@jshookmcp/jshook 0.2.2 → 0.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +661 -661
- package/README.md +15 -6
- package/README.zh.md +19 -4
- package/dist/native/scripts/linux/enum-windows.sh +12 -12
- package/dist/native/scripts/macos/enum-windows.applescript +22 -22
- package/dist/native/scripts/windows/enum-windows-by-class.ps1 +51 -51
- package/dist/native/scripts/windows/enum-windows.ps1 +44 -44
- package/dist/native/scripts/windows/inject-dll.ps1 +21 -21
- package/dist/packages/extension-sdk/src/bridges/shared.js +2 -2
- package/dist/packages/extension-sdk/src/plugin.d.ts +5 -0
- package/dist/packages/extension-sdk/src/plugin.js +119 -33
- package/dist/packages/extension-sdk/src/workflow.d.ts +156 -0
- package/dist/packages/extension-sdk/src/workflow.js +236 -0
- package/dist/src/config/search-defaults.js +161 -0
- package/dist/src/constants.d.ts +3 -0
- package/dist/src/constants.js +4 -1
- package/dist/src/index.d.ts +1 -1
- package/dist/src/index.js +13 -17
- package/dist/src/modules/analyzer/CodeAnalyzer.d.ts +1 -3
- package/dist/src/modules/analyzer/CodeAnalyzer.js +16 -28
- package/dist/src/modules/analyzer/CodeAnalyzerDataFlow.d.ts +1 -2
- package/dist/src/modules/analyzer/CodeAnalyzerDataFlow.js +1 -45
- package/dist/src/modules/analyzer/IntelligentAnalyzer.d.ts +1 -37
- package/dist/src/modules/analyzer/IntelligentAnalyzer.js +9 -142
- package/dist/src/modules/analyzer/PatternDetector.js +3 -3
- package/dist/src/modules/analyzer/PatternDetectorAuthPatterns.js +1 -1
- package/dist/src/modules/browser/BrowserDiscovery.d.ts +6 -5
- package/dist/src/modules/browser/BrowserDiscovery.js +3 -3
- package/dist/src/modules/browser/BrowserModeManager.d.ts +1 -1
- package/dist/src/modules/browser/BrowserModeManager.js +11 -10
- package/dist/src/modules/browser/TabRegistry.js +2 -2
- package/dist/src/modules/browser/UnifiedBrowserManager.d.ts +1 -0
- package/dist/src/modules/browser/UnifiedBrowserManager.js +19 -4
- package/dist/src/modules/captcha/AICaptchaDetector.d.ts +14 -23
- package/dist/src/modules/captcha/AICaptchaDetector.js +8 -202
- package/dist/src/modules/captcha/CaptchaDetector.d.ts +31 -17
- package/dist/src/modules/captcha/CaptchaDetector.js +1 -1
- package/dist/src/modules/collector/CodeCache.d.ts +2 -2
- package/dist/src/modules/collector/CodeCollector.d.ts +12 -9
- package/dist/src/modules/collector/CodeCollector.js +5 -6
- package/dist/src/modules/collector/DOMInspector.d.ts +3 -2
- package/dist/src/modules/collector/DOMInspector.js +49 -59
- package/dist/src/modules/collector/PageController.d.ts +17 -4
- package/dist/src/modules/collector/PageController.js +2 -5
- package/dist/src/modules/collector/PageScriptCollectors.js +3 -3
- package/dist/src/modules/crypto/CryptoDetector.d.ts +1 -4
- package/dist/src/modules/crypto/CryptoDetector.js +2 -42
- package/dist/src/modules/crypto/CryptoRules.js +1 -1
- package/dist/src/modules/debugger/BlackboxManager.js +1 -1
- package/dist/src/modules/debugger/DebuggerManager.impl.core.scope.js +1 -1
- package/dist/src/modules/debugger/ScriptManager.impl.extract-function-tree.js +5 -3
- package/dist/src/modules/debugger/WatchExpressionManager.js +1 -1
- package/dist/src/modules/deobfuscator/Deobfuscator.d.ts +1 -4
- package/dist/src/modules/deobfuscator/Deobfuscator.js +4 -39
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.d.ts +0 -3
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.js +2 -8
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.restore.d.ts +2 -3
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.restore.js +5 -57
- package/dist/src/modules/deobfuscator/JScramblerDeobfuscator.js +3 -4
- package/dist/src/modules/deobfuscator/PackerDeobfuscator.js +1 -1
- package/dist/src/modules/deobfuscator/VMDeobfuscator.d.ts +2 -10
- package/dist/src/modules/deobfuscator/VMDeobfuscator.js +3 -128
- package/dist/src/modules/deobfuscator/webcrack.js +15 -2
- package/dist/src/modules/emulator/AIEnvironmentAnalyzer.d.ts +5 -8
- package/dist/src/modules/emulator/AIEnvironmentAnalyzer.js +10 -102
- package/dist/src/modules/emulator/EnvironmentEmulator.d.ts +1 -5
- package/dist/src/modules/emulator/EnvironmentEmulator.js +7 -91
- package/dist/src/modules/emulator/EnvironmentEmulatorFetch.js +58 -61
- package/dist/src/modules/emulator/templates/chrome-env.d.ts +17 -7
- package/dist/src/modules/emulator/templates/chrome-env.js +14 -7
- package/dist/src/modules/external/ExternalToolRunner.d.ts +1 -1
- package/dist/src/modules/external/ExternalToolRunner.js +26 -23
- package/dist/src/modules/monitor/ConsoleMonitor.impl.core.class.d.ts +13 -0
- package/dist/src/modules/monitor/ConsoleMonitor.impl.core.class.js +42 -0
- package/dist/src/modules/monitor/FetchInterceptor.d.ts +46 -0
- package/dist/src/modules/monitor/FetchInterceptor.js +191 -0
- package/dist/src/modules/monitor/PerformanceMonitor.js +8 -7
- package/dist/src/modules/process/BaseMemoryManager.d.ts +1 -1
- package/dist/src/modules/process/LinuxProcessManager.js +4 -2
- package/dist/src/modules/process/MacProcessManager.js +1 -1
- package/dist/src/modules/process/MemoryManager.d.ts +1 -1
- package/dist/src/modules/process/MemoryManager.js +2 -2
- package/dist/src/modules/process/ProcessManager.impl.js +1 -1
- package/dist/src/modules/process/memory/AuditTrail.js +1 -1
- package/dist/src/modules/process/memory/reader.js +35 -3
- package/dist/src/modules/process/memory/regions.enumerate.js +1 -1
- package/dist/src/modules/process/memory/regions.protection.js +42 -9
- package/dist/src/modules/process/memory/scanner.d.ts +5 -1
- package/dist/src/modules/process/memory/scanner.darwin.js +57 -0
- package/dist/src/modules/process/memory/scanner.js +88 -4
- package/dist/src/modules/process/memory/writer.js +44 -4
- package/dist/src/modules/security/ExecutionSandbox.js +7 -8
- package/dist/src/modules/stealth/FingerprintManager.js +1 -1
- package/dist/src/modules/stealth/StealthScripts.d.ts +4 -2
- package/dist/src/modules/stealth/StealthScripts.js +53 -14
- package/dist/src/modules/stealth/StealthVerifier.d.ts +1 -1
- package/dist/src/modules/stealth/StealthVerifier.js +2 -4
- package/dist/src/modules/symbolic/JSVMPSymbolicExecutor.d.ts +14 -0
- package/dist/src/modules/symbolic/JSVMPSymbolicExecutor.js +181 -2
- package/dist/src/modules/trace/TraceDB.js +12 -6
- package/dist/src/modules/trace/TraceRecorder.js +1 -5
- package/dist/src/native/AntiCheatDetector.js +67 -16
- package/dist/src/native/CodeInjector.js +4 -4
- package/dist/src/native/HardwareBreakpoint.js +25 -16
- package/dist/src/native/HeapAnalyzer.js +2 -2
- package/dist/src/native/MemoryController.js +1 -1
- package/dist/src/native/MemoryScanSession.js +2 -2
- package/dist/src/native/MemoryScanner.js +4 -8
- package/dist/src/native/NativeMemoryManager.impl.js +2 -2
- package/dist/src/native/PEAnalyzer.js +14 -15
- package/dist/src/native/PointerChainEngine.js +2 -4
- package/dist/src/native/ScriptLoader.js +4 -9
- package/dist/src/native/Speedhack.js +1 -1
- package/dist/src/native/StructureAnalyzer.js +52 -33
- package/dist/src/native/Win32API.d.ts +1 -0
- package/dist/src/native/Win32API.js +13 -0
- package/dist/src/native/Win32Debug.js +19 -19
- package/dist/src/native/platform/darwin/DarwinAPI.d.ts +2 -0
- package/dist/src/native/platform/darwin/DarwinAPI.js +8 -0
- package/dist/src/native/platform/darwin/DarwinMemoryProvider.js +6 -1
- package/dist/src/server/MCPServer.context.d.ts +2 -1
- package/dist/src/server/MCPServer.d.ts +2 -1
- package/dist/src/server/MCPServer.domain.d.ts +1 -1
- package/dist/src/server/MCPServer.domain.js +81 -16
- package/dist/src/server/MCPServer.js +42 -14
- package/dist/src/server/MCPServer.resources.d.ts +2 -0
- package/dist/src/server/MCPServer.resources.js +91 -0
- package/dist/src/server/MCPServer.search.handlers.call.js +2 -1
- package/dist/src/server/MCPServer.search.helpers.js +2 -2
- package/dist/src/server/MCPServer.tools.js +1 -1