8
votes
Accepted
How can I deobfuscate this javascript code
The special "accent" letters are just a distraction. You can use a text-editor to replace them with "standard" letters and the code would still work.
Let's add a newline after each semicolon:
É=-~-~[]...
- 579
7
votes
Accepted
How can I modify or decompile Hermes JS bytecode?
My friend made this tool: hbctool, a Hermes bytecode disassembler/assembler.
This will help you disassemble the file into a more readable format (similar to hbcdump), so you can modify and re-assemble ...
- 86
5
votes
Accepted
Obfuscated code analysis - can unused variables be ignored?
This might be true that those variables are added only to confuse analysis but remember that in Javascript there are so many ways to access the variable that I would take such info from an automated ...
- 4,952
5
votes
Analyzing highly obfuscated JavaScript
In addition to the other useful links here, I recommend to try Malware-Jail
Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. Written for Node.js
malware-...
- 193
4
votes
How to copy video address from tweet?
I could not quite track how exactly it's done but youtube-dl can do it. Run it with -v or -g to see the final video URL:
C:\Work>C:\Python27\Scripts\youtube-dl.exe -v https://twitter.com/starwars/...
- 37k
4
votes
Accepted
IDA Pro Alternative for JavaScript?
Have a look at https://github.com/scottrogowski/code2flow for generating callgraphs.
Turn your Python and Javascript source code into DOT flowcharts
Code2flow will sweep through your project ...
- 7,602
4
votes
Accepted
reverse javascript crackme encryption method algorithm
To extend on EWD-0- about the reversibility of RC4 here's how I tried it:
From your actual code and reversing it a little to get "input128" encoded:
arr = [99, 116, 115, 37, 16, 120, 211, 90, 197, ...
- 156
3
votes
Accepted
Is deobfuscation of my javascript code hard or easy?
Resolved.
generally nothing in js is impossible to reverse
in this case the 'alert' string in plain text give me a big help, because I simply started to resolve function value one step back at time.
...
- 183
3
votes
Accepted
Is it possible to completely reverse this code?
Having such code the first thing to do is to analyze what part is the obfuscation algorithm and what's the actual code. Here' it's not that difficult as all the code is on top. So let's analyze it ...
- 4,952
3
votes
Accepted
How decrypt hexadecimal javascript code?
Those hex values could represent anything. Look for online converters that convert hexadecimal to text (consider various formats), dec, etc. and see if the results make any sense. If not, then they ...
- 2,254
2
votes
Frida manipulating arguments - Android
If I understand your question correctly, you want to change the parameter, v, inside the inner function. Right?
If that's the case, you would already have access to the v argument inside your inner ...
- 121
2
votes
would be possible to deobfuscate javascript code?
All the strings you see \x41\x42\x43 are nothing but normal chars encoded as hex of their ascii values. You can decode them as follows:
>>> "\x41\x42\x43".decode("utf-8")
u'ABC'
by trying ...
- 21
2
votes
Accepted
Is v8's --print-bytecode safe?
--print-bytecode is not safe.
echo "process.exit(42)" > test.js
node --print-bytecode ./test.js
It exists with status_code = 42. So that code is getting executed. It is not safe.
- 1,789
2
votes
Try to deobfuscate multi layered javascript
You could try using de4js. For the javascript snippet in the original post, de4js produces the following output:
var _0x2815 = ["3 1(){2 0=5;4 0}", "|", "split", "x|myFunction|var|function|return|", "...
- 21
2
votes
How do I decode this JavaScript code?
You can use this tool to partial deobfuscate that code: http://jsnice.org/
In that case I get this:
'use strict';
(function(data, i) {
/**
* @param {number} isLE
* @return {undefined}
*/
...
2
votes
Accepted
Load a *.dylib or *.so object into the Javascript V8 runtime?
I was misinterpreting the context of the comment in the original link, it seems. I was under the impression that Module.load was a v8-ism, while it in fact appears to be a Frida-API.
https://frida.re/...
- 183
2
votes
How can I modify or decompile Hermes JS bytecode?
Refer below link someone added support for version 84 in his forked repo
hbc-v84
- 21
2
votes
Decompiling an executable compiled by vercel/pkg
The vercel/pkg tool takes javascript (node.js) code, compiles it into v8 bytecode and wraps it in an executable code that matches the platform.
As the Github page of the pkg-unpacker tool states:
...
- 1,382
2
votes
Accepted
HTML/JS app - getting a reference to an element which is not part of the DOM
Look for any requests to document.createElement or document.createElementNS in the code that may be creating and appending the <video> element to the DOM. You might be able to locate the <...
- 181
2
votes
Tools to hook browser's Javascript function implementations
If you have access to the DevTools console and you're able to make the call to encrypt happen whenever you want after the page loads, then you could just redefine the encrypt method to log what's ...
- 2,254
2
votes
Deobfuscating big files
Many of the online js deobfuscators are actually open source like d4js and deobfuscator.io. They also have instructions on how to run them locally, thus the runtime will depend on your resources and ...
- 141
1
vote
automatically find the object "this" refers to in js
There's a great resource on W3Schools.
In summary:
It (this) has different values depending on where it is used:
In a method, this refers to the owner object.
Alone, this refers to the global object....
- 878
1
vote
What browser do during initial web page request?
There are two major differences between a web page loaded via web browser and via script:
While loading the web page a web browser also loads linked resources like scripts, images, css files, ... ...
- 1,243
1
vote
Reverse Engineering Javascript - Out of Memory
Based on the "deobfuscated" output posted by @Supreme, the code appears to be encoding very basic information about the click event when the user clicks on a video's play button. Here it is ...
- 362
1
vote
De-obfuscate JS code
I know you probably have figured this out... but the JavaScript Beautifier worked perfectly when I used it.
- 105
1
vote
What's wrong with my mitm to support rr commands with gdbserver on IDA?
It turned out IDA sends first sends vCont;c and then vCont;s:1 for some weird reason in that particular instance. I fixed my mitm :
const net=require("net")
const process = require('process');
net....
- 505
1
vote
Decrypt config.bin file from Huawei B5328 router. I have source files
Unfortunately, knowledge of JS probably isn't going to help. The HTML passes along the uploaded file to the cgi-bin/maintenance.cgi file which is a compiled ARM BE8 binary that's a bit more work to ...
- 171
1
vote
De-obfuscating code ran through JScrambler 3x via Eval() functions
If I'm not mistaken, jscrambler has built-in capabilities against de-obfuscators. If you look at their docs you'll see that they were already doing this at version 3. Since they are an enterprise tool ...
- 11
1
vote
WebSocket debugging in Javascript app gives "401 Unauthorized"
Ok, I figured it out. The websocket-client library I use for python writes its own Origin header by default and I was ending up with two Origin headers, which may have been tipping off the server.
I ...
- 21
1
vote
How do you un-obfuscate JS code that is evaluating your browser environment?
Start from making JS code more readable using some JS beautifier, there are online tools for that too: https://beautifier.io
Then start debugging it in some JS IDE, or just in Chrome developer tools ...
- 1,870
Only top scored, non community-wiki answers of a minimum length are eligible