A code with webpackChunkuxp_plugin wrapper doesn't seem to unwrap #128
Comments
|
only the first module (560) contains obfuscated code, so unpacking doesn't seem that useful. var r = {
560: (n, r, t) => {
// ...
},
87: (n) => {
n.exports = require("os");
},
826: (n) => {
n.exports = require("photoshop");
},
878: (n) => {
n.exports = require("uxp");
},
};the primary issue is that it's using an old obfuscator version, which isn't being detected var d = ["qqAoh", "QlvpL", "construc", /* ... */];
(function (n, r) {
function t(n, r, t, u) {
return y(n - 444, u);
}
function u(n, r, t, u) {
return y(n - 444, u);
}
while (true) {
try {
if (parseInt(t(906, 0, 0, 935)) + -parseInt(t(922, 0, 0, 895)) * -parseInt(t(1008, 0, 0, 1058)) + -parseInt(t(884, 0, 0, 966)) + parseInt(u(892, 0, 0, 787)) * parseInt(t(824, 0, 0, 918)) + -parseInt(u(901, 0, 0, 856)) * parseInt(u(974, 0, 0, 1070)) + parseInt(t(813, 0, 0, 897)) * -parseInt(u(985, 0, 0, 1061)) + parseInt(u(809, 0, 0, 772)) * parseInt(u(894, 0, 0, 958)) === 196615) {
break;
}
n.push(n.shift());
} catch (r) {
n.push(n.shift());
}
}
})(d);
function y(n, r) {
return (y = function (n, r) {
return d[n -= 357];
})(n, r);
}to function stringArray() {
var d = ["qqAoh", "QlvpL", "construc", /* ... */];
return (stringArray = function() { return d })()
}
(function (n, r) {
n = n();
function t(n, r, t, u) {
return y(n - 444, u);
}
function u(n, r, t, u) {
return y(n - 444, u);
}
while (true) {
try {
if (parseInt(t(906, 0, 0, 935)) + -parseInt(t(922, 0, 0, 895)) * -parseInt(t(1008, 0, 0, 1058)) + -parseInt(t(884, 0, 0, 966)) + parseInt(u(892, 0, 0, 787)) * parseInt(t(824, 0, 0, 918)) + -parseInt(u(901, 0, 0, 856)) * parseInt(u(974, 0, 0, 1070)) + parseInt(t(813, 0, 0, 897)) * -parseInt(u(985, 0, 0, 1061)) + parseInt(u(809, 0, 0, 772)) * parseInt(u(894, 0, 0, 958)) === 196615) {
break;
}
n.push(n.shift());
} catch (r) {
n.push(n.shift());
}
}
})(stringArray);
function y(n, r) {
var d = stringArray();
return (y = function (n, r) {
return d[n -= 357];
})(n, r);
}but it will be much work as the code has been obfuscated 40x in a row, so there are 40 different string arrays |
|
Hmm, technically it works, but it comes that script stops working even after initial Unminify with no check boxes active (I mean in webcrack), which makes it impossible to test further. So something breaks it from the start :( |
|
thats anti-tampering/debugging, any formatting changes will break it here are examples how it looks like: |
|
Does it mean that if all the string arrays are deobfuscated, webcrack then may find that anti-debug in one of them? |
|
yes |
|
So, I've tried to wrap every array according to your advice and it failed. Sometimes there was popup error: c is not defined or so. The code itself was processed somehow, but directly in it were strings like "webcrack_failed:undefined" a lot of them. |
I am very interested in reverse-engineering JSXBIN and have already achieved some success. If anyone has a JSXBIN file that cannot be reverse-engineered, feel free to send it to my email, and I will reverse-engineer it for free. My email is: xy941314@gmail.com |
Describe the bug
So, webcrack fails to deobfuscate any vars or messed string arrays. Some other deobfuscators just throw eval error. Any advice? There is a webpackChunkuxp_plugin function in the very end of file, but how to work it around?
TIA
Expected Behaviour
unwrap webpack chunks?
Code
https://pixeldrain.com/u/tEwbudsALogs
No response
The text was updated successfully, but these errors were encountered: