gulp-javascript-obfuscator icon indicating copy to clipboard operation
gulp-javascript-obfuscator copied to clipboard

Published 20 hours ago verified publisher icon javascript-obfuscator

Parenthesis removed, resulting in altered execution

Open greg00000 opened this issue 5 years ago • 2 comments

var obj = {val:true} alert( true  ||  (true &&  obj.value == true))  //true alert( true  ||  true &&  obj.value == true)  //false    becomes   var obj = { 'val': !![] }; alert(!![] || !![] && obj['value'] == !![]); //false alert(!![] || !![] && obj['value'] == !![]); //false

Tested in Adobe ESTK after running Gulp with the following options: { compact: false, controlFlowFlattening: false, //KILLS JSX deadCodeInjection: false, //KILLS JSX disableConsoleOutput: false, identifierNamesGenerator: 'mangled', renameGlobals: false, selfDefending: false, sourceMap: false, stringArray: false, rotateStringArray: false, stringArrayEncoding: false, splitStrings: false, transformObjectKeys: false, unicodeEscapeSequence: false }

greg00000 avatar Jan 08 '20 01:01 greg00000

Here's another example where removal of parenthesis causes nested ternary to fail...

Original: var shouldBeTrue = true ? (true? true : false) : false alert( shouldBeTrue ) //true

Obfuscated: var shouldBeTrue = !![] ? !![] ? !![] : ![] : ![]; alert(shouldBeTrue); //error

Thanks!

greg00000 avatar Jan 08 '20 01:01 greg00000

Also tested this at https://obfuscator.io/ and the removal of the parenthesis there is ok. Again, probably a matter of older ECMAscript, but without at least an option to leave the parenthesis alone during obfuscation, a lot of code will fail with Adobe products.

Also, my example would probably be more clear as: alert( true || (true && "undefined" == true)) //true in ESTK alert( true || true && "undefined" == true) //false in ESTK,

greg00000 avatar Jan 08 '20 02:01 greg00000