Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

issue with packer on python module #2120

Open
ILoveAmphetamines opened this issue Nov 27, 2022 · 2 comments
Open

issue with packer on python module #2120

ILoveAmphetamines opened this issue Nov 27, 2022 · 2 comments
Labels
language: javascript type: bug

Comments

@ILoveAmphetamines
Copy link

Description

I have noticed with the jsbeautifier library for python, certain code does not unpack. An example of this is:

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('f $7={H:a(2){4 B(9.7.h(y z("(?:(?:^|.*;)\\\\s*"+d(2).h(/[\\-\\.\\+\\*]/g,"\\\\$&")+"\\\\s*\\\\=\\\\s*([^;]*).*$)|^.*$"),"$1"))||G},E:a(2,q,3,6,5,t){k(!2||/^(?:8|r\\-v|o|m|p)$/i.D(2)){4 w}f b="";k(3){F(3.J){j K:b=3===P?"; 8=O, I N Q M:u:u A":"; r-v="+3;n;j L:b="; 8="+3;n;j S:b="; 8="+3.Z();n}}9.7=d(2)+"="+d(q)+b+(5?"; m="+5:"")+(6?"; o="+6:"")+(t?"; p":"");4 x},Y:a(2,6,5){k(!2||!11.C(2)){4 w}9.7=d(2)+"=; 8=12, R 10 W l:l:l A"+(5?"; m="+5:"")+(6?"; o="+6:"");4 x},C:a(2){4(y z("(?:^|;\\\\s*)"+d(2).h(/[\\-\\.\\+\\*]/g,"\\\\$&")+"\\\\s*\\\\=")).D(9.7)},X:a(){f c=9.7.h(/((?:^|\\s*;)[^\\=]+)(?=;|$)|^\\s*|\\s*(?:\\=[^;]*)?(?:\\1|$)/g,"").T(/\\s*(?:\\=[^;]*)?;\\s*/);U(f e=0;e<c.V;e++){c[e]=B(c[e])}4 c}};',62,65,'||sKey|vEnd|return|sDomain|sPath|cookie|expires|document|function|sExpires|aKeys|encodeURIComponent|nIdx|var||replace||case|if|00|domain|break|path|secure|sValue|max||bSecure|59|age|false|true|new|RegExp|GMT|decodeURIComponent|hasItem|test|setItem|switch|null|getItem|31|constructor|Number|String|23|Dec|Fri|Infinity|9999|01|Date|split|for|length|1970|keys|removeItem|toUTCString|Jan|this|Thu'.split('|'),0,{}));eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('h o=\'1A://1z-1y.1x.1w.1v/1u/1t/1s/1r.1q\';h d=s.r(\'d\');h 0=B 1p(d,{\'1o\':{\'1n\':i},\'1m\':\'16:9\',\'D\':1,\'1l\':5,\'1k\':{\'1j\':\'1i\'},1h:[\'7-1g\',\'7\',\'1f\',\'1e-1d\',\'1c\',\'D\',\'1b\',\'1a\',\'19\',\'18\',\'C\',\'17\'],\'C\':{\'15\':i}});8(!A.14()){d.13=o}x{j z={12:11,10:Z,Y:X,W:i,V:i};h c=B A(z);c.U(o);c.T(d);g.c=c}0.3("S",6=>{g.R.Q.P("O")});0.N=1;k v(b,n,m){8(b.y){b.y(n,m,M)}x 8(b.w){b.w(\'3\'+n,m)}}j 4=k(l){g.L.K(l,\'*\')};v(g,\'l\',k(e){j a=e.a;8(a===\'7\')0.7();8(a===\'f\')0.f();8(a===\'u\')0.u()});0.3(\'t\',6=>{4(\'t\')});0.3(\'7\',6=>{4(\'7\')});0.3(\'f\',6=>{4(\'f\')});0.3(\'J\',6=>{4(0.q);s.r(\'.I-H\').G=F(0.q.E(2))});0.3(\'p\',6=>{4(\'p\')});',62,99,'player|||on|sendMessage||event|play|if||data|element|hls|video||pause|window|const|true|var|function|message|eventHandler|eventName|source|ended|currentTime|querySelector|document|ready|stop|bindEvent|attachEvent|else|addEventListener|config|Hls|new|fullscreen|volume|toFixed|String|innerHTML|timestamp|ss|timeupdate|postMessage|parent|false|speed|landscape|lock|orientation|screen|enterfullscreen|attachMedia|loadSource|lowLatencyMode|enableWorker|Infinity|backBufferLength|600|maxMaxBufferLength|180|maxBufferLength|src|isSupported|iosNative||capture|airplay|pip|settings|captions|mute|time|current|progress|large|controls|kwik|key|storage|seekTime|ratio|global|keyboard|Plyr|m3u8|uwu|c989297659739b02ddedf0c686537e7b099e77360263803760baa6aaae30d465|04|stream|org|nextcdn|files|021|na|https'.split('|'),0,{}))

