spider/akamai-deobfuscator-2.0
1
0
Fork 0
mirror of https://github.com/rastvl/akamai-deobfuscator-2.0.git synced 2025-04-08 09:43:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

habr

Browse Source
This commit is contained in:
Vladislav Rastoropov 2023-03-05 23:16:39 +03:00
parent ad0109d8f5
commit 88fb847d55
12 changed files with 112 additions and 160755 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
README.md
View File

@ -1,2 +1,20 @@
# akamai-deobfuscator-2.0
Akamai Bot Manager 2.0 dynamic script deobfuscator from asos
Akamai Bot Manager 2.0 dynamic script deobfuscator.
The repository was created for [this article](https://habr.com).
```
git clone
npm install
```
Put the akamai script in `./input/src.js`
Start the server
```
node ./utils/server.js
```
Run index.js
```
node ./index.js
```
Check result in `./output/deobfuscated.js`
This script simply replaces strings, so use https://deobfuscate.io/ to replace proxy functions.
This repos

6
browser-env/canvas.js
View File

@ -1,6 +0,0 @@
const defineCanvas = window => {
window.CanvasRenderingContext2D = window.document.createElement('canvas').getContext('2d');
window.CanvasRenderingContext = window.document.createElement('canvas').getContext('2d');
}
module.exports = defineCanvas;

2
browser-env/toString.js
View File

@ -5,8 +5,10 @@ const defineToString = window => {
window.Function.prototype.toString = function toString() {
if (userFunctionToString.has(this)) {
const result = userFunctionToString.get(this);
return result;
return result.replaceAll(/console\.log\([a-zA-Z0-9_\(\)\s,\[\]']*\);/g, '');
}
return orgToString.call(this);
}

33
browser-env/window.js
View File

@ -10,7 +10,6 @@ const defineLocation = require('./location');
const defineHTMLMediaElement = require('./element/HTMLMediaElement');
const defineScreen = require('./screen');
const defineIndexedDB = require('./indexedDB');
const defineCanvas = require('./canvas');
const defineWebGL = require('./webgl');
const definePerformance = require('./performance');
const defineInterval = require('./setInterval');
@ -411,24 +410,24 @@ defineDocument(window);
defineFile(window);
defineAddEventListener(window);
// Object.defineProperty(window.HTMLIFrameElement.prototype, 'loading', {
// get() {
Object.defineProperty(window.HTMLIFrameElement.prototype, 'loading', {
get() {
// },
// set() {
},
set() {
// }
// })
}
})
// delete window.SharedArrayBuffer;
// Object.defineProperties(window, {
// 'isSecureContext': {
// get: () => true
// },
// 'crossOriginIsolated': {
// get: () => false
// },
// });
// global.Function.prototype.toString = window.Function.prototype.toString;
delete window.SharedArrayBuffer;
Object.defineProperties(window, {
'isSecureContext': {
get: () => true
},
'crossOriginIsolated': {
get: () => false
},
});
global.Function.prototype.toString = window.Function.prototype.toString;
module.exports = window;

1
index.js
View File

@ -23,4 +23,5 @@ const interval = setInterval(() => {
}
}, 3000);
console.log('go');
console.log(new Interpreter(srcCode).eval(ast.program))

2
input/src.js
View File

File diff suppressed because one or more lines are too long

24
libs/Interpreter.js
View File

@ -38,11 +38,14 @@ class Interpreter {
}
if (t.isLiteral(node)) {
// if (t.isNullLiteral(node)) {
// return null;
// }
// return node.value;
return global.eval(generate(node).code)
// return global.eval(generate(node).code)
if (t.isNullLiteral(node)) {
return null;
}
if (t.isRegExpLiteral(node)) {
return new RegExp(node.pattern, node.flags);
}
return node.value;
}
if (t.isBinaryExpression(node)) {
@ -193,6 +196,7 @@ class Interpreter {
object = ctx.env.lookup(objectName);
}
if (!object) {
debugger;
throw `Undefined object in assignment... ${generate(node).code}`;
}
let prop;
@ -425,12 +429,12 @@ class Interpreter {
}
const args = node.arguments.map(arg => this.eval(arg, ctx));
if (args[1] && args[1] === 493711) {
// console.log('here')
return 3031957943;
}
// if (args[1] && args[1] === 493711) {
// // console.log('here')
// return 3031957943;
// }
const result = fn.call(thisCtx, ...args);
const resultBlackList = ['length', 'push', 'pop', 'charCodeAt', 'charAt', toString];
// const resultBlackList = ['length', 'push', 'pop', 'charCodeAt', 'charAt', toString];
// if (
// typeof result === 'string' &&
// !resultBlackList.includes(result) &&

