Skip to content
This repository has been archived by the owner on May 25, 2020. It is now read-only.

backlash and vertical tab characters in string were not correctly obfuscated #30

Open
shiwanlin opened this issue Jan 12, 2016 · 0 comments
Open

backlash and vertical tab characters in string were not correctly obfuscated #30

shiwanlin opened this issue Jan 12, 2016 · 0 comments

Comments

@shiwanlin
Copy link

On this version of obfuscator:

├─┬ [email protected]
│ ├── [email protected]
│ └─┬ [email protected]
│   ├── [email protected]
│   ├─┬ [email protected]
│   │ └── [email protected]
│   ├── [email protected]
│   └─┬ [email protected]
│     ├── [email protected]
│     ├─┬ [email protected]
│     │ └── [email protected]
│     ├── [email protected]
│     └── [email protected]
  • a backslash character is not correctly obfuscated (with the options.strings set true): both '\\' and '\x5c' get obfuscated into "\underfined".
  • a vertical tab specified as '\v' or ``\x0b'gets obfuscated into"\xb"`.

In both cases I got a fatal error from node when executing the obfuscated codes of some large production code base as shown below. However I could not reproduce the same fatal error when testing with a simple test program. In both programs, the behaviors are incorrect.

SyntaxError: Unexpected token ILLEGAL
    at exports.runInThisContext (vm.js:53:16)
    at Module._compile (module.js:413:25)
    at Object.Module._extensions..js (module.js:452:10)
    at Module.load (module.js:355:32)
    at Function.Module._load (module.js:310:12)
    at Function.Module.runMain (module.js:475:10)
    at startup (node.js:117:18)
    at node.js:951:3

The problem lies in /lib/utils.js:exports.hex() -

    if (map[char]) {
      result += map[char];
    } else if ('\\' == char) {
      result += '\\' + str[++i];
    } else {
      result += '\\x' + str.charCodeAt(i).toString(16);
    }

In the case of a single character of escaped backlash, it will cause str[++i] producing "undefined". For the case of '\v', the leading zero is perhaps dropped by the charCodeAt(i).

Suggested fix: expanding the map object in /lib/utils.js to include all the official JavaScript special characters as defined in https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Grammar_and_types:

/**
 * Escape map.
 */

var map = {
  '\b': '\\b',
  '\f': '\\f',
  '\n': '\\n',
  '\r': '\\r',
  '\t': '\\t',
  '\v': '\\v',
  '\\': '\\\\',
  '\0': '\\0'.
  '\"': '\\"',
  "\'": "\\'"
};
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shiwanlin