From: Kevin Carhart <kevin@carhart.net>
To: edbrowse-dev@lists.the-brannons.com
Subject: [Edbrowse-dev] deobfuscate(js_text)
Date: Tue, 21 Jun 2016 18:18:23 -0700 (PDT) [thread overview]
Message-ID: <alpine.LRH.2.03.1606211749540.25010@carhart.net> (raw)
In-Reply-To: <alpine.LRH.2.03.1606151830410.28484@carhart.net>
Hi group
Recently while debugging, I went back to fastmail.com, which we improved
around December. At one point I got a completely opaque message about a
jquery error:
execute core-1.js at 1
TypeError: $(...) is null
I decided to bite the bullet and do something about this. When JS code is
minified and compacted, the line numbers tell you nothing. It could
report an error on line 1, but line 1 is several pages long.
So, I went back to a deobfuscator script that Chris and Karl sent me a
link for last year. It will space things out, indent and add newlines.
The symbols still suck, however now the line number of an
error can be way more helpful. The deobfuscator is in Python so I
pieced together how to embed the python interpreter and call it from C.
And it works!! Chunks of JS code from a page get newlines!
Currently I have this in prepareScript. May not be the best place. I
want to do it prior to when the line count is found.
Near the end of prepareScript, instead of:
set_property_string(t->jv, "data", js_text);
I changed it to
set_property_string(t->jv, "data", deobfuscate(js_text));
I can give you this proof of concept code if you like- at the minimum, it
is going to help me isolate more DOM errors. I don't think it would be
something that we would consider for the live edbrowse. UNLESS - is there
any reason to believe that putting JS code through a deobfuscator is not
isomorphic? Could it actually improve (or, change for the worse,
unfortunately) the interpretation of the JS itself? I am surprised to
find that when I rerun fastmail, I don't get the TypeError at all. I
could be misinterpreting what I'm observing. Deobfuscation should be only
a formatting change, but then, the python deobfuscator is a bunch of
idiosyncratic decoders that people have handwritten for the output of the
top five or six encoders, so I don't really know the algorithms and
regular expressions they have used. It might modify the code as it
reformats it.
This is the link to the beautifier:
https://github.com/beautify-web/js-beautify
Kevin
next prev parent reply other threads:[~2016-06-22 1:16 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-16 1:45 [Edbrowse-dev] a technique for the find-and-fix Kevin Carhart
2016-06-22 1:18 ` Kevin Carhart [this message]
2016-06-22 11:54 ` [Edbrowse-dev] OT: Fastmail and the good old days Chuck Hallenbeck
2016-06-22 12:11 ` [Edbrowse-dev] OT: Fastmail and the good old days (correction) Chuck Hallenbeck
2016-06-23 10:26 ` Kevin Carhart
2016-06-22 12:24 ` [Edbrowse-dev] deobfuscate(js_text) Karl Dahlke
2016-06-23 10:13 ` Kevin Carhart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LRH.2.03.1606211749540.25010@carhart.net \
--to=kevin@carhart.net \
--cc=edbrowse-dev@lists.the-brannons.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).