112
output/deobfuscate.io.js
View File

@ -6286,7 +6286,7 @@
}
Gh.pop();
};
var MgE = function () {
var MgE = function () { // webgl
Gh.push(lv);
try {
var KgE = Gh.slice();
@ -6327,7 +6327,7 @@
}
Gh.pop();
};
var z5E = function (j5E) {
var z5E = function (j5E) { // some props
Gh.push(Yv);
A5E('<bpd>');
var I5E = EF;
@ -6339,7 +6339,7 @@
var w5E = cgE() - win.window.bmak.startTs,
D5E = '3';
D5E = U5E();
var O5E = Ah(b0, [H5E, IW]),
varO5E = Ah(b0, [H5E, IW]),
f5E = win.window.DeviceOrientationEvent
? 'do_en'
: 'EI;E@',
@ -6429,7 +6429,7 @@
),
JZE = cgE() - win.window.bmak.startTs,
NZE = win.parseInt(nZE / bF, hh),
XZE = (function BZE() {
XZE = (function BZE() { // navigator props
Gh.push(hB);
try {
var dZE = Gh.slice();
@ -6528,9 +6528,9 @@
win.window.bmak.firstLoad && (Ah(b0, [c3E, bF]), z3E()),
!j3E &&
(!Fh === q5E || Y5E > EF) &&
(!(function A3E() {
(!(function A3E() { // fonts
Gh.push(PF);
var I3E = [
var fontNames = [
'Monospace',
'Wingdings 2',
'ITC Bodoni 72 Bold',
@ -6553,12 +6553,12 @@
var s3E =
win.document.getElementsByTagName('body')[EF];
s3E
? (I3E.forEach(function (D3E, U3E) {
? (fontNames.forEach(function (font, U3E) {
Gh.push(sVE);
(Q3E.style.fontFamily = D3E),
(Q3E.style.fontFamily = font),
s3E.appendChild(Q3E),
(x3E += ''
.concat(D3E, ':')
.concat(font, ':')
.concat(Q3E.offsetWidth, ',')
.concat(Q3E.offsetHeight, ';')),
s3E.removeChild(Q3E);
@ -6665,21 +6665,21 @@
'-127',
APE, // permissions
'-128',
X3E,
X3E, // iframe, loading, css
'-131',
b3E,
b3E, // navigator.connection, performance.memory
'-132',
VPE,
VPE, // chrome object
'-133',
IPE,
IPE, // есть ли свойства в самом window.navigator, а не в прототипе?
'-70',
m5E.fpValStr,
'-80',
P3E,
P3E, //
'-90',
hZE,
hZE, // events
'-116',
QPE,
QPE, //
]),
xPE && (x5E.push("'V1", '1'), (sPE = !EF)),
x5E.push('-129', f3E),
@ -6960,7 +6960,7 @@
}
Gh.pop();
};
var qzE = function (rzE) {
var qzE = function (rzE) { // DeviceOrientation
Gh.push(p1);
try {
var pzE = Gh.slice();
@ -6993,7 +6993,7 @@
}
Gh.pop();
};
var z3E = function () {
var z3E = function () { // speechs
Gh.push(XW);
win.window.speechSynthesis &&
win.window.speechSynthesis.getVoices
@ -7003,7 +7003,7 @@
: (L3E = 'n');
Gh.pop();
};
var bzE = function () {
var bzE = function () { // speechs
Gh.push(xC);
var SzE = win.window.speechSynthesis.getVoices();
if (SzE.length > EF) {
@ -7015,7 +7015,7 @@
} else L3E = '0';
Gh.pop();
};
var c3E = function () {
var c3E = function () { // navigator.permissions
Gh.push(cb);
var VjE = [];
try {
@ -7097,7 +7097,7 @@
}
Gh.pop();
};
var wjE = function () {
var wjE = function () { // brave
Gh.push(Hb);
win.navigator.brave &&
win.navigator.brave
@ -7110,7 +7110,7 @@
});
Gh.pop();
};
var h3E = function () {
var h3E = function () { // selemium signals
Gh.push(Dl);
var HjE;
return (
@ -7168,7 +7168,7 @@
var qjE;
return (qjE = WjE), Gh.pop(), qjE;
};
var H5E = function () {
var H5E = function () { // object props
Gh.push(xC);
var rjE = pZE();
var pjE = ''.concat(Ah(b0, [V3E, EF, rjE]));
@ -7448,7 +7448,7 @@
hAE
);
};
var wAE = function () {
var wAE = function () { // navigator props
Gh.push(wB);
var VIE;
return (
@ -7484,7 +7484,7 @@
cIE
);
})()),
(R3E = (function zIE() {
(R3E = (function zIE() { // styles
Gh.push(kv);
try {
var jIE = Gh.slice();
@ -7557,7 +7557,7 @@
})()),
(S3E = ''.concat(UIE(), ',').concat(vzE)),
(M3E = OIE()),
(K3E = (function HIE() {
(K3E = (function HIE() { // file path
Gh.push(wM);
try {
var fIE = Gh.slice();
@ -7586,7 +7586,7 @@
}
Gh.pop();
})()),
(v3E = (function CIE() {
(v3E = (function CIE() { // crossOriginIsolated
Gh.push(Yv);
var kIE;
return (
@ -7599,7 +7599,7 @@
kIE
);
})()),
(EPE = (function lIE() {
(EPE = (function lIE() { // chrome object
Gh.push(n9);
if (
win.window.chrome &&
@ -7661,7 +7661,7 @@
var nIE;
return (nIE = 'OHV'), Gh.pop(), nIE;
})()),
(gPE = (function XIE() {
(gPE = (function XIE() { // chrome object
Gh.push(pX);
var BIE;
return (
@ -7741,7 +7741,7 @@
