return d(f,e);if(m(a))f.push(a[1]),a=a[2];else if(r(a))e.push(a[1]),a=a[2];else if(H(a))if(h)h=!1,a=I(a);else return c();else return b()}}
function Oa(a,b,c){function d(){return[4,N,E(eb,E(Ma,E(M(a),e)))]}var e=I(b);return H(e)?c:r(e)?db(e,d,function(){return c},function(b,e){if(0!==b.length)throw"WIP";if(K(e[0],fb)){if(1===e.length)return d();for(var k=e[1],h=[],f=2;f<e.length;f++)h.push(e[f]);return[8,a,k,h]}if(K(e[0],gb)){if(1===e.length)return d();k=A([6,a,e[1]]);if(!v(k))return d();h=I(k[1]);if(H(h))return c;if(!n(h)||!p(h,O))return d();h=I(k[2]);if(H(h))return c;if(!r(h))return d();k=h[1];h=I(h[2]);if(H(h))return c;if(!u(h))return d();
h=[M(a)];for(f=2;f<e.length;f++)h.push(e[f]);return[9,k,h]}if(K(e[0],eb)){if(1===e.length)return d();k=e[1];h=[];for(f=2;f<e.length;f++)h.push([6,a,e[f]]);return[7,k,h]}k=[6,a,e[0]];h=[];for(f=1;f<e.length;f++)h.push([6,a,e[f]]);return[9,k,h]}):u(e)?e:n(e)||v(e)?Ta(a,e,d()):w(e)?d():g()}
function Ra(a,b,c){function d(){return[4,N,E(eb,E(La,E(a,C(b))))]}a=I(a);if(H(a))return c;if(!v(a))return d();c=A(a[1]);if(!n(c)||!p(c,P))return d();var e=A(a[2]);if(!r(e))return d();c=z(e[1]);e=A(e[2]);if(!r(e)||!u(A(e[2])))return d();e=e[1];for(var f=hb,h=0;!u(c);)if(n(c)||v(c)){for(var k=B,x=b.length-1;x>=h;x--)k=[1,b[x],k];f=Sa(f,c,k);h=b.length;c=B}else if(r(c))if(h<b.length)k=b[h],h++,f=Sa(f,c[1],k),c=c[2];else return d();else return d();return b.length!==h?d():[6,f,e]}
function Qa(a,b,c){function d(){return[4,N,E(eb,E(a,C(b)))]}for(var e=0;e<ib.length;e++){var f=ib[e];if(K(a,f[0])){if(b.length!==f[1])break;return 1===f[1]?f[2](b[0],d,c):2===f[1]?f[2](b[0],b[1],d,c):3===f[1]?f[2](b[0],b[1],b[2],d,c):g()}}return d()}function Pa(a,b,c){function d(){return[4,N,E(fb,E(M(a),b,C(c)))]}return K(b,jb)?1!==c.length?d():c[0]:K(b,kb)?2!==c.length?d():lb(a,c[0],c[1],d):K(b,mb)?2!==c.length?d():[11,c[0],[6,a,c[1]]]:d()}
function lb(a,b,c,d){b=z(b);for(var e=[],f=!1,h=b;!u(h);)if(n(h)||v(h))e.push(h),f=!0,h=B;else if(r(h))e.push(h[1]),h=h[2];else return d();h=f?C(e):b;var k=[];Wa(a,function(a){for(var b=0;b<e.length;b++)if(K(e[b],a))return;k.push(a)});d=h;for(f=k.length-1;0<=f;f--)d=[1,k[f],d];for(f=k.length-1;0<=f;f--)h=ca(E(fb,jb,Ua(a,k[f])),h);return[3,P,E(b,[1,E(fb,jb,[3,P,E(d,c)]),h])]}
function K(a,b){function c(a,b,c,h){return K(c(a),c(b))&&K(h(a),h(b))?(q(a,b),!0):!1}if(a===b)return!0;a=A(a);b=A(b);if(a===b)return!0;if(u(a)){if(!u(b))return!1;q(a,b);return!0}return n(a)?n(b)?p(a,b):!1:r(a)?r(b)?c(a,b,t,da):!1:w(a)?w(b)?c(a,b,la,ma):!1:v(a)?v(b)?c(a,b,fa,ia):!1:g()}
function Q(a,b){function c(a,b,c,h){return Q(c(a),c(b))&&Q(h(a),h(b))?(q(a,b),!0):!1}if(a===b)return!0;a=G(a);b=G(b);if(a===b)return!0;if(u(a)){if(!u(b))return!1;q(a,B);q(b,B);return!0}return n(a)?n(b)?p(a,b):!1:r(a)?r(b)?c(a,b,t,da):!1:w(a)?w(b)?c(a,b,la,ma):!1:v(a)?v(b)?c(a,b,fa,ia):!1:va(a)?!1:g()}
