New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NSFW! avgle.com #817

Closed
user375s opened this Issue Jan 15, 2018 · 22 comments

Comments

8 participants
@user375s

user375s commented Jan 15, 2018

Test link (required):

https://avgle.com/video/128459/

Screenshot of the web page (including address bar and extension icons) (required):

clipboard 1

Screenshot of the console (press F12 to bring up the console) (required):

clipboard 3

Explain what was not right (optional if obvious):

Anti-adblock when trying to play video.

Environment (Required):

  • Operating System and Version: Windows 10 Home Version 1709
  • Browser and Version: Chrome Version 63.0.3239.132 (Official Build) (64-bit)
  • Adblocker and Version: uBlock Origin v1.14.24

Your filter lists (Required):

filter

Your custom filters (Required if you have any):

custom

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Jan 15, 2018

@mapx- (it's hard anti-adblock)

@mapx-

This comment has been minimized.

mapx- commented Jan 15, 2018

already fixed in uBo

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Jan 18, 2018

Broke again.

@mapx-

This comment has been minimized.

mapx- commented Jan 18, 2018

||avgle.com/templates/frontend/videojs-$script

mapx- added a commit to uBlockOrigin/uAssets that referenced this issue Jan 18, 2018

@mirrorplease123

This comment has been minimized.

mirrorplease123 commented Jan 20, 2018

It's not working again.

@hoonkai

This comment has been minimized.

hoonkai commented Jan 21, 2018

Is it fair to say they've managed to defeat anti-adblock killers?

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Jan 21, 2018

If they are watching us, there isn't much we can do...

@Fezreal

This comment has been minimized.

Fezreal commented Jan 23, 2018

@mun3

This comment has been minimized.

mun3 commented Jan 26, 2018

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Jan 26, 2018

There are ways around everything, if they are determined, they will break that in 2 days as well.

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Jan 27, 2018

Let's see how long can that Userscript hold. If it fails I'll put up a proprietary solution like for lolalytics.

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Jan 27, 2018

It's not possible to beat obfuscated code with clear ones. When a battle goes to this stage, it's pretty much about who has the most time to defeat the other side's obfuscation. The only reasonable way to win is to put in so much obfuscation that the other side gives up. There will never be a "once for all" solution, there are hundreds of solutions burnt at this stage and there are thousands more to come, that is, if the fight continues.

The only other possibility is to have a browser that loads unfiltered page but render a filtered one, but that only works for non-intrusive sites, as prerolls, popups, and crypto mining can't be blocked this way.

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Jan 27, 2018

The idea is to have the script interact with unfiltered version of the page, where ads elements will exist; but show the user the filtered version. There is no implementation, just theory at this point.

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Feb 5, 2018

OK, the fight just escalated. The Userscript is now obfuscated and the website started IP banning on detection.
Doesn't matter what people say, IP banning is effective. I do that too for my proprietary solutions.

@ghajini

This comment has been minimized.

ghajini commented May 7, 2018

@jspenguin2017
why not make patches day to day/ less frequently until avgle gives up!!! just like done for noadblock.....

@gorhill
why adblocker to be on backfoot???

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented May 7, 2018

@ghajini NoAdBlock didn't give up because I keep patching them, they give up because my final solution cannot be bypassed as it hooks directly into Cloudflare's code before NoAdBlock can do anything.

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented May 7, 2018

Also they have IP ban plus heavy obfuscation. I'm making a deobfuscation engine but it didn't go very far since fingerprinting framework functions manually is a huge pain. I need to explore some machine learning algorithms to handle that automatically, but so far no progress.

jspenguin2017 added a commit that referenced this issue May 9, 2018

@jspenguin2017 jspenguin2017 reopened this May 18, 2018

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented May 18, 2018

Might be able to roll out a fix in ND Extra.

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented May 18, 2018

This issue is referenced in https://gitlab.com/xuhaiyang1234/NanoAdblockerSecretIssues/issues/18 (huge page, around 15k lines of dump)

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented May 18, 2018

OK, NVM, this isn't happening before https://github.com/jspenguin2017/JavaScriptDeobfuscator

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented May 27, 2018

An update on the deobfuscator, I have a decent self-defending buster going, which is pretty useless TBH. Debug protection buster and rotated RC4 string array buster are way more important.

Domain lock seems to be obfuscated with regular code, which is a pain to undo, but undoing it is near useless anyway. I honestly have no idea about how to undo control flow flattening, too many things depend on the runtime. Dead code injection should be undoable when string array is taken care of.

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented May 27, 2018

Alright, I got rotated RC4 string array buster working, here's the result: https://pastebin.com/LNF4kWjh
It now fits in Pastebin but still need quite a few cleanups. String array is unfortunately not the only trick that was used.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment