restringer - npm Package Compare versions

Comparing version 1.10.0 to 1.10.1

package.json

 {
   "name": "restringer",
-  "version": "1.10.0",
+  "version": "1.10.1",
   "description": "Deobfuscate Javascript with emphasis on reconstructing strings",
@@ -5,0 +5,0 @@ "main": "index.js",

README.md

@@ -119,2 +119,25 @@ # Restringer
 
+You can also customize any deobfuscation method while still using REstringer without running the loop yourself:
+```javascript
+const fs = require('node:fs');
+const {REstringer} = require('restringer');
+
+const inputFilename = process.argv[2];
+const code = fs.readFileSync(inputFilename, 'utf-8');
+const res = new REstringer(code);
+
+// res.logger.setLogLevel(res.logger.logLevels.DEBUG);
+res.detectObfuscationType = false;  // Skip obfuscation type detection, including any pre and post processors
+
+const targetFunc = res.unsafeMethods.find(m => m.name === 'resolveLocalCalls');
+let changes = 0;		// Resolve only the first 5 calls
+res.safeMethods[res.unsafeMethods.indexOf(targetFunc)] = function customResolveLocalCalls(n) {return targetFunc(n, () => changes++ < 5)}
+
+res.deobfuscate();
+
+if (res.script !== code) {
+  console.log('[+] Deob successful');
+  fs.writeFileSync(`${inputFilename}-deob.js`, res.script, 'utf-8');
+} else console.log('[-] Nothing deobfuscated :/');
+```
 ***
@@ -121,0 +144,0 @@