function J(a){a=G(a);var b;if(u(a))return"()";if(r(a)){var c="(";for(b="";r(a);)c+=b+J(a[1]),b=" ",a=G(a[2]);return u(a)?c+")":c+(" . "+J(a)+")")}return v(a)?"#"+J([1,a[1],a[2]]):w(a)?"!"+J([1,a[1],a[2]]):n(a)?a[1]:m(a)?";("+J(a[1])+" "+J(a[2])+")":6===a[0]?"$("+J(M(a[1]))+" "+J(a[2])+")":7===a[0]?"%("+J(a[1])+" "+J(C(a[2]))+")":8===a[0]?"@("+J(M(a[1]))+" "+J(a[2])+" "+J(C(a[3]))+")":9===a[0]?"^("+J(a[1])+" "+J(C(a[2]))+")":g()}
function nb(a){function b(){return Xa.length===oa}function c(){!b()||g();var a=Xa[oa];oa++;return a}function d(a){Xa[oa-1]===a||g();oa--}function e(a){void 0===a&&(a="");throw"TheLanguage parse ERROR!"+a;}function f(a){return" "===a||"\n"===a||"\t"===a||"\r"===a}function h(){if(b())return!1;var a=c();if(!f(a))return d(a),!1;for(;f(a)&&!b();)a=c();f(a)||d(a);return!0}function k(){if(b())return!1;var a=c(),e="";if(!Y(a))return d(a),!1;for(;Y(a)&&!b();)e+=a,a=c();Y(a)?e+=a:d(a);return[0,e]}function x(){if(b())return!1;
var a=c();if("("!==a)return d(a),!1;for(var f=[10],k=f;;){h();if(b())return e();a=c();if(")"===a)return ta(f,B),k;if("."===a){h();a=ha();ta(f,a);h();if(b())return e();a=c();return")"!==a?e():k}d(a);a=ha();var x=[10];ta(f,[1,a,x]);f=x}}function l(){if(b())return!1;var a=c();if("#"!==a)return d(a),!1;a=x();return!1!==a&&r(a)?[3,a[1],a[2]]:e()}function F(){if(b())return!1;var a=c();if("!"!==a)return d(a),!1;a=x();return!1!==a&&r(a)?[4,a[1],a[2]]:e()}function X(a,h){return function(){if(b())return!1;
var f=c();if(f!==a)return d(f),!1;f=x();if(!1===f||!r(f))return e();var k=f[2];return r(k)&&u(k[2])?h(f[1],k[1]):e()}}function Y(a){if(f(a))return!1;for(var b=0,c="()!#.$%^@~/->_:?[]&;".split("");b<c.length;b++)if(c[b]===a)return!1;return!0}function ha(){h();for(var a=0,b=[x,Kb,l,F,Ya,Za,$a,ab,bb];a<b.length;a++){var c=(0,b[a])();if(!1!==c)return c}return e()}function xa(a){return!1===a?e():a}function ka(a){xa(!b());xa(c()===a)}function L(a){function b(){ka("[");var a=L();ka("]");return a}void 0===
a&&(a=!1);var c=0;for(a=a?[x,k,b,l,F,Ya,Za,$a,ab,bb]:[x,qb,l,F,Ya,Za,$a,ab,bb];c<a.length;c++){var d=(0,a[c])();if(!1!==d)return d}return e()}function rb(a){if(b())return a;var e=c();if("."===e)return e=L(),E(R,E(P,E(a),S),e);if(":"===e)return e=L(),E(R,e,a);if("~"===e)return E(T,a);if("@"===e)return e=L(),E(R,E(P,[1,a,S],S),e);if("?"===e)return E(R,P,E(T,a));if("/"===e){for(a=[a];;){e=L(!0);a.push(e);if(b())break;e=c();if("/"!==e){d(e);break}}return E(ob,C(a))}d(e);return a}function qb(){if(b())return!1;
