In this post we will use online obfuscators to scrumble javascript code. The goal is to automate obfuscating of many source files, rather than focus on a single project obfuscation.
To do this we wrap the call to the online obfuscation in a loop for each javascript that we have, and keep the results in a dedicated output folder.
import os
import pathlib
import urllib.parse
from multiprocessing import Pool
import requests
from src.common import ROOT_FOLDER
def obfuscate(entry):
input_path, output_path = entry
with open(input_path, 'r') as file:
data = file.read()
headers = {
'authority': 'javascriptobfuscator.com',
'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
'accept-language': 'en-US,en;q=0.9,he;q=0.8,fr;q=0.7',
'cache-control': 'max-age=0',
'content-type': 'application/x-www-form-urlencoded',
'origin': 'https://javascriptobfuscator.com',
'referer': 'https://javascriptobfuscator.com/Javascript-Obfuscator.aspx',
'sec-ch-ua': '"Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': 'Linux',
'sec-fetch-dest': 'document',
'sec-fetch-mode': 'navigate',
'sec-fetch-site': 'same-origin',
'sec-fetch-user': '?1',
'upgrade-insecure-requests': '1',
'user-agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36',
}
data = urllib.parse.quote_plus(data)
data = 'UploadLib_Uploader_js=1&__EVENTTARGET=ctl00%24MainContent%24Button1&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKMTM4MjU3NDgxNw9kFgJmD2QWAgIDD2QWAgIBDxYCHgRUZXh0BdkBPGxpIGNsYXNzPSdsaXN0LWlubGluZS1pdGVtIG1yLTAnPjxhIGNsYXNzPSd1LWhlYWRlcl9fbmF2YmFyLWxpbmsnIGhyZWY9Jy9zaWduaW4uYXNweCc%2BQWNjb3VudCBMb2dpbjwvYT48L2xpPgo8bGkgY2xhc3M9J2xpc3QtaW5saW5lLWl0ZW0gbXItMCc%2BPGEgY2xhc3M9J3UtaGVhZGVyX19uYXZiYXItbGluaycgaHJlZj0nL3JlZ2lzdGVyLmFzcHgnPlJlZ2lzdGVyPC9hPjwvbGk%2BIGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgUFGmN0bDAwJE1haW5Db250ZW50JGNiTGluZUJSBRpjdGwwMCRNYWluQ29udGVudCRjYkluZGVudAUdY3RsMDAkTWFpbkNvbnRlbnQkY2JFbmNvZGVTdHIFG2N0bDAwJE1haW5Db250ZW50JGNiTW92ZVN0cgUgY3RsMDAkTWFpbkNvbnRlbnQkY2JSZXBsYWNlTmFtZXNJfhOUrd%2FjYMwya4KqO76nY28hwfkIpQAmM%2Bhk51YiJA%3D%3D&__VIEWSTATEGENERATOR=6D198BE1&__EVENTVALIDATION=%2FwEdAAzyRDYiu41ivvipFNnKHrClCJ8xELtYGHfHJig8BNR1A%2Fnd3wctyww89JbDbeLvgrjW%2FQY5cz%2Bpu3qUjqM%2B4n5jIWlyEKFxLO5ck%2BF6M0ODiJ1itZp%2B2hATYVWj%2Fb%2B%2BnyR8f2dPhQQre4aI0Iea4dKYmjI5SSrP8%2Fdi9FPKAsCRiSDSoNvpe2qp90wnP2HAWzNs9mdJae9TApAJFRRb54f73WbA4XcESfoeI8EInEzA%2BdxRJK%2FkVxlULg0AsW337%2FI8ZVc1MOVK9zP9AcHGfTxHt98XiGpmCkjM8SbZaQl4aw%3D%3D&ctl00%24MainContent%24uploader1=&ctl00%24MainContent%24TextBox1=' + data + '&ctl00%24MainContent%24TextBox2=&ctl00%24MainContent%24cbEncodeStr=on&ctl00%24MainContent%24cbMoveStr=on&ctl00%24MainContent%24cbReplaceNames=on&ctl00%24MainContent%24TextBox3=%5E_get_%0D%0A%5E_set_%0D%0A%5E_mtd_'
response = requests.post('https://javascriptobfuscator.com/Javascript-Obfuscator.aspx', headers=headers, data=data)
if response.status_code != 200:
error_page = response.content
error_page = error_page.decode('utf-8')
raise Exception('failed code is {}: {}'.format(response.status_code, error_page))
response_data = response.content.decode('utf-8')
obfuscated = response_data.split('"Obfuscated result">', 1)[1]
obfuscated = obfuscated.split('</textarea>', 1)[0]
if 'CodeParseException' in obfuscated:
print('error in file {}'.format(input_path))
return
with open(output_path, 'w') as file:
file.write(obfuscated)
def main():
output_folder = ROOT_FOLDER + '/obfuscated_javascriptobfuscator'
scripts_folder = ROOT_FOLDER + '/scripts'
pathlib.Path(output_folder).mkdir(parents=True, exist_ok=True)
jobs = []
for _, _, files_names in os.walk(scripts_folder):
for i, file_name in enumerate(sorted(files_names)):
file_path = scripts_folder + '/' + file_name
output_path = output_folder + '/' + file_name
entry = file_path, output_path
jobs.append(entry)
with Pool(20) as pool:
pool.map(obfuscate, jobs)
main()
This code uses the javascriptobfuscator.com site for the actual obfuscation. Using a python tasks pool, it runs 20 processes of workers to send requests for the online obfuscator, and extracts the obfuscated result from the response.