Expected Output

The code should have looked like this after beautification:

var $cookie = {
    getItem: function(sKey) {
        return decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*" + encodeURIComponent(sKey).replace(/[\-\.\+\*]/g, "\\$&") + "\\s*\\=\\s*([^;]*).*$)|^.*$"), "$1")) || null
    },
    setItem: function(sKey, sValue, vEnd, sPath, sDomain, bSecure) {
        if (!sKey || /^(?:expires|max\-age|path|domain|secure)$/i.test(sKey)) {
            return false
        }
        var sExpires = "";
        if (vEnd) {
            switch (vEnd.constructor) {
                case Number:
                    sExpires = vEnd === Infinity ? "; expires=Fri, 31 Dec 9999 23:59:59 GMT" : "; max-age=" + vEnd;
                    break;
                case String:
                    sExpires = "; expires=" + vEnd;
                    break;
                case Date:
                    sExpires = "; expires=" + vEnd.toUTCString();
                    break
            }
        }
        document.cookie = encodeURIComponent(sKey) + "=" + encodeURIComponent(sValue) + sExpires + (sDomain ? "; domain=" + sDomain : "") + (sPath ? "; path=" + sPath : "") + (bSecure ? "; secure" : "");
        return true
    },
    removeItem: function(sKey, sPath, sDomain) {
        if (!sKey || !this.hasItem(sKey)) {
            return false
        }
        document.cookie = encodeURIComponent(sKey) + "=; expires=Thu, 01 Jan 1970 00:00:00 GMT" + (sDomain ? "; domain=" + sDomain : "") + (sPath ? "; path=" + sPath : "");
        return true
    },
    hasItem: function(sKey) {
        return (new RegExp("(?:^|;\\s*)" + encodeURIComponent(sKey).replace(/[\-\.\+\*]/g, "\\$&") + "\\s*\\=")).test(document.cookie)
    },
    keys: function() {
        var aKeys = document.cookie.replace(/((?:^|\s*;)[^\=]+)(?=;|$)|^\s*|\s*(?:\=[^;]*)?(?:\1|$)/g, "").split(/\s*(?:\=[^;]*)?;\s*/);
        for (var nIdx = 0; nIdx < aKeys.length; nIdx++) {
            aKeys[nIdx] = decodeURIComponent(aKeys[nIdx])
        }
        return aKeys
    }
};
const source = 'https://na-021.files.nextcdn.org/stream/04/c989297659739b02ddedf0c686537e7b099e77360263803760baa6aaae30d465/uwu.m3u8';
const video = document.querySelector('video');
const player = new Plyr(video, {
    'keyboard': {
        'global': true
    },
    'ratio': '16:9',
    'volume': 1,
    'seekTime': 5,
    'storage': {
        'key': 'kwik'
    },
    controls: ['play-large', 'play', 'progress', 'current-time', 'mute', 'volume', 'captions', 'settings', 'pip', 'airplay', 'fullscreen', 'capture'],
    'fullscreen': {
        'iosNative': true
    }
});
if (!Hls.isSupported()) {
    video.src = source
} else {
    var config = {
        maxBufferLength: 180,
        maxMaxBufferLength: 600,
        backBufferLength: Infinity,
        enableWorker: true,
        lowLatencyMode: true
    };
    const hls = new Hls(config);
    hls.loadSource(source);
    hls.attachMedia(video);
    window.hls = hls
}
player.on("enterfullscreen", event => {
    window.screen.orientation.lock("landscape")
});
player.speed = 1;

