neige d'aoust

knowledge, art, and other stuff

User Tools

Site Tools

Trace: symbolicjs
symbolicjs

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
symbolicjs [2025/05/12 02:23] Yukisymbolicjs [2025/05/12 21:22] (current) Yuki
Line 1: Line 1:
-====== Notes on JavaScipt obfuscation ======+====== SymbolicJS: notes on JavaScript obfuscation ======
  
 Inspired by JSFuck, but here's the rules: Inspired by JSFuck, but here's the rules:
Line 33: Line 33:
  
 ===== Build a basic alphabet ===== ===== Build a basic alphabet =====
 +
 +We can use variables, but only those whose name contains `$` and `_` so we'll use some sort of morse code-based encoding, with `$`=>`.` and `_`=>`-`, and a prefix to differentiate lowercase and uppercase:
  
 ^ ^code^ ^ ^code^
Line 56: Line 58:
 |space|''%%____$=`${{}}`[-~-~-~-~-~-~!``]%%''| |space|''%%____$=`${{}}`[-~-~-~-~-~-~!``]%%''|
  
-===== Build function =====+Actually, we can just use the ''[a,b]="ab"'' notation to make it way shorter. Note that using ''+[]'' or ''+``'' is now shorter due to the lack of need of parentheses. 
 + 
 +<code javascript> 
 +[,$___,$_$$$,$$___,$$,$_$_,$_,____$,____]={}+[], // o,b,j,e,c,t,space,
 +[$$$_$,$$_,$$_$$,$$$$]=![]+[], // f,a,l,s 
 +[,$$_$]=!``+[], // r 
 +[__$]=-`!`+[], // N 
 +[,_$$,$_$,,$$$,,,,$_$__]=~[]/[]+[], // I,n,i,y 
 +[$$$_,,$_$$]=[][[]]+[] // u,d 
 +</code> 
 + 
 +Of course, few of those are not needed, can be removed if you don't need them, and those identifiers can always be shorter. We need at least enough to spell ''constructor'' and ''return btoa''. Here's the minimum: 
 + 
 +<code javascript> 
 +[,$___,$_$$$,,$$,$_$_$,$_,____$]={}+[], // o,b,e,c,t,space 
 +[,$$_,,$$$$]=![]+[], // a,s 
 +[,$$_$]=!``+[], // r 
 +[$$$_,$_$]=[][[]]+[], // u,n 
 +</code> 
 + 
 +<note>Note that we need the ''l'' for ''console.log'', and I'll put it back here, but it's shorter to move the ''i'' to the ''btoa'' call later in this document.</note> 
 + 
 +===== Execute arbitrary code ===== 
 + 
 +Now we have enough letters to execute arbitrary code: 
 + 
 +<code javascript> 
 +$=(_=>_)["constructor"] // returns Function 
 +</code>
  
 <code javascript> <code javascript>
 $=(_=>_)[$_$_$+$___+$_$+$$$$+$_+$$_$+$$$_+$_$_$+$_+$___+$$_$] $=(_=>_)[$_$_$+$___+$_$+$$$$+$_+$$_$+$$$_+$_$_$+$_+$___+$$_$]
 </code> </code>
 +
 +===== Build more letters =====
 +
 +We can then use `btoa` to get a lot of the letters we're missing, most notably ''h'' and ''i'' to spell ''return this'', and the ''g'' from ''log''.
 +
 +<code javascript>
 +[K,i,g,h]=Function("return btoa")()`*(!` // returns 'Kigh'
 +</code>
 +
 +<code javascript>
 +[,$$$,$__$,$$$$$]=$((_=$$_$+$$+$_+$$$_+$$_$+$_$+____$)+$_$$$+$_+$___+$$_)()`*(!`
 +</code>
 +
 +<note>
 +It's useful to save ''"return "'' for later here. You might want to use another variable name, though.
 +</note>
  
 ===== Build the global object ===== ===== Build the global object =====
  
 <code javascript> <code javascript>
-$$$$$=$(`${$$_$+$$+$_+$$$_+$$_$+$_$+____$+$_$$$+$_+$___+$$_}\`${$$+$$+$$_}\``)()[-~-~!``] +_=Function("return this")() 
-_=$($$_$+$$+$_+$$$_+$$_$+$_$+____$+$_+$$$$$+$$$+$$$$)()+</code> 
 + 
 +<code javascript> 
 +_=$(_+$_+$$$$$+$$$+$$$$)() 
 +</code> 
 + 
 +===== Access global variables and run some code ===== 
 + 
 +<code javascript> 
 +_["console"]["log"]("hello"
 +</code> 
 + 
 +<code javascript> 
 +_[$_$_$+$___+$_$+$$$$+$___+$$_$$+$$][$$_$$+$___+$__$]($$$$$+$$+$$_$$+$$_$$+$___) 
 +</code> 
 + 
 +===== console.log example ===== 
 + 
 +<code javascript> 
 +[,$___,$_$$$,,$$,$_$_$,$_,____$]={}+[], // o b e c t space 
 +[,$$_,$$_$$,$$$$]=![]+[], // a l s 
 +[,$$_$]=!``+[], // r 
 +[$$$_,$_$]=[][[]]+[], // u n 
 +$=(_=>_)[$_$_$+$___+$_$+$$$$+$_+$$_$+$$$_+$_$_$+$_+$___+$$_$], // $=Function 
 +[,$$$,$__$,$$$$$]=$($$_$+$$+$_+$$$_+$$_$+$_$+____$+$_$$$+$_+$___+$$_)()`*(!` // i g h 
 +$($$_$+$$+$_+$$$_+$$_$+$_$+____$+$_+$$$$$+$$$+$$$$)() // $("return this")() 
 +[$_$_$+$___+$_$+$$$$+$___+$$_$$+$$][$$_$$+$___+$__$]($$$$$+$$+$$_$$+$$_$$+$___) // console.log("hello"
 +</code> 
 + 
 +<code javascript> 
 +[,$___,$_$$$,,$$,$_$_$,$_,____$]={}+[],[,$$_,$$_$$,$$$$]=![]+[],[,$$_$]=!``+[],[$$$_,$_$]=[][[]]+[],$=(_=>_)[$_$_$+$___+$_$+$$$$+$_+$$_$+$$$_+$_$_$+$_+$___+$$_$],[,$$$,$__$,$$$$$]=$($$_$+$$+$_+$$$_+$$_$+$_$+____$+$_$$$+$_+$___+$$_)()`*(!`,$($$_$+$$+$_+$$$_+$$_$+$_$+____$+$_+$$$$$+$$$+$$$$)()[$_$_$+$___+$_$+$$$$+$___+$$_$$+$$][$$_$$+$___+$__$]($$$$$+$$+$$_$$+$$_$$+$___)
 </code> </code>
symbolicjs.1747030997.txt.gz · Last modified: by Yuki

Page Tools