We can do the same for another online obfuscator:
import os
import pathlib
import urllib.parse
from multiprocessing import Pool
import requests
from src.common import ROOT_FOLDER
def obfuscate(entry):
input_path, output_path = entry
with open(input_path, 'r') as file:
data = file.read()
headers = {
'authority': 'www.daftlogic.com',
'accept': '*/*',
'accept-language': 'en-US,en;q=0.9,he;q=0.8,fr;q=0.7',
'content-type': 'application/x-www-form-urlencoded',
'cookie': 'PHPSESSID=29dafa2eb763cbcb11186cdbbcfc3314; _ga_6ZVKNC886B=GS1.1.1665286398.1.0.1665286398.0.0.0; _ga=GA1.1.175147361.1665286398; __cf_bm=gB4IMuUgZ8Az74pmgv2AwFVTJUOMaplVnQrpncSNpps-1665286399-0-AYS8PCyBXpfp49hS5bTxKyZ+kMpFi0N2Qlvjt3ONdyDMNG2rJgSHAyqZ0AiqN6GqXtUwYp7EDJsuVvooDQ6tjjg2jKzohM3l6v7W8/iOAqsO1xJARWlh1+6GMBqTGwvu7Q==; FCNEC=%5B%5B%22AKsRol-i1Gi2rmvKQSvp1TrIdzP4VD6g0NFyVC0zPhesxjtxxxo_bFi-jGqN6Xq967IDZMx0q2UyyMIivy7jozOXkF8Du1seYhGQ-A4VD2FSt5RzNPjqqDhvrqazTrVNNelEch0-nnOJyzYsg4hvwy0qAkCw0oC6zg%3D%3D%22%5D%2Cnull%2C%5B%5D%5D',
'origin': 'https://www.daftlogic.com',
'referer': 'https://www.daftlogic.com/projects-online-javascript-obfuscator.htm',
'sec-ch-ua': '"Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': 'Linux',
'sec-fetch-dest': 'document',
'sec-fetch-mode': 'navigate',
'sec-fetch-site': 'same-origin',
'sec-fetch-user': '?1',
'user-agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36',
}
data = 'input=' + urllib.parse.quote_plus(data)
response = requests.post('https://www.daftlogic.com/includes/ajax/jsobs.php', headers=headers, data=data)
if response.status_code != 200:
error_page = response.content
error_page = error_page.decode('utf-8')
raise Exception('failed code is {}: {}'.format(response.status_code, error_page))
response_data = response.content.decode('utf-8')
with open(output_path, 'w') as file:
file.write(response_data)
def main():
output_folder = ROOT_FOLDER + '/obfuscated_draflogic'
scripts_folder = ROOT_FOLDER + '/scripts'
pathlib.Path(output_folder).mkdir(parents=True, exist_ok=True)
jobs = []
for _, _, files_names in os.walk(scripts_folder):
for i, file_name in enumerate(sorted(files_names)):
file_path = scripts_folder + '/' + file_name
output_path = output_folder + '/' + file_name
entry = file_path, output_path
jobs.append(entry)
with Pool(20) as pool:
pool.map(obfuscate, jobs)
main()
This time we've use www.draftlogic.com, which offers a different kind of obfuscation.
We can then analyze the obfuscation results of these sites for multiple javascripts, and get some insights about methods used for obfuscations for various javascripts.
No comments:
Post a Comment