Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error when deobfuscating some files #94

Open
VendorAttestation opened this issue Jun 13, 2024 · 2 comments
Open

Error when deobfuscating some files #94

VendorAttestation opened this issue Jun 13, 2024 · 2 comments
Labels
bug Something isn't working deobfuscate

Comments

@VendorAttestation
Copy link

Describe the bug

Error when deobfuscating some files

It seems to work sometimes.

Expected Behaviour

Deobfuscate

Code

https://paste.dmca.sh/otanidegow.md

Logs

Error: Cannot read properties of undefined (reading 'charAt')
@VendorAttestation VendorAttestation added the bug Something isn't working label Jun 13, 2024
@j4k0xb
Copy link
Owner

j4k0xb commented Jun 14, 2024

Bug happens when deobfuscating function wrappers: https://github.com/javascript-obfuscator/javascript-obfuscator#stringarraywrapperstype
It inlines the function arguments, but u = u - -772 is ignored and leads to a wrong number

function bF(n, t, r, u, e) {
  return __DECODE_0__(u - -629, r);
}
function e(n, t, r, u, e) {
  return bF(e - 269, (u = u - -772) - 79, e, u - 649, e - 410 - 54);
}

// should be replaced with __DECODE_0__(1046, 501); which returns 'tempBans'
// but is __DECODE_0__(274, 501); and errors
e(0, 0, 0, 294, 501);

Sometimes it even reassigns normal code variables/parameters so I think the script was generated with a custom obfuscator fork:

function hasPermissionOrRole(u, n, t) {
  return n[bG(474, -94, n = -540, 672, n - 401)](n => {

Gonna be hard to fix...

@youdie323323
Copy link

Same here, when I try to deobfuscate https://abs.twimg.com/responsive-web/client-web/ondemand.s.453854fa.js, it throws this error:

Error: Cannot read properties of undefined (reading 'charAt')

So i decided to run terser (https://try.terser.org/) then deobfuscate. this works, but it doesnt fully deobfuscate the script.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working deobfuscate
Projects
None yet
Development

No branches or pull requests

3 participants