JS anti-debugging bypass & amp;JS code obfuscation & amp;JSFUCK encoding
If there are relatively confidential things in the JS code of the target website, anti-debugging will be enabled, and the code will obfuscate these functions to prevent the leakage of confidential data. Let’s talk about several methods to bypass the JS anti-debugging function of the target website.
-Disable breakpoints
Click the button below to disable breakpoints
After disabling breakpoints, you can bypass the other party’s anti-debugging in most cases, but you will not be able to analyze breakpoints yourself
?
?
-Conditional breakpoint
?
You can enter a condition that is always true or not true here. There will no longer be a situation where the developer tools are opened and suspended. For example, enter false directly. If there is still a pause, it may be that there is an anti-debugging function on the target website. Find it and handle it as above.
?
-Never pause here
?
?
?
?
?
-Blank function
Function blank: The original function used for anti-debugging should be rewritten on the console. If the function is discarded, the anti-debugging capability will no longer be available. For example, the following example
Anti-debugging function=function(){
return NULL;
}
?
-Local coverage
Local coverage: In the coverage option in the source code tab, enable local substitution, right-click the key code on the target website to save the local backup, and we can edit the key code. You can delete or comment out the reflection here. Debug code blocks. After completion, when the website loads this file again, it will be based on our local file, that is, the js file we edited, and the original file of the original website will be overwritten. The specific method is as follows:
?
?
Then right-click the JS file responsible for the anti-debugging function of the target website and select Replacement content?. It will appear in the Replacement folder and can be edited.
?
?
?
?
Code obfuscation
JavaScript code obfuscation is the process of converting highly readable JavaScript code into a form that is difficult to understand and analyze. It makes the code obscure through a series of transformations and techniques, thereby increasing the security of the code and making it difficult for others to easily understand and modify your code.
The purpose of obfuscation is usually to protect intellectual property or prevent malicious users from reverse engineering your code. Doing this makes it harder for them to steal your algorithms or use your code without your authorization.
Although obfuscation can improve the security of your code, it is not absolutely safe. An experienced hacker or reverse engineer may spend some time restoring the obfuscated code, but obfuscated code can make their job more difficult.
Open source code encryption:
JSON online | JSON parsing and formatting-SO JSON online tool
Encryption for commercial use:
JS encryption, JS irreversible encryption, JS confusion, JS confusion encryption, JS compression encryption – [JavaScript encryption] (jsjiami.com)
Let me briefly talk about one point:
?
?
It needs to be debugged on the local console and cannot be debugged on the online platform, which is likely not allowed. You can just create a local web page for debugging by yourself. Use phpstudy or something like that (if you don’t know how to use it, search for it and publish a web page with one click)
?
The above encoding technology consisting of “!” symbols and “[” “]” is called JSFUCK encoding:
“JSFuck” is a JavaScript-based encoding technology that allows you to encode JavaScript code using only six characters: [ ] ( ) ! + ?. Although the encoded JSFuck code looks like a bunch of unordered characters, it is still legal JavaScript code because it is built under the syntax rules of JavaScript. This is because JSFuck uses type conversion, mathematical operations, and logical operations in JavaScript to combine these six characters into various JavaScript expressions. This is also why JSFuck code is often very difficult to read, because it pushes the characteristics of JavaScript to the limit, making it very confusing in form, but it is still legal JavaScript code.
?
I deleted the contents in the parentheses of the original encrypted code and left only an empty parentheses, and then printed it on the console. It can still be executed successfully; as shown below:
?
?
?
?
After I deleted the last empty parenthesis, I directly exposed this JS source code; as shown below:
?
Why can execution continue after removing part of the encoding? :
It probably means that the deleted part is just some flower instructions and some irrelevant things.
The concept and function of flower commands:
The term “flower instruction” is a term usually associated with computer assembly language and program reverse engineering. It is not an official computer science term, but is a common slang term among the hacker and reverse engineer communities. It usually refers to instructions or code fragments that appear to have no actual effect in a program, or that will not be executed under normal operation. These instructions may be inserted into a program to obfuscate or prevent reverse engineering.
“Flower command” can have the following functions:
- 1. Obfuscated code: Inserting fancy instructions into a program makes it difficult for reverse engineers to understand the actual logic of the code because they need to distinguish which instructions are irrelevant.
- Prevent automated tools: Certain reverse engineering tools and automated scripts may attempt to analyze the structure of a program, and fancy instructions can interfere with these tools and make their analysis more complex.
- Increases the difficulty of reverse engineering: By introducing useless instructions, reverse engineers require more time and effort to analyze the program, thereby increasing the difficulty of reverse engineering.
- Mislead attackers: Spend instructions can mislead malicious attackers, causing them to spend time on irrelevant instructions instead of attacking the actual vulnerability or critical logic of the program.
?
Generally, encrypted JavaScript code may have the following characteristics:
- Difficult to read and understand: Encryption can obscure code and make it harder to understand by removing spaces, indentations, comments, and renaming variable and function names.
- Code compression: Encryption is often accompanied by code compression to reduce file size and thus speed up load times. This can cause some variable and function names to become more obscure.
- Obfuscation techniques: Obfuscation techniques include converting common code structures into complex equivalent forms, such as rewriting conditional statements into incomprehensible forms, using logical operators, etc. This increases the complexity of the code.
- Encryption algorithms: Some code encryption tools may encode source code using encryption algorithms that require decoding at runtime to execute. This improves security, but also increases code complexity.
- Self-decoding capabilities: Some encryption techniques include self-decoding capabilities, which means that the encrypted code contains the logic to decode itself. In this way, the decrypted code can be restored to executable JavaScript at runtime.
- Specific identifiers: Some encryption tools may leave specific identifiers in the code that identify the code as encrypted.
- Give an example of encryption
-
// Code before encryption function displaySecretMessage() { alert("This is a secret message!"); } displaySecretMessage(); // ROT13 encryption function obqlfgYrpbeqZrffntr() { nyreg("Guvf vf n frperg zrffntr!"); } obqlfgYrpbeqZrffntr();
The characteristics of this encrypted JavaScript code are:
- Function and variable names have been encrypted by ROT13, making them obscure and difficult to understand.
- Warning messages are also ROT13 encrypted to avoid understanding the message content by looking directly at the code.
- When you run the encrypted code, it decrypts the function name and message and then executes normally.
This is just a simple demonstration, in reality, encryption code will usually be more complex and use stronger encryption algorithms to ensure the security of the code. However, this example illustrates that encryption can be used to hide the features and logic of JavaScript code, making it harder to understand
?
Thanks for watching~
?
?