BIE
);
})()),
(IPE = (function cQE() {
(IPE = (function cQE() { // props in navigator
Gh.push(k9);
var zQE;
return (
@ -8017,7 +8017,7 @@
var rxE;
return (rxE = -1), Gh.pop(), rxE;
}
function V3E(pxE) {
function V3E(pxE) { // sum of all charCodes in string
Gh.push(X9);
if (null == pxE) {
var txE;
@ -8104,7 +8104,7 @@
var j2E;
return (j2E = z2E), Gh.pop(), j2E;
}
function r5E() {
function r5E() { // someprops
Gh.push(NC);
try {
var A2E = Gh.slice();
@ -8126,7 +8126,7 @@
var O2E = win.navigator.doNotTrack
? win.navigator.doNotTrack
: -Fh;
var H2E = (function f2E(L2E) {
var H2E = (function f2E(L2E) { // canvas
Gh.push(TK);
var T2E = -Fh;
var h2E = -Fh;
@ -8262,16 +8262,16 @@
}
Gh.pop();
}
function v2E() {
function v2E() { // timezone offset
Gh.push(mJ);
var ZsE;
return (
(ZsE = new win.Date().getTimezoneOffset()), Gh.pop(), ZsE
);
}
function b2E() {
function b2E() { // plugins
Gh.push(DS);
var PsE = [
var pluginsList = [
'WebEx64 General Plugin Container',
'YouTube Plug-in',
'Java Applet Plug-in',
@ -8305,18 +8305,18 @@
return (csE = null), Gh.pop(), csE;
}
for (
var zsE = PsE.length, jsE = '', AsE = EF;
var zsE = pluginsList.length, jsE = '', AsE = EF;
AsE < zsE;
AsE++
) {
var IsE = PsE[AsE];
var IsE = pluginsList[AsE];
void NF[nF] !== win.navigator.plugins[IsE] &&
(jsE = ''.concat(jsE, ',').concat(AsE));
}
var QsE;
return (QsE = jsE), Gh.pop(), QsE;
}
function VsE() {
function VsE() { // webrtc
Gh.push(T1);
var xsE;
return (
@ -8328,7 +8328,7 @@
xsE
);
}
function S2E() {
function S2E() { // sessionStorage
Gh.push(F1);
try {
var ssE = Gh.slice();
@ -8341,7 +8341,7 @@
}
Gh.pop();
}
function M2E() {
function M2E() { // localStorage
Gh.push(Pl);
try {
var OsE = Gh.slice();
@ -8354,12 +8354,12 @@
}
Gh.pop();
}
function K2E() {
function K2E() { // indexedDB
Gh.push(Cd);
var TsE;
return (TsE = !!win.window.indexedDB), Gh.pop(), TsE;
}
function E3E() {
function E3E() { // selenium
Gh.push(kd);
try {
var hsE = Gh.slice();
@ -8440,7 +8440,7 @@
}
Gh.pop();
}
function g3E() {
function g3E() { // navigator webdriver
Gh.push(ld);
try {
var lsE = Gh.slice();
@ -8796,7 +8796,7 @@
var zUE = pJ;
var jUE = -Fh;
var AUE = EF;
function IUE(event, xUE, sUE) {
function IUE(event, xUE, sUE) { // keyboard event
Gh.push(pv);
try {
var wUE = Gh.slice();
@ -9084,7 +9084,7 @@
var m6E;
return (m6E = Y6E ? Y6E.toString() : '-1'), Gh.pop(), m6E;
}
function ZIE() {
function ZIE() { // frame
Gh.push(Id);
try {
var q6E = Gh.slice();
@ -9255,7 +9255,7 @@
}
Gh.pop();
}
function UIE() {
function UIE() { // navigator.connection, performance.memory
Gh.push(nK);
try {
var JOE = Gh.slice();
@ -9284,11 +9284,11 @@
})(),
SOE = '-1,-1,-1';
if (win.window.performance && win.window.performance.memory) {
var MOE = win.window.performance.memory;
var memoryInfo = win.window.performance.memory;
SOE = ''
.concat(MOE.jsHeapSizeLimit, ',')
.concat(MOE.totalJSHeapSize, ',')
.concat(MOE.usedJSHeapSize);
.concat(memoryInfo.jsHeapSizeLimit, ',')
.concat(memoryInfo.totalJSHeapSize, ',')
.concat(memoryInfo.usedJSHeapSize);
}
var KOE;
return (
@ -9301,7 +9301,7 @@
}
Gh.pop();
}
function OIE() {
function OIE() { // mimetypes and plugins test
Gh.push(Ed);
var EHE = (function gHE() {
Gh.push(dR);
@ -9329,7 +9329,7 @@
}
Gh.pop();
})();
var jHE = (function AHE() {
var jHE = (function AHE() { // plugins.refresh
Gh.push(bR);
try {
var IHE = Gh.slice();
@ -9349,7 +9349,7 @@
}
Gh.pop();
})();
var DHE = (function UHE() {
var DHE = (function UHE() { // plugins item
Gh.push(SR);
try {
var OHE = Gh.slice();
@ -9679,7 +9679,7 @@
((l5E = nG), Ah(b0, [z5E, Fh]), YzE(), wfE++));
Gh.pop();
}
function kcE(nfE, XfE) {
function kcE(nfE, XfE) { // mouse event
Gh.push(YC);
var BfE = (function dfE(RfE, bfE, SfE) {
Gh.push(hR);
@ -9757,7 +9757,7 @@
((l5E = IW), Ah(b0, [z5E, Fh]), YzE()));
Gh.pop();
}
function JcE(x4E, s4E) {
function JcE(x4E, s4E) { // pointer event
Gh.push(G9);
var w4E = (function D4E(U4E, O4E, H4E) {
Gh.push(Cv);