function bindEvent(element, eventName, eventHandler) {
    if (element.addEventListener) {
        element.addEventListener(eventName, eventHandler, false)
    } else if (element.attachEvent) {
        element.attachEvent('on' + eventName, eventHandler)
    }
}
var sendMessage = function(message) {
    window.parent.postMessage(message, '*')
};
bindEvent(window, 'message', function(e) {
    var data = e.data;
    if (data === 'play') player.play();
    if (data === 'pause') player.pause();
    if (data === 'stop') player.stop()
});
player.on('ready', event => {
    sendMessage('ready')
});
player.on('play', event => {
    sendMessage('play')
});
player.on('pause', event => {
    sendMessage('pause')
});
player.on('timeupdate', event => {
    sendMessage(player.currentTime);
    document.querySelector('.ss-timestamp').innerHTML = String(player.currentTime.toFixed(2))
});
player.on('ended', event => {
    sendMessage('ended')
});

Actual Output

The code actually looked like this after beautification:

Traceback (most recent call last):
  File "/home/itori/prettifier/meow.py", line 7, in <module>
    res = jsbeautifier.beautify(meow, opts)
  File "/home/itori/.local/lib/python3.10/site-packages/jsbeautifier/__init__.py", line 82, in beautify
    return b.beautify(string, opts)
  File "/home/itori/.local/lib/python3.10/site-packages/jsbeautifier/javascript/beautifier.py", line 185, in beautify
    source_text = self.unpack(source_text, self._options.eval_code)
  File "/home/itori/.local/lib/python3.10/site-packages/jsbeautifier/javascript/beautifier.py", line 274, in unpack
    return unpackers.run(source, evalcode)
  File "/home/itori/.local/lib/python3.10/site-packages/jsbeautifier/unpackers/__init__.py", line 50, in run
    source = unpacker.unpack(source)
  File "/home/itori/.local/lib/python3.10/site-packages/jsbeautifier/unpackers/packer.py", line 72, in unpack
    source = re.sub(r"\b\w+\b", lookup, payload, flags=re.ASCII)
  File "/usr/lib/python3.10/re.py", line 209, in sub
    return _compile(pattern, flags).sub(repl, string, count)
  File "/home/itori/.local/lib/python3.10/site-packages/jsbeautifier/unpackers/packer.py", line 66, in lookup
    return symtab[unbase(word)] or word
IndexError: list index out of range

