There is a website "obfuscator.io", which obfuscates Javascript code. One of its functions is "Self-Defending". It turns a simple console.log() line into this:

var _0x2a3a06=function(){var _0x409993=!![];return function(_0xe0f537,_0x527a96){var _0x430fdb=_0x409993?function(){if(_0x527a96){var _0x154d06=_0x527a96['apply'](_0xe0f537,arguments);_0x527a96=null;return _0x154d06;}}:function(){};_0x409993=![];return _0x430fdb;};}();var _0x165132=_0x2a3a06(this,function(){var _0x46b23c=function(){var _0x4c0e23=_0x46b23c['constructor']('return\x20/\x22\x20+\x20this\x20+\x20\x22/')()['constructor']('^([^\x20]+(\x20+[^\x20]+)+)+[^\x20]}');return!_0x4c0e23['test'](_0x165132);};return _0x46b23c();});_0x165132();console['log']();

The code does work in Webkit Console, but when you beautify it using an application like "beautifier.io" or "de4js" and run it in the same console again, the code enters an infinite loop, essentially breaking the code. How does this work? Does it have something to do with the way beautifiers work, or with the way Javascript interpretes code?

There is a website "obfuscator.io", which obfuscates Javascript code. One of its functions is "Self-Defending". It turns a simple console.log() line into this:

var _0x2a3a06=function(){var _0x409993=!![];return function(_0xe0f537,_0x527a96){var _0x430fdb=_0x409993?function(){if(_0x527a96){var _0x154d06=_0x527a96['apply'](_0xe0f537,arguments);_0x527a96=null;return _0x154d06;}}:function(){};_0x409993=![];return _0x430fdb;};}();var _0x165132=_0x2a3a06(this,function(){var _0x46b23c=function(){var _0x4c0e23=_0x46b23c['constructor']('return\x20/\x22\x20+\x20this\x20+\x20\x22/')()['constructor']('^([^\x20]+(\x20+[^\x20]+)+)+[^\x20]}');return!_0x4c0e23['test'](_0x165132);};return _0x46b23c();});_0x165132();console['log']();

The code does work in Webkit Console, but when you beautify it using an application like "beautifier.io" or "de4js" and run it in the same console again, the code enters an infinite loop, essentially breaking the code. How does this work? Does it have something to do with the way beautifiers work, or with the way Javascript interpretes code?

• javascript
• obfuscation

Share Improve this question Follow asked Oct 29, 2020 at 0:18 NekoseriNekoseri 10511 silver badge77 bronze badges

Add a ment  | 

2 Answers 2

Sorted by: Reset to default 10

Running the code through a beautifier as you did and then applying some basic variable renaming and un-escaping yields the following code:

var makeRun = function() {
    var firstMakeRun = true;
    return function(global, callback) {
        var run = firstMakeRun ? function() {
            if (callback) {
                var result = callback['apply'](global, arguments);
                callback = null;
                return result;
            }
        } : function() {};
        firstMakeRun = false;
        return run;
    };
}();
var run = makeRun(this, function() {
    var fluff = function() {
        var regex = fluff['constructor']('return /" + this + "/')()['constructor']('^([^ ]+( +[^ ]+)+)+[^ ]}');
        return !regex['test'](run);
    };
    return fluff();
});
run();
console['log']()

The important part is where it tests the regex /^([^ ]+( +[^ ]+)+)+[^ ]}/ against the run function itself, doing an implicit run.toString().

Now where is the infinite loop? There is none, but that regular expression, applied to a string that contains a lot of spaces, does exhibit catastrophic backtracking. Try running the code indented with tabs instead of spaces, and it'll work just fine - the regex matches as long as your run function doesn't contain multiple spaces after each other, and no space in front of the closing }.

For example, it can call .toString() method of some function objects, so if its somehow refactored, output is not the same.