var a=c();if("&"===a){xa(!b());a=c();if("+"===a)return a=L(),E(O,E(N,a));d(a);a=L();return E(O,a)}if(":"===a){xa(!b());a=c();if("&"===a)return ka(">"),a=L(),E(R,E(O,E(P,S,a)),U);if(">"===a)return a=L(),E(R,E(P,S,a),U);d(a);a=L();return E(R,a,U)}if("+"===a)return a=L(),E(N,a);if("["===a)return a=L(),ka("]"),rb(a);if("_"===a)return ka(":"),a=L(),E(R,a,S);d(a);a=k();return!1===a?!1:rb(a)}function Kb(){var a=qb();return!1===a?!1:n(a)?a:[3,V,[1,N,[1,a,B]]]}var Xa=a,oa=0,Ya=X("$",function(a,b){var c=cb(a);
return!1===c?e():[6,c,b]}),Za=X("%",function(a,b){var c=ua(b,function(a){return a},function(){return e()});return[7,a,c]}),$a=function(a,h){return function(){if(b())return!1;var f=c();if(f!==a)return d(f),!1;f=x();if(!1===f||!r(f))return e();var k=f[2];if(!r(k))return e();var l=k[2];return r(l)&&u(l[2])?h(f[1],k[1],l[1]):e()}}("@",function(a,b,c){c=ua(c,function(a){return a},function(){return e()});a=cb(a);return!1===a?e():[8,a,b,c]}),ab=X("^",function(a,b){var c=ua(b,function(a){return a},function(){return e()});
return[9,a,c]}),bb=X(";",function(a,b){return[11,a,b]});return ha()}
function W(a){function b(a,c){function e(a){return c?"["+a+"]":a}if(n(a))return a[1];var d=D(a);if(!1!==d&&3===d.length&&Q(d[0],R)){var f=D(d[1]);if(!1!==f&&3===f.length&&Q(f[0],P)){var l=f[1],F=D(l);if(!1!==F&&1===F.length&&Q(f[2],S))return e(b(F[0],!0)+"."+b(d[2],!0));if(r(l)&&Q(l[2],S)&&Q(f[2],S))return e(b(l[1],!0)+"@"+b(d[2],!0));if(Q(l,S)&&Q(d[2],U))return e(":>"+b(f[2],!0))}l=D(d[2]);if(Q(d[1],P)&&!1!==l&&2===l.length&&Q(l[0],T))return e(b(l[1],!0)+"?");if(!1!==f&&2===f.length&&Q(d[2],U)&&
Q(f[0],O)&&(f=D(f[1]),!1!==f&&3===f.length&&Q(f[0],P)&&Q(f[1],S)))return e(":&>"+b(f[2],!0));f=void 0;f=Q(d[2],S)?"_":Q(d[2],U)?"":b(d[2],!0);return e(f+":"+b(d[1],!0))}if(!1!==d&&2===d.length){if(Q(d[0],O))return f=D(d[1]),!1!==f&&2===f.length&&Q(f[0],N)?e("&+"+b(f[1],!0)):e("&"+b(d[1],!0));if(Q(d[0],T))return e(b(d[1],!0)+"~");if(Q(d[0],N))return e("+"+b(d[1],!0));if(Q(d[0],ob)&&(d=D(d[1]),!1!==d&&1<d.length)){f=b(d[0],!0);for(l=1;l<d.length;l++)f+="/"+b(d[l],!0);return e(f)}}return c?J(a):J([3,
V,[1,N,[1,a,B]]])}a=nb(J(a));var c="",d="";if(u(a))return"()";if(r(a)){c="(";for(d="";r(a);)c+=d+W(a[1]),d=" ",a=a[2];return c=u(a)?c+")":c+(" . "+W(a)+")")}return v(a)?(c=a[1],a=a[2],d=D(a),!1!==d&&2===d.length&&Q(c,V)&&Q(d[0],N)?b(d[1],!1):"#"+W([1,c,a])):w(a)?"!"+W([1,a[1],a[2]]):n(a)?a[1]:m(a)?";("+W(a[1])+" "+W(a[2])+")":6===a[0]?"$("+W(M(a[1]))+" "+W(a[2])+")":7===a[0]?"%("+W(a[1])+" "+W(C(a[2]))+")":8===a[0]?"@("+W(M(a[1]))+" "+W(a[2])+" "+W(C(a[3]))+")":9===a[0]?"^("+W(a[1])+" "+W(C(a[2]))+
")":g()}function pb(a){return function(){return[!1,a]}}function sb(a){return function(){return[!0,a()]}}function tb(a){for(a=a();a[0];)a=a[1]();return a[1]}
