Implemented functionality to decompile and inline nested JSXBIN eval …

…calls if they contain a valid signature.
AngeloD2022 · Sep 1, 2024 · 68fda85 · 68fda85
1 parent c3f34f6
commit 68fda85
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 3 deletions.
diff --git a/src/jsxer/jsxer.cpp b/src/jsxer/jsxer.cpp
@@ -41,6 +41,7 @@ int jsxer::decompile(const string& input, string& output, bool unblind) {
 
     if (!reader->verifySignature()) {
         // TODO: Handle this properly
+        printf("[!]: %s\n", "The input file has an invalid signature.");
         fprintf(stderr, "JSXBIN signature verification failed!");
         output = "";
         return -3;

diff --git a/src/jsxer/nodes/CallExpression.cpp b/src/jsxer/nodes/CallExpression.cpp
@@ -1,4 +1,5 @@
 #include "CallExpression.h"
+#include "Program.h"
 
 #include <fmt/format.h>
 
@@ -10,10 +11,33 @@ namespace jsxer::nodes {
     }
 
     string CallExpression::to_string() {
+        auto function_name = function->to_string();
         auto arguments = std::dynamic_pointer_cast<ListExpression>(args);
         bool needWrap = function->type() == NodeType::FunctionExpression;
         // {new }{funcName|funcBody}({args})
 
+        if (function_name == "eval" && arguments->arguments.size() == 1 && !constructorCall) {
+            // Check if it has a JSXBIN signature.
+
+            string payload = utils::from_string_literal(arguments->arguments[0]->to_string());
+            auto internal_reader = std::make_unique<Reader>(payload, reader.should_unblind());
+
+            if (internal_reader->verifySignature()) {
+                // If we've confirmed it to be a nested JSXBIN eval call, decompile and inline the results.
+
+                auto internal_ast = std::make_unique<Program>(*internal_reader);
+                internal_ast->parse();
+                string result = internal_ast->to_string();
+
+                if (result.back() == ';') {
+                    result.pop_back();
+                }
+
+                return result;
+            }
+
+        }
+
         string result = (constructorCall ? "new " : "");
         result += (needWrap ? "(" : "")
                 + function->to_string()

diff --git a/src/jsxer/reader.cpp b/src/jsxer/reader.cpp
@@ -43,6 +43,10 @@ size_t Reader::depth() const {
     return _depth;
 }
 
+bool Reader::should_unblind() const {
+    return _unblind;
+}
+
 void Reader::step(int offset) {
     _cursor += offset;
 }
@@ -101,8 +105,6 @@ bool Reader::verifySignature() {
         _version = JsxbinVersion::v21;
     } else {
         _error = ParseError::InvalidVersion;
-        printf("[!]: %s\n", "The input file has an invalid signature.");
-
         return false;
     }
 

diff --git a/src/jsxer/reader.h b/src/jsxer/reader.h
@@ -73,7 +73,7 @@ class Reader {
     [[nodiscard]] JsxbinVersion version() const;
     [[nodiscard]] ParseError error() const;
     [[nodiscard]] size_t depth() const;
-
+    [[nodiscard]] bool should_unblind() const;
     bool verifySignature();
 
     Token get();