src/restringer.js

@@ -11,45 +11,4 @@ #!/usr/bin/env node
 	},
-	safe: {
-		resolveProxyCalls,
-		normalizeEmptyStatements,
-		removeRedundantBlockStatements,
-		removeDeadNodes,
-		resolveRedundantLogicalExpressions,
-		resolveMemberExpressionReferencesToArrayIndex,
-		resolveMemberExpressionsWithDirectAssignment,
-		parseTemplateLiteralsIntoStringLiterals,
-		resolveDeterministicIfStatements,
-		unwrapFunctionShells,
-		replaceFunctionShellsWithWrappedValue,
-		replaceFunctionShellsWithWrappedValueIIFE,
-		replaceCallExpressionsWithUnwrappedIdentifier,
-		replaceEvalCallsWithLiteralContent,
-		replaceIdentifierWithFixedAssignedValue,
-		replaceIdentifierWithFixedValueNotAssignedAtDeclaration,
-		replaceNewFuncCallsWithLiteralContent,
-		replaceBooleanExpressionsWithIf,
-		replaceSequencesWithExpressions,
-		resolveFunctionConstructorCalls,
-		resolveProxyVariables,
-		resolveProxyReferences,
-		rearrangeSequences,
-		simplifyCalls,
-		simplifyIfStatements,
-		rearrangeSwitches,
-		unwrapIIFEs,
-		unwrapSimpleOperations,
-		separateChainedDeclarators,
-	},
-	unsafe: {
-		resolveMinimalAlphabet,
-		resolveDefiniteBinaryExpressions,
-		resolveAugmentedFunctionWrappedArrayReplacements,
-		resolveMemberExpressionsLocalReferences,
-		resolveDefiniteMemberExpressions,
-		resolveLocalCalls,
-		resolveBuiltinCalls,
-		resolveDeterministicConditionalExpressions,
-		resolveInjectedPrototypeMethodCalls,
-		resolveEvalCallsOnNonLiterals,
-	},
+	safe,
+	unsafe,
 	config: {
@@ -79,2 +38,47 @@ setGlobalMaxIterations,
 		this.logger.setLogLevel(logger.logLevels.LOG);    // Default log level
+		this.detectObfuscationType = true;
+		// Deobfuscation methods that don't use eval
+		this.safeMethods = [
+			safe.rearrangeSequences,
+			safe.separateChainedDeclarators,
+			safe.rearrangeSwitches,
+			safe.normalizeEmptyStatements,
+			safe.removeRedundantBlockStatements,
+			safe.resolveRedundantLogicalExpressions,
+			safe.unwrapSimpleOperations,
+			safe.resolveProxyCalls,
+			safe.resolveProxyVariables,
+			safe.resolveProxyReferences,
+			safe.resolveMemberExpressionReferencesToArrayIndex,
+			safe.resolveMemberExpressionsWithDirectAssignment,
+			safe.parseTemplateLiteralsIntoStringLiterals,
+			safe.resolveDeterministicIfStatements,
+			safe.replaceCallExpressionsWithUnwrappedIdentifier,
+			safe.replaceEvalCallsWithLiteralContent,
+			safe.replaceIdentifierWithFixedAssignedValue,
+			safe.replaceIdentifierWithFixedValueNotAssignedAtDeclaration,
+			safe.replaceNewFuncCallsWithLiteralContent,
+			safe.replaceBooleanExpressionsWithIf,
+			safe.replaceSequencesWithExpressions,
+			safe.resolveFunctionConstructorCalls,
+			safe.replaceFunctionShellsWithWrappedValue,
+			safe.replaceFunctionShellsWithWrappedValueIIFE,
+			safe.simplifyCalls,
+			safe.unwrapFunctionShells,
+			safe.unwrapIIFEs,
+			safe.simplifyIfStatements,
+		];
+		// Deobfuscation methods that use eval
+		this.unsafeMethods = [
+			unsafe.resolveMinimalAlphabet,
+			unsafe.resolveDefiniteBinaryExpressions,
+			unsafe.resolveAugmentedFunctionWrappedArrayReplacements,
+			unsafe.resolveMemberExpressionsLocalReferences,
+			unsafe.resolveDefiniteMemberExpressions,
+			unsafe.resolveBuiltinCalls,
+			unsafe.resolveDeterministicConditionalExpressions,
+			unsafe.resolveInjectedPrototypeMethodCalls,
+			unsafe.resolveLocalCalls,
+			unsafe.resolveEvalCallsOnNonLiterals,
+		];
 	}
@@ -98,56 +102,2 @@
 	/**
-	 * @return {Function[]} Deobfuscation methods that don't use eval
-	 */
-	_safeDeobfuscationMethods() {
-		return [
-			rearrangeSequences,
-			separateChainedDeclarators,
-			rearrangeSwitches,
-			normalizeEmptyStatements,
-			removeRedundantBlockStatements,
-			resolveRedundantLogicalExpressions,
-			unwrapSimpleOperations,
-			resolveProxyCalls,
-			resolveProxyVariables,
-			resolveProxyReferences,
-			resolveMemberExpressionReferencesToArrayIndex,
-			resolveMemberExpressionsWithDirectAssignment,
-			parseTemplateLiteralsIntoStringLiterals,
-			resolveDeterministicIfStatements,
-			replaceCallExpressionsWithUnwrappedIdentifier,
-			replaceEvalCallsWithLiteralContent,
-			replaceIdentifierWithFixedAssignedValue,
-			replaceIdentifierWithFixedValueNotAssignedAtDeclaration,
-			replaceNewFuncCallsWithLiteralContent,
-			replaceBooleanExpressionsWithIf,
-			replaceSequencesWithExpressions,
-			resolveFunctionConstructorCalls,
-			replaceFunctionShellsWithWrappedValue,
-			replaceFunctionShellsWithWrappedValueIIFE,
-			simplifyCalls,
-			unwrapFunctionShells,
-			unwrapIIFEs,
-			simplifyIfStatements,
-		];
-	}
-
-	/**
-	 * @return {Function[]} Deobfuscation methods that use eval
-	 */
-	_unsafeDeobfuscationMethods() {
-		return [
-			resolveMinimalAlphabet,
-			resolveDefiniteBinaryExpressions,
-			resolveAugmentedFunctionWrappedArrayReplacements,
-			resolveMemberExpressionsLocalReferences,
-			resolveDefiniteMemberExpressions,
-			resolveBuiltinCalls,
-			resolveDeterministicConditionalExpressions,
-			resolveInjectedPrototypeMethodCalls,
-			resolveLocalCalls,
-			resolveEvalCallsOnNonLiterals,
-		];
-	}
-
-	/**
 	 * Make all changes which don't involve eval first in order to avoid running eval on probelmatic values
@@ -162,4 +112,4 @@ * which can only be detected once part of the script is deobfuscated. Once all the safe changes are made,
 			this.modified = false;
-			script = runLoop(this.script, this._safeDeobfuscationMethods());
-			script = runLoop(script, this._unsafeDeobfuscationMethods(), 1);
+			script = runLoop(this.script, this.safeMethods);
+			script = runLoop(script, this.unsafeMethods, 1);
 			if (this.script !== script) {
@@ -183,3 +133,3 @@ this.modified = true;
 	deobfuscate(clean = false) {
-		this.determineObfuscationType();
+		if (this.detectObfuscationType) this.determineObfuscationType();
 		this._runProcessors(this._preprocessors);
@@ -189,3 +139,3 @@ this._loopSafeAndUnsafeDeobfuscationMethods();
 		if (this.modified && this.normalize) this.script = normalizeScript(this.script);
-		if (clean) this.script = runLoop(this.script, [removeDeadNodes]);
+		if (clean) this.script = runLoop(this.script, [unsafe.removeDeadNodes]);
 		return this.modified;
@@ -192,0 +142,0 @@ }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Number of lines in readme file

150

increased by18.11%

Worsened metrics

Total package byte prevSize

672586

decreased by-0.03%

Lines of code

12086

decreased by-0.4%

No dependency changes