Steps to Reproduce

Simply use this code provided above and try to run it

import jsbeautifier

meow = """eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('f $7={H:a(2){4 B(9.7.h(y z("(?:(?:^|.*;)\\\\s*"+d(2).h(/[\\-\\.\\+\\*]/g,"\\\\$&")+"\\\\s*\\\\=\\\\s*([^;]*).*$)|^.*$"),"$1"))||G},E:a(2,q,3,6,5,t){k(!2||/^(?:8|r\\-v|o|m|p)$/i.D(2)){4 w}f b="";k(3){F(3.J){j K:b=3===P?"; 8=O, I N Q M:u:u A":"; r-v="+3;n;j L:b="; 8="+3;n;j S:b="; 8="+3.Z();n}}9.7=d(2)+"="+d(q)+b+(5?"; m="+5:"")+(6?"; o="+6:"")+(t?"; p":"");4 x},Y:a(2,6,5){k(!2||!11.C(2)){4 w}9.7=d(2)+"=; 8=12, R 10 W l:l:l A"+(5?"; m="+5:"")+(6?"; o="+6:"");4 x},C:a(2){4(y z("(?:^|;\\\\s*)"+d(2).h(/[\\-\\.\\+\\*]/g,"\\\\$&")+"\\\\s*\\\\=")).D(9.7)},X:a(){f c=9.7.h(/((?:^|\\s*;)[^\\=]+)(?=;|$)|^\\s*|\\s*(?:\\=[^;]*)?(?:\\1|$)/g,"").T(/\\s*(?:\\=[^;]*)?;\\s*/);U(f e=0;e<c.V;e++){c[e]=B(c[e])}4 c}};',62,65,'||sKey|vEnd|return|sDomain|sPath|cookie|expires|document|function|sExpires|aKeys|encodeURIComponent|nIdx|var||replace||case|if|00|domain|break|path|secure|sValue|max||bSecure|59|age|false|true|new|RegExp|GMT|decodeURIComponent|hasItem|test|setItem|switch|null|getItem|31|constructor|Number|String|23|Dec|Fri|Infinity|9999|01|Date|split|for|length|1970|keys|removeItem|toUTCString|Jan|this|Thu'.split('|'),0,{}));eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('h o=\'1A://1z-1y.1x.1w.1v/1u/1t/1s/1r.1q\';h d=s.r(\'d\');h 0=B 1p(d,{\'1o\':{\'1n\':i},\'1m\':\'16:9\',\'D\':1,\'1l\':5,\'1k\':{\'1j\':\'1i\'},1h:[\'7-1g\',\'7\',\'1f\',\'1e-1d\',\'1c\',\'D\',\'1b\',\'1a\',\'19\',\'18\',\'C\',\'17\'],\'C\':{\'15\':i}});8(!A.14()){d.13=o}x{j z={12:11,10:Z,Y:X,W:i,V:i};h c=B A(z);c.U(o);c.T(d);g.c=c}0.3("S",6=>{g.R.Q.P("O")});0.N=1;k v(b,n,m){8(b.y){b.y(n,m,M)}x 8(b.w){b.w(\'3\'+n,m)}}j 4=k(l){g.L.K(l,\'*\')};v(g,\'l\',k(e){j a=e.a;8(a===\'7\')0.7();8(a===\'f\')0.f();8(a===\'u\')0.u()});0.3(\'t\',6=>{4(\'t\')});0.3(\'7\',6=>{4(\'7\')});0.3(\'f\',6=>{4(\'f\')});0.3(\'J\',6=>{4(0.q);s.r(\'.I-H\').G=F(0.q.E(2))});0.3(\'p\',6=>{4(\'p\')});',62,99,'player|||on|sendMessage||event|play|if||data|element|hls|video||pause|window|const|true|var|function|message|eventHandler|eventName|source|ended|currentTime|querySelector|document|ready|stop|bindEvent|attachEvent|else|addEventListener|config|Hls|new|fullscreen|volume|toFixed|String|innerHTML|timestamp|ss|timeupdate|postMessage|parent|false|speed|landscape|lock|orientation|screen|enterfullscreen|attachMedia|loadSource|lowLatencyMode|enableWorker|Infinity|backBufferLength|600|maxMaxBufferLength|180|maxBufferLength|src|isSupported|iosNative||capture|airplay|pip|settings|captions|mute|time|current|progress|large|controls|kwik|key|storage|seekTime|ratio|global|keyboard|Plyr|m3u8|uwu|c989297659739b02ddedf0c686537e7b099e77360263803760baa6aaae30d465|04|stream|org|nextcdn|files|021|na|https'.split('|'),0,{}))"""
opts = jsbeautifier.default_options()
opts.indent_size = 2
opts.space_in_empty_paren = True
res = jsbeautifier.beautify(meow, opts)
print(res)

Environment

OS: EndeavourOS (Linux Distro)
@amanakhtar78
Copy link

Hay there, I am new to open source, can you please mentor me and assign me some new basic issue which I can solve and give back to this open source community.

@bitwiseman
Copy link
Member

I'm sorry, I don't have the bandwidth to mentor you at this time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
language: javascript type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bitwiseman @ILoveAmphetamines @amanakhtar78