Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added JS unpacking #86

Merged
merged 5 commits into from
Sep 28, 2024
Merged

Added JS unpacking #86

merged 5 commits into from
Sep 28, 2024

Conversation

DatL4g
Copy link
Contributor

@DatL4g DatL4g commented Sep 24, 2024

dean.edwards.name/packer/ is a pretty commonly used Javascript tool to obfuscate code.

This can get pretty frustating when working with script data (since it even messes with strings unlike other obfuscator), so I added a method to unpack that code

@itboy87
Copy link
Collaborator

itboy87 commented Sep 25, 2024

@DatL4g thanks for your contribution. This may be helpful for someone. Could you please kindly add a unit test similar to HtmlParserTest.handlesCdataInScript, but using a packed DataNode and compare the results of both packed and unpacked data?

@DatL4g
Copy link
Contributor Author

DatL4g commented Sep 28, 2024

@itboy87 Sorry but I don't quite understand your Testing structure and requested addition.

I've added some DataNodeTest cases to detect packed scripts and resolve them.
Undetected scripts won't change anything and return their data as is.

Can you either elaborate a bit more what kind of test you want or add it yourself?

@itboy87
Copy link
Collaborator

itboy87 commented Sep 28, 2024

@itboy87 Sorry but I don't quite understand your Testing structure and requested addition.

I've added some DataNodeTest cases to detect packed scripts and resolve them.

Undetected scripts won't change anything and return their data as is.

Can you either elaborate a bit more what kind of test you want or add it yourself?

@DatL4g Never mind i will send you test code for it but can you please check my comments for some improvements

@DatL4g
Copy link
Contributor Author

DatL4g commented Sep 28, 2024

@itboy87 Do you have anything to review, or which comments do you mean?

Comparing the packed and unpacked result is not really possible as it scales with the data size.

  • The getWholeData() method is unchanged, meaning it's not taking longer to get.
  • The isPacked field will only return when it's getting called, so the object creation itself has no impact.
  • The getUnpackedData() method scales with the data size as mentioned, since the String gets matched with some regular expressions

@itboy87
Copy link
Collaborator

itboy87 commented Sep 28, 2024

@DatL4g sorry i forgot to submit them now you can see them

@itboy87
Copy link
Collaborator

itboy87 commented Sep 28, 2024

@DatL4g please also add this unit test:

        val packedJs = "eval(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String)){while(c--)r[c]=k[c]||c;k=[function(e){return r[e]}];e=function(){return'\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\\b'+e(c)+'\\\\b','g'),k[c]);return p}('0.1(\"2 3\")',4,4,'console|log|Hello|World'.split('|'),0,{}))"
        val packedScript = "<script type=\"text/javascript\">$packedJs</script>"
        val unpackedJs = "console.log(\"Hello World\")"
        val doc = Ksoup.parse(packedScript)
        val script = doc.selectFirst("script")!!
        assertEquals(packedScript, script.outerHtml())
        val dataNode = script.childNode(0) as DataNode
        assertEquals(packedJs, dataNode.getWholeData())
        assertEquals(unpackedJs, dataNode.getUnpackedData())

@DatL4g
Copy link
Contributor Author

DatL4g commented Sep 28, 2024

@itboy87 Thanks for the hints! Added the changes

@itboy87 itboy87 merged commit 59651a1 into fleeksoft:release Sep 28, 2024
30 checks passed
@itboy87
Copy link
Collaborator

itboy87 commented Sep 28, 2024

Thanks.

@itboy87
Copy link
Collaborator

itboy87 commented Sep 29, 2024

@DatL4g Do you know how to create a JavaScript packer in Kotlin? I’m thinking of adding a JS packer and unpacker as a utility in the library

@DatL4g
Copy link
Contributor Author

DatL4g commented Sep 29, 2024

@itboy87 Sorry I don't.

This unpacker implementation is based on this PHP variant.

Here is a equivalent for packing https://github.com/tholu/php-packer

@itboy87
Copy link
Collaborator

itboy87 commented Oct 2, 2024

Okay thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants