New beta of JSReg

Friday, 26 June 2009

I’ve been slowly developing JSReg over the last few months and I’ve dropped lots of code and redone it many times. This latest version is a code rewriter and will sandbox most javascript properties and the goal is to produce a complete locked down version (which can be improved upon later).

So far it’s going well, I think the experience of hacking sandboxes and hacking my own code has resulted in a better version. I’d like to thank Sirdarckcat (Eduardo Vela) for testing and giving me some great suggestions.

There are a couple of bugs and limitations, at the moment arrays don’t work because of a bug in [] object syntax. I hope to fix this soon though. It also eats new lines when using functions or other stuff, you can get round this at the moment by using ; after the function declaration. The alert function is only supported at the minute but I plan to add more once the code is a bit more stable. Finally there is no DOS protection at the minute and you can probably throw objects in the global scope although you should be able to access other globals or modify them.

So can you break it? Execute code not intended like Function or maybe access global variables other than the $_ prefix and suffix allowed.

Here is a code sample that works fine:-

function x(){ var m=1; this.getM=function(){ return m; } }; y=new x; y.getM()

New JSReg!

The entry 'New beta of JSReg' was posted on June 26th, 2009 at 1:18 pm and last modified on June 26th, 2009 at 1:20 pm, and is filed under javascript, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

2 Responses to “New beta of JSReg”

  1. Vitaly writes:
    No. 1 — June 26th, 2009 at 11:15 pm

    Does not work with obfuscated JS appended to the end of:

    hxxp://wxx.colcohist-gensoc.org/mysql/onename.php

  2. Gareth Heyes writes:
    No. 2 — June 27th, 2009 at 2:49 pm

    @Vitaly

    I don’t understand your point, I’ve not implemented eval or unescape yet

«
»