Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Old FF: `ReferenceError: _0xXXXXXX is not defined` #195

Closed
irudoy opened this issue Feb 16, 2018 · 20 comments

Comments

Projects
None yet
3 participants
@irudoy
Copy link

commented Feb 16, 2018

Sometimes, everything breaks down in the Firefox, with an error ReferenceError: _0x143f35 is not defined, for example. Reproduces in Firefox 43.0 and other versions maybe.

The last time the problem was there:
ReferenceError: _0x143f35 is not defined

if (/* (...) */ false) {
    // (...)
} else {
    var _0x2c7b7e = _0xe6bc0b[_0xef93('0xa6')](_0x1342f8, 1);
    var _0x5d86a1 = _0xe6bc0b[_0xef93('0xa7')](_0x143f35, _0x2c7b7e);
    var _0x160cc7 = _0x1342f8(3);
    var _0xd745f9 = _0xe6bc0b[_0xef93('0xa7')](_0x143f35, _0x160cc7);
    function _0x143f35(_0x3bedbb) {
        return _0x3bedbb && _0x3bedbb[_0xef93('0x103')] ? _0x3bedbb : {
            'default': _0x3bedbb
        };
    }
    // (...)
}

Seems like this piece of code was obfuscated incorrectly:

// getDefaultExport function for compatibility with non-harmony modules
/******/ 	__webpack_require__.n = function(module) {
/******/ 		var getter = module && module.__esModule ?
/******/ 			function getDefault() { return module['default']; } :
/******/ 			function getModuleExports() { return module; };
/******/ 		__webpack_require__.d(getter, 'a', getter);
/******/ 		return getter;
/******/ 	};

Relative:
https://gist.github.com/spjwebster/1074866/b217e429701bff1f5990e34bfd00c249b6f7859a
https://stackoverflow.com/questions/29812849/firefox-function-hoisting-error

My config:

{
    compact: true,
    controlFlowFlattening: true,
    controlFlowFlatteningThreshold: 0.75,
    deadCodeInjection: true,
    deadCodeInjectionThreshold: 0.3,
    debugProtection: false,
    disableConsoleOutput: false,
    log: false,
    identifierNamesGenerator: 'hexadecimal',
    renameGlobals: false,
    reservedNames: [],
    seed: 1,
    selfDefending: false,
    stringArray: true,
    rotateStringArray: true,
    stringArrayEncoding: true,
    stringArrayThreshold: 1,
    target: 'browser',
    unicodeEscapeSequence: true,
    transformObjectKeys: true,
}
@sanex3339

This comment has been minimized.

Copy link
Collaborator

commented Feb 16, 2018

Interesting behaviour with firefox

@irudoy

This comment has been minimized.

Copy link
Author

commented Feb 16, 2018

@sanex3339 can we prevent hoisting in blocks?

@sanex3339

This comment has been minimized.

Copy link
Collaborator

commented Feb 16, 2018

// getDefaultExport function for compatibility with non-harmony modules
/******/ 	__webpack_require__.n = function(module) {
/******/ 		var getter = module && module.__esModule ?
/******/ 			function getDefault() { return module['default']; } :
/******/ 			function getModuleExports() { return module; };
/******/ 		__webpack_require__.d(getter, 'a', getter);
/******/ 		return getter;
/******/ 	};

Code above is not the same as obfuscated code. Can you try to find source of the obfuscated code by finding expressions with 3 number?

_0x1342f8(3);

I need to see original code part

@sanex3339

This comment has been minimized.

Copy link
Collaborator

commented Feb 16, 2018

At first look - this wont work because of firefox bug with scope-hoisting and dead code injection that wrapping all statements inside block scope into if () {} else {} statements, so after wrapping this bug will happen.

From my side only thing that i can do is to check block scope on scope hoisting inside it. And if scope-hoisting is existing - this block scope shouldn't be wrapped inside dead code injection condition.

@irudoy

This comment has been minimized.