function ub(a,b,c,d,e){void 0===e&&(e=!1);c=A(c);if(v(c)){var f=c[1],h=c[2];if(K(f,vb)){if(h=A(h),r(h)&&(f=h[1],h=A(h[2]),u(h))){if(!1===e){var k=f;f=function(){return a(k,d)}}else{var x=f;f=function(){return ub(a,b,[9,e,x],d)}}return sb(f)}}else if(K(f,wb)&&(h=A(h),r(h)&&(f=h[1],h=A(h[2]),r(h)))){var l=h[1];h=A(h[2]);if(u(h)){if(!1===e){var F=f;f=function(){return ub(a,b,F,d,l)}}else f=function(){throw"WIP";};return sb(f)}}}return!1===e?sb(function(){return b(c,d,a)}):sb(function(){return b(c,d,
function(c,d){return sb(function(){return ub(a,b,qa(e,[c]),d)})})})}function xb(a,b,c){c=I(c);return H(c)?y(a,[c]):b(c)?yb:Z}function zb(a,b,c,d,e){d=I(d);return H(d)?y(a,[d]):b(d)?c(d):e()}
var B=[2],N=[0,"\u592a\u59cb\u521d\u6838"],S=[0,"\u7701\u7565\u4e00\u7269"],ya=[4,N,[1,[0,"\u5b87\u5b99\u4ea1\u77e3"],[1,S,B]]],V=[0,"\u7b26\u540d"],O=[0,"\u5f0f\u5f62"],P=[0,"\u5316\u6ec5"],eb=[3,V,[1,N,[1,[1,O,[1,[1,N,[1,P,B]],B]],B]]],R=[0,"\u4e00\u985e\u4f55\u7269"],Ma=[3,V,[1,N,[1,[1,R,[1,P,[1,[0,"\u89e3\u7b97"],B]]],B]]],Va=[0,"\u6620\u8868"],fb=[3,V,[1,N,[1,[1,O,[1,[1,N,[1,O,B]],B]],B]]],gb=[3,V,[1,N,[1,[1,O,[1,O,B]],B]]],jb=[3,V,[1,N,[1,[1,R,[1,O,[1,[0,"\u5f15\u7528"],B]]],B]]],U=[0,"\u7279\u5b9a\u5176\u7269"],
kb=[3,V,[1,N,[1,[1,R,[1,[1,O,[1,[1,P,[1,S,[1,P,B]]],B]],[1,U,B]]],B]]],Ab=[0,"\u8a3b\u758f"],mb=[3,V,[1,N,[1,[1,R,[1,O,[1,Ab,B]]],B]]],T=[0,"\u662f\u975e"],Bb=[0,"\u69cb\u7269"],Ba=[3,V,[1,N,[1,[1,R,[1,P,[1,[1,T,[1,[1,R,[1,Bb,[1,S,B]]],B]],B]]],B]]],Cb=[0,"\u723b\u967d"],yb=[3,Cb,B],Db=[0,"\u723b\u9670"],Z=[3,Db,B],za=[3,V,[1,N,[1,[1,R,[1,[1,P,[1,[1,Bb,B],[1,S,B]]],[1,V,B]]],B]]],Eb=[0,"\u5217\u5e8f"],Aa=[3,V,[1,N,[1,[1,R,[1,[1,P,[1,[1,Bb,B],[1,S,B]]],[1,Eb,B]]],B]]],Fb=[0,"\u8b2c\u8aa4"],Ea=[3,V,
[1,N,[1,[1,R,[1,P,[1,[1,T,[1,[1,R,[1,Fb,[1,S,B]]],B]],B]]],B]]],Ca=[3,V,[1,N,[1,[1,R,[1,[1,P,[1,[1,Fb,B],[1,S,B]]],[1,V,B]]],B]]],Da=[3,V,[1,N,[1,[1,R,[1,[1,P,[1,[1,Fb,B],[1,S,B]]],[1,Eb,B]]],B]]],Ja=[3,V,[1,N,[1,[1,R,[1,P,[1,[1,T,[1,[1,R,[1,[0,"\u9593\u7a7a"],[1,S,B]]],B]],B]]],B]]],Gb=[0,"\u9023\u9838"],Fa=[3,V,[1,N,[1,[1,R,[1,P,[1,[1,T,[1,[1,R,[1,Gb,[1,S,B]]],B]],B]]],B]]],Ga=[3,V,[1,N,[1,[1,R,[1,[1,P,[1,[1,Gb,B],[1,S,B]]],[1,[0,"\u9996\u59cb"],B]]],B]]],Ha=[3,V,[1,N,[1,[1,R,[1,[1,P,[1,[1,Gb,B],
[1,S,B]]],[1,[0,"\u5c3e\u672b"],B]]],B]]],Ka=[3,V,[1,N,[1,[1,R,[1,P,[1,[1,T,[1,[0,"\u7b49\u540c"],B]],B]]],B]]],Na=[3,V,[1,N,[1,[1,R,[1,P,[1,[0,"\u5982\u82e5"],B]]],B]]],La=[3,V,[1,N,[1,[1,R,[1,[1,P,[1,[1,P,S],[1,S,B]]],[1,[0,"\u61c9\u7528"],B]]],B]]],Ia=[3,V,[1,N,[1,[1,R,[1,P,[1,[1,T,[1,[1,R,[1,[0,"\u8a5e\u7d20"],[1,S,B]]],B]],B]]],B]]],Hb=[0,"\u4e4b\u7269"],Ib=[3,V,[1,N,[1,[1,R,[1,[1,P,[1,[1,Eb,B],[1,S,B]]],[1,[1,R,[1,Hb,[1,S,B]]],B]]],B]]],ib=[[Ba,1,function(a){return xb.call(this,Ba,v,a)}],[[3,
