Archives for the ‘JSReg’ Category

Decoding non-alphanumeric code with Hackvertor

I saw this post from Thomas Stig Jacobsen. He uses eval to decompile the code, I thought there has to be a better way 🙂 so in literally about 30 minutes I managed to do it after a few tweaks to the JSReg code base. What does non-alphanumeric JavaScript look like? $=~[];$={___:++$,$$$$:(![]+””)[$],__$:++$,$_$_:(![]+””)[$],_$_:++$,$_$$:({}+””)[$],$$_$:($[$]+””)[$],_$$:++$,$$$_:(!””+””)[$],$__:++$,$_$:++$,$$__:({}+””)[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+””)[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+””)[$.__$])+((!$)+””)[$._$$]+($.__=$.$_[$.$$_])+($.$=(!””+””)[$.__$])+($._=(!””+””)[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!””+””)[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+”\””+$.$_$_+(![]+””)[$._$_]+$.$$$_+”\\”+$.__$+$.$$_+$._$_+$.__+”(\\\”\\”+$.__$+$.__$+$.___+$.$$$_+(![]+””)[$._$_]+(![]+””)[$._$_]+$._$+”,\\”+$.$__+$.___+”\\”+$.__$+$.__$+$._$_+$.$_$_+”\\”+$.__$+$.$$_+$.$$_+$.$_$_+”\\”+$.__$+$._$_+$._$$+$.$$__+”\\”+$.__$+$.$$_+$._$_+”\\”+$.__$+$.$_$+$.__$+”\\”+$.__$+$.$$_+$.___+$.__+”\\\”\\”+$.$__+$.___+”)”+”\””)())(); Produced by my […]

JSReg down but not out

A few months ago some very talented people called Jonas Magazinius aka @internot_ and Alexey Silin aka @lever_one broke JSReg. Maybe broke is the wrong word obliterated is more accurate. This was very humbling for me, I knew it wasn’t perfect this is why I tried to tempt them to break it by stating it […]

DOM sandboxing talk

I did a talk in Leeds about DOM sandboxing with regular expressions, it went ok. I’m not the best speaker to be honest but with a bit more practice I’ll get there. Here are the slides:- PDF version Powerpoint slides

JSReg bypasses

I set a cool Hackvertor challenge on slackers. The idea was to call the function defined in window. There is a perfectly legitimate way of doing this as I discovered the method when I was testing it, instead of fixing it I created the challenge. Stefano Di Paola of course figured it out, nice work […]

Sandboxed DOM API

Description I finally sat down and started work on a sandboxed DOM API. Originally I was just going to develop a new framework because the DOM is messy but instead I decided it would be cool to have a safe simulated DOM instead and build a framework on top of that. It isn’t complete yet […]

Regular expression sandboxing

Birth of the regex sandbox I decided today to do a proper blog post to explain my reasons for creating regex sandboxes. I don’t often write a lot of words on this blog partly because I’m not very good a making long meaningful sentences and partly because I think the point can often be made […]

JSReg javascript parser

My host won’t let me compile Spidermonkey on my server 🙁 and I need a javascript parser for my next version of Hackvertor. I can’t really afford a new server, so I decided to write my own 🙂 It’s nowhere near finished yet but I thought I’d give you a peak at the pre-pre-beta. I […]