1
output/deobfuscated.js
View File

@ -4051,7 +4051,6 @@
JgE = qgE["t"]["split"]("~");
if (NgE = VE["parseInt"](GgE[EF], NF[DF]), ngE = VE["parseInt"](GgE[Fh], hh), XgE = VE["parseInt"](JgE[EF], hh), BgE = VE["parseInt"](JgE[Fh], hh), dgE = qgE["e"], RgE()) try {
var bgE = Gh.slice();
;
VE["window"]["localStorage"]["Jd&:\"\x19x"]("\x7F1o\x16ZP[", qgE["k"]), VE["window"]["localStorage"]["Jd&:\"\x19x"]("\uFFC6\uFFD1\uFFCD\uFFD2\uFFD8\uFFC3\uFFD8", qgE["t"]), VE["window"]["localStorage"]["Jd&:\"\x19x"]("2\x1F?R\br>", qgE["e"]);
} catch (SgE) {
Gh = bgE.slice();

160660
output/logger.txt
View File

File diff suppressed because it is too large Load Diff

5
package.json
View File

@ -1,10 +1,11 @@
{
"name": "akamai-deobfuscator-2.0",
"name": "akamai",
"version": "1.0.0",
"description": "Akamai Bot Manager 2.0 dynamic script deobfuscator from asos",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
"test": "echo \"Error: no test specified\" && exit 1",
"start": "node utils/server.js & node index.js"
},
"repository": {
"type": "git",

1
utils/server.js
View File

@ -3,7 +3,6 @@ const express = require('express');
const app = express();
app.post('/send', (req, res) => {
console.log(req);
res.send('{"success": true}');
});