V,[1,N,[1,[1,R,[1,[1,P,[1,S,[1,Bb,B]]],[1,U,B]]],B]]],2,ea],[za,1,function(a,b){return zb.call(this,za,v,fa,a,b)}],[Aa,1,function(a,b){return zb.call(this,Aa,v,ia,a,b)}],[Ea,1,function(a){return xb.call(this,Ea,w,a)}],[[3,V,[1,N,[1,[1,R,[1,[1,P,[1,S,[1,Fb,B]]],[1,U,B]]],B]]],2,ja],[Ca,1,function(a,b){return zb.call(this,Ca,w,la,a,b)}],[Da,1,function(a,b){return zb.call(this,Da,w,ma,a,b)}],[Ja,1,function(a){return xb.call(this,Ja,u,a)}],[[3,V,[1,N,[1,[1,R,[1,[1,P,[1,S,[1,Gb,B]]],[1,U,B]]],B]]],2,ca],
[Fa,1,function(a){return xb.call(this,Fa,r,a)}],[Ga,1,function(a,b){return zb.call(this,Ga,r,t,a,b)}],[Ha,1,function(a,b){return zb.call(this,Ha,r,da,a,b)}],[Ka,2,function(a,b){function c(a,b,c,h){c=y(Ka,[c(a),c(b)]);a=y(Ka,[h(a),h(b)]);return y(Na,[c,a,Z])}if(a===b)return yb;a=I(a);b=I(b);if(H(a)||H(b))return y(Ka,[a,b]);if(a===b)return yb;!H(a)||g();return u(a)?u(a)?yb:Z:n(a)?n(b)?p(a,b)?yb:Z:Z:v(a)?v(b)?c(a,b,fa,ia):Z:r(a)?r(b)?c(a,b,t,da):Z:w(a)?w(b)?c(a,b,la,ma):Z:g()}],[La,2,function(a,b,c){var d=
[];for(b=A(b);r(b);)d.push(b[1]),b=A(b[2]);return u(b)?[9,a,d]:c()}],[Ma,2,function(a,b,c){a=cb(a);return!1===a?c():[6,a,b]}],[Ia,1,function(a){return xb.call(this,Ia,n,a)}],[Ib,1,function(a,b){a=I(a);return H(a)?y(Ib,[a]):r(a)?a[1]:b()}],[Na,3,function(a,b,c,d){a=I(a);if(H(a))return y(Na,[a,b,c]);if(!v(a))return d();a=A(a[1]);return n(a)?p(a,Cb)?b:p(a,Db)?c:d():d()}],[[3,V,[1,N,[1,[1,R,[1,P,[1,Ab,B]]],B]]],2,aa]],hb=[],ob=[0,"\u5176\u5b50"],Jb=[0,"\u6548\u61c9"],vb=[3,V,[1,N,[1,[1,ob,[1,[1,Jb,[1,
[1,R,[1,Hb,[1,S,B]]],B]],B]],B]]],wb=[3,V,[1,N,[1,[1,ob,[1,[1,Jb,[1,Gb,B]],B]],B]]];
module.exports={new_comment:aa,comment_p:m,comment_comment:function(a){return a[1]},comment_x:function(a){return a[2]},un_comment_all:ba,atom_p:n,new_atom:function(a){return[0,a]},un_atom:function(a){return a[1]},atom_equal_p:p,new_construction:ca,construction_p:r,construction_head:t,construction_tail:da,null_v:B,null_p:u,new_data:ea,data_p:v,data_name:fa,data_list:ia,new_error:ja,error_p:w,error_name:la,error_list:ma,just_p:na,evaluate:function(a,b){return[6,a,b]},apply:qa,force_all_rec:z,force_uncomment_all_rec:ra,
jsArray_to_list:C,maybe_list_to_jsArray:D,new_list:E,un_just_all:G,un_just_comment_all:function(a){for(;na(a)||m(a);)a=G(ba(a));return a},delay_p:va,delay_just_p:H,delay_env:function(a){return wa(a)[1]},delay_x:function(a){return wa(a)[2]},force1:I,force_all:function(a){return A(a)},force_uncomment_all:sa,force_uncomment1:function(a){return m(a)?a[2]:I(a)},env_null_v:hb,env_set:Sa,env_get:Ta,env2val:M,env_foreach:Wa,val2env:cb,equal_p:K,simple_print:J,complex_parse:nb,complex_print:W,machinetext_parse:function(a){function b(a){void 0===
