Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: Cannot read properties of undefined (reading 'charAt') #113

Open
ohnnnooo opened this issue Sep 19, 2024 · 1 comment
Open

Error: Cannot read properties of undefined (reading 'charAt') #113

ohnnnooo opened this issue Sep 19, 2024 · 1 comment
Labels
bug Something isn't working deobfuscate

Comments

@ohnnnooo
Copy link

Describe the bug

Getting Error: Cannot read properties of undefined (reading 'charAt') when using https://webcrack.netlify.app/ to deobfuscate

Expected Behaviour

Deobfuscate

Code

https://abs.twimg.com/responsive-web/client-web/ondemand.s.d0ac096a.js

Logs

No response
@ohnnnooo ohnnnooo added the bug Something isn't working label Sep 19, 2024
@0xdevalias
Copy link

0xdevalias commented Sep 25, 2024
edited
Loading

Full error/stack:

DeobfuscateContext.tsx:55 Error: Cannot read properties of undefined (reading 'charAt')
    at c.onmessage (index.js:235:53)
(anonymous) @ DeobfuscateContext.tsx:55

Which seems to correspond to this section of the code:

webcrack/apps/playground/src/context/DeobfuscateContext.tsx

Lines 48 to 56 in 404a331

worker.onmessage = ({ data }: MessageEvent<WorkerResponse>) => {
if (data.type === 'sandbox') {
evalCode(data.code)
.then((result) => postMessage({ type: 'sandbox', result }))
.catch((error) => {
cancelDeobfuscate();
setAlert(String(error));
console.error(error);
});

Specifically that error seems to come from evalCode:

webcrack/apps/playground/src/sandbox.ts

Lines 11 to 17 in 404a331

export async function evalCode(code: string) {
const fn = await sandbox.addFunction(`() => ${code}`);
return Promise.race([
fn(),
sleep(10_000).then(() => Promise.reject(new Error('Sandbox timeout'))),
]).finally(() => sandbox.removeFunction(fn));
}

At a bit of an informed guess, I believe that is being triggered by this section of sandbox code as passed into the main webcrack function:

webcrack/apps/playground/src/webcrack.worker.ts

Lines 26 to 54 in 404a331

self.onmessage = async ({ data }: MessageEvent<WorkerRequest>) => {
if (data.type !== 'deobfuscate') return;
// worker->window->sandybox because it accesses the DOM, which is not available in workers
const sandbox: Sandbox = (code) => {
return new Promise((resolve) => {
self.addEventListener('message', onSandboxResponse);
postMessage({ type: 'sandbox', code });
function onSandboxResponse({ data }: MessageEvent<WorkerRequest>) {
if (data.type === 'sandbox') {
self.removeEventListener('message', onSandboxResponse);
resolve(data.result);
}
}
});
};
function onProgress(value: number) {
postMessage({ type: 'progress', value });
}
try {
const result = await webcrack(data.code, {
sandbox,
onProgress,
...data.options,
mangle: convertMangleMode(data.options.mangleMode),
});

With options.sandbox passed to applyTransformAsync here as part of options.deobfuscate:

webcrack/packages/webcrack/src/index.ts

Lines 158 to 159 in 404a331

options.deobfuscate &&
(() => applyTransformAsync(ast, deobfuscate, options.sandbox)),

And applyTransformAsync is defined here:

webcrack/packages/webcrack/src/ast-utils/transform.ts

Lines 7 to 21 in 404a331

export async function applyTransformAsync<TOptions>(
ast: Node,
transform: AsyncTransform<TOptions>,
options?: TOptions,
): Promise<TransformState> {
logger(`${transform.name}: started`);
const state: TransformState = { changes: 0 };
await transform.run?.(ast, state, options);
if (transform.visitor)
traverse(ast, transform.visitor(options), undefined, state);
logger(`${transform.name}: finished with ${state.changes} changes`);
return state;
}

As a naive guess, I think this may be caused by one of the 'deobfuscate' rules that relies on eval'ing the code; and presumably that code doesn't execute properly in eval in whatever state it is when it's being run (eg. maybe because it relies on not being unminified/etc at that point)

It looks like when this error is hit, the whole deobfuscate process may bail out. I haven't looked too deeply, but I wonder if it would be possible to skip the eval part when it errors out, or return the partially decrypted code at that point or similar?

I wonder if it also might be helpful to add some extra context to that evalCode catch within DeobfuscateContext.tsx so that it makes it more obvious that the error comes from trying to eval the minified code, and not from a bug in webcrack itself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working deobfuscate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@0xdevalias @j4k0xb @ohnnnooo