Copy link
Author

commented Feb 16, 2018

Found

/***/ (function(module, exports, __webpack_require__) {

"use strict";
/* WEBPACK VAR INJECTION */(function(global) {

var _charsMap = __webpack_require__(1);

var _charsMap2 = _interopRequireDefault(_charsMap);

var _getFlag = __webpack_require__(3);

var _getFlag2 = _interopRequireDefault(_getFlag);

function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }```

@sanex3339 sanex3339 added this to the 0.14.2 milestone Feb 16, 2018

@sanex3339 sanex3339 added the bug label Feb 16, 2018

@sanex3339

This comment has been minimized.

Copy link
Collaborator

commented Feb 16, 2018

I like this bug, very interesting behaviour.

@sanex3339

This comment has been minimized.

Copy link
Collaborator

commented Feb 16, 2018

So, until fix you can just disable deadCodeInjection option.

@irudoy

This comment has been minimized.

Copy link
Author

commented Feb 16, 2018

It will be great, if there is any solution. Anyway, thanks for the quick response!
For now, I changed deadCodeInjectionThreshold slightly. It will work until the next changes in source.

@sanex3339

This comment has been minimized.

Copy link
Collaborator

commented Feb 17, 2018

Can you test version from master branch with fix?

@irudoy

This comment has been minimized.

Copy link
Author

commented Feb 17, 2018

@sanex3339 unfortunately, still reproduces

if (_0x382204[_0xef93('0x1cb')](_0x382204[_0xef93('0x1f0')], _0xef93('0xaa'))) {
    var _0x22f86f = _0x382204[_0xef93('0x1f1')](_0x4e4ff5, 0x1);
    var _0x202f36 = _0x382204[_0xef93('0x1f1')](_0x1426cc, _0x22f86f);
    var _0x20f66e = _0x4e4ff5(0x3);
    var _0x78c491 = _0x382204[_0xef93('0x1f2')](_0x1426cc, _0x20f66e);
    function _0x1426cc(_0x3a2264) {
        return _0x3a2264 && _0x3a2264[_0xef93('0x24')] ? _0x3a2264 : { 'default': _0x3a2264 };
    }
    ...
}
@sanex3339

This comment has been minimized.

Copy link
Collaborator

commented Feb 17, 2018

Looks like i know what is the problem after previous fix.

@sanex3339

This comment has been minimized.

Copy link
Collaborator

commented Feb 17, 2018

Yep, fixed it. I'll push it into master in 30 minutes.

@sanex3339 sanex3339 closed this in 71f5d43 Feb 17, 2018

@sanex3339 sanex3339 reopened this Feb 17, 2018

@sanex3339

This comment has been minimized.

Copy link
Collaborator

commented Feb 17, 2018

Please, try again

@irudoy

This comment has been minimized.

Copy link
Author

commented Feb 17, 2018

Works just fine. Thank you!
Waiting for release 😄

@irudoy irudoy closed this Feb 17, 2018

@sanex3339

This comment has been minimized.

Copy link
Collaborator

commented Feb 17, 2018

I'll release it today or tomorrow

@sanex3339

This comment has been minimized.

Copy link
Collaborator

commented Feb 17, 2018

I'll reopened it until release

@sanex3339 sanex3339 reopened this Feb 17, 2018

@sanex3339

This comment has been minimized.

Copy link
Collaborator

commented Feb 18, 2018

javascript-obfuscator@0.14.3 just out

@sanex3339 sanex3339 closed this Feb 18, 2018

@sanex3339 sanex3339 added the fixed label Feb 18, 2018

@1-Imperialdramon-1

This comment has been minimized.

Copy link

commented Feb 26, 2018

Hi, I have same error.
Now I'm using javascript-obfuscator 0.14.3, and I'm still getting error.

I tried using:
deadCodeInjection: false
mangle: false
and the problem still occurs.

My configuration now is:

    selfDefending: false,
    stringArrayEncoding: true,
    stringArrayThreshold: 1,
    deadCodeInjection: false,
    mangle: false

Can you give me a hand? I really need it.

@sanex3339

This comment has been minimized.

Copy link
Collaborator

commented Feb 26, 2018

Show me your part of source code and obfuscated code where this error was triggered.
Also create separate issue, because your error not related with this issue.

@1-Imperialdramon-1

This comment has been minimized.

Copy link

commented Feb 27, 2018

Hi @sanex3339,

sure, I just created the new issue: #207

Thanks in advance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.