a&&(a="");throw"MT parse ERROR "+a;}function c(a){if(!a)return b()}function d(){c(0!==f);f--;return a[f]}function e(a){var c=h.pop(),d=h.pop();return void 0===d||void 0===c?b():h.unshift(a(d,c))}for(var f=a.length,h=[];0!==f;){var k=d();if("^"===k){for(k="";;){var x=d();if("^"===x)break;k=x+k}h.unshift([0,k])}else if("."===k)e(ca);else if("#"===k)e(ea);else if("!"===k)e(ja);else if("$"===k)e(function(a,c){var d=cb(a);return!1===d?b():[6,d,c]});else if("_"===k)h.unshift(B);else return b()}c(0===f);
c(1===h.length);return h[0]},machinetext_print:function(a){function b(){for(var a=[],b=0,h=c;b<h.length;b++){var k=h[b];k=G(k);var x=function(b,c,e,f){d+=c;return a.push(e(b),f(b))};if(n(k))d+="^"+k[1]+"^";else if(r(k))x(k,".",t,da);else if(u(k))d+="_";else if(v(k))x(k,"#",fa,ia);else if(w(k))x(k,"!",la,ma);else if(va(k))k=wa(k),x(k,"$",function(a){return M(a[1])},pa);else return{value:g()}}c=a}for(var c=[a],d="";0!==c.length;)if(a=b(),"object"===typeof a)return a.value;return d},Trampoline:function(){},
trampoline_return:pb,trampoline_delay:sb,run_trampoline:tb,return_effect_systemName:vb,bind_effect_systemName:wb,new_effect_bind:function(a,b){return[3,wb,E(a,b)]},new_effect_return:function(a){return[3,vb,a]},run_monad_trampoline:function(a,b,c,d){return ub(a,b,c,d)},run_monad_stackoverflow:function(a,b,c,d){return tb(ub(function(b,c){return pb(a(b,c))},function(a,c,d){return pb(b(a,c,function(a,b){return tb(d(a,b))}))},c,d))}};

Please Don't Ignore Comments

So many bad payloads hide in comments , when you try to deobfuscate and analyse if there is alot of payload in comments JStillery put errors or sometimes completely ignore them
It would be nice to have an option to keep comments intact

For example :

var malicious_payload = (function () {/*
Bad code can be here
Must of the time they hide in 1000 comments each containing a single character
They get extracted and run using custom methods
*/}).toString().match(/[^]*\/\*([^]*)\*\/\}$/)[1];

alert(malicious_payload);

I saw a clever one he had this between code
/*! jQuery v3.4.1 | (c) JS Foundation and other contributors | jquery.org/license */
used a custom method to create a URL from jquery comment and load another payload
I was scratching my head for a long hour cause I couldn't find whats happening
To be fair it was hiding inside a asm which was getting converted to wasm and had 10 layers of crap and virtual dom all over the place

Anyway it would be nice if you keep the comment in, our detect such behavior

TypeError: Cannot read property 'push' of undefined

sample file:

project.f6eb1.js.txt

error screenshot:

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.