This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I'm the guy who wrote/designed the first version of Google's framework for this (a.k.a. BotGuard), way back in 2010. Indeed we were up to "good", like detecting spambots and click fraud. People often think these things are attempts to build supercookies but they aren't, they are only designed to detect the difference between automated and non-automated clients. | |
| There seem to be quite a few VM based JS obfuscation schemes appearing these days, but judging from the blog posts about people attempting to reverse them the designers haven't fully understood how to most fully exploit the technique. Given that the whole point is to make understanding how these programs work hard, that's not a huge surprise. | |
| Building a VM is not an end for obfuscation purposes, it's a means. The actual end goal is to deploy the hash-and-decrypt pattern. I learned this technique from Nate Lawson (via this blog post) and the way his company had used it to great effect in BD+. | |
| A custom VM is powerful not only because it puts the debug |
PixelMelt
/ Dwitter-net-JS-Compressors.js
Last active
July 31, 2024 23:58
Dwitter.net JS Compressors
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function golfPack(code){ | |
| function chinaPacker(code) { | |
| const unicodeChars = []; | |
| for (let i = 0; i < code.length; i += 2) { | |
| const char1 = code[i]; | |
| const char2 = code[i + 1] || ' '; | |
| const codePoint = (char1.charCodeAt(0) << 8) | char2.charCodeAt(0); | |
| const unicodeChar = String.fromCodePoint(codePoint); | |
| unicodeChars.push(unicodeChar); | |
| } |
PixelMelt
/ CSSPro-extension-loader
Created
June 2, 2023 03:06
Abuse the fact that the demo website is pretty much the entire extension
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function loadCssPro() { | |
| const head = document.getElementsByTagName('head')[0]; | |
| const cssFiles = [ | |
| { href: "https://cdnjs.cloudflare.com/ajax/libs/tippy.js/6.3.7/tippy.min.css", rel: "preload", as: "style" }, | |
| { href: "https://cdn.jsdelivr.net/npm/@simonwep/pickr/dist/themes/nano.min.css", rel: "preload", as: "style" }, | |
| { href: "https://cdnjs.cloudflare.com/ajax/libs/tom-select/2.2.2/css/tom-select.min.css" }, | |
| { href: "https://cdnjs.cloudflare.com/ajax/libs/lity/2.4.1/lity.css", rel: "preload", as: "style" }, | |
| { href: "https://cdn.jsdelivr.net/npm/diff2html/bundles/css/diff2html.min.css", rel: "preload", as: "style" } | |
| ]; |
PixelMelt
/ undo rclone password encoding
Created
January 19, 2023 22:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "crypto/aes" | |
| "crypto/cipher" | |
| "crypto/rand" | |
| "encoding/base64" | |
| "errors" | |
| "fmt" | |
| "log" | |
| ) |
PixelMelt
/ Block Brave Search ADs uBlock origin filter.txt
Created
December 15, 2022 22:41
Block Brave Search ADs uBlock origin filter
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| search.brave.com##[data-type="ad"] | |
| search.brave.com##[id="premium-promo-wrapper"] |