JS reverse engineering: common infinite debuggers and bypass methods

Language 2023-10-01 09:13:39 views: null

JS reverse engineering: common infinite debuggers and bypass methods

Infinite debbuggerdoes not really create an infinite loop, but executes logic regularly, usually using a timer.

1. Classification

1.1 Follow the code logic
1.1.1 Infinite loop
  • while loop
  • for loop
1.1.2 Recursion

The function containing debuggercalls itself

1.1.3 Loop calls between methods
1.1.4 Timer

In JS 定时器, setIntervalparameters: the first parameter is the code to be executed regularly, and the second parameter is the time.

The following code uses a timer to implement debugger operations:

var ss = document.getElementById('box')
function ff() {
    
    
   debugger;
}
setInterval(ff,100);

Timer1.png

You can see that it will break here when debugging, and 继续执行脚本it will always break here when clicking at the same time. Infinite debugger is realized here.

1.2. Is the code confusing?
1.2.1 No confusion

Use plain text code directly without obfuscation

For example, the plaintext code used in the above example is not obfuscated.

debugger
1.2.2 Can be confused (can be slightly confused)

That is, eval cooperates with debugger

The eval() function evaluates a JavaScript string and executes it as script code.
If the argument is an expression, the eval() function will execute the expression. If the argument is a Javascript statement, eval() will execute the Javascript statement.

eval(debugger;)
1.2.3 Can be heavily obfuscated

Here you can confuse keywords such as constructor, debugger, call, apply, etc. to increase the difficulty of debugging.action

Function("debugger;").call()/apply()
或者
variable = Function("debugger;")
variable();

xxx.constructor("debugger").call("action")

Fuction.constructor("debugger").call("action")

(function(){return !![];}["constructor"]("debugger")["call"]("action"))

['constructor']('debugger')['call']('action') : function() {return ![];}

2. Bypass debugger method

2.1 Cancel all breakpoints

As shown in the picture, but the disadvantage of this operation is that other required breakpoints cannot be used.

Disable breakpoints.png

2.2 Use一律不在此处暂停

Right-click on the line number of the JS code debugger 一律不在此处暂停, and an orange breakpoint mark will be added in front of the corresponding line.

Never pause here.png

2.3 Add conditional breakpoints

At the line number of the JS code debugger, right-click to add a conditional breakpoint, with the condition set to false.

conditional breakpoint.png

2.4 Space

The reason for the infinite debugger is caused by this function, so we can rewrite this function to make the infinite debugger invalid.

Note: Must be before debugger enters

2.4.1 Execute function blank
function ff(){}

Execute function blank.png

2.4.2 Clear timer
setInterval = function(){}

timer blank.png

2.5 Modify response file

Save JSthe file to local modifications. The modification scope is mainly to delete or rewrite the debugger-related code. You can use file replacement and packet capture tools to intercept.

replace1.png

2.5 Inject code into JSfiles
2.5.1 Hook constructor

Just inject it in the console

Site: https://www.qizhidao.com/check?searchKey=%E4%BA%BA%E5%B7%A5%E6%99%BA%E8%83%BD&tagNum=1&fromRoutePage=check

var _constructor = constructor;
Function.prototype.constructor = function(s) {
    
    
    
    if ( s== "debugger") {
    
    
        console.log(s);
        return null;
    }
    return _constructor(s);
}
2.5.2 Hook function
F_ = Function
Function = function(s){
    
    
    if (s!=='debugger'){
    
    return F_(s)}
}
2.5.3 Hook eval function
eval_ = eval;
//下面为了过瑞数的 eval.toString 检测
eval = function(a){if(a=='debugger'){return ''}else{return eval_(a)}}
2.5.4 Hook console.log

In order to prevent console.log from being rewritten during debugging, you can also hook console.log at this time, and then restore console.log to the position where console.log cannot be printed normally.

  • Hook console.log
console.log_ = console.log
  • Restore console.log
console.log = console.log_
2.5.5 Hook setInterval function
  • Business code has nothing to do with setInterval – just leave it blank
setInterval = function(){}
  • Business code is related to setInterval
_setInterval = setInterval
setInterval = function(a,b){
    if(a.toString().indexOf('debugger') == -1){
      return null;
    }
    _setInterval(a, b)
}
  • Business code is related to setInterval
_setInterval = setInterval
setInterval = function(a,b){
    if(a.toString().indexOf('debugger') == -1){
      return null;
    }
    _setInterval(a, b)
}

Guess you like

Origin blog.csdn.net/wtchhb/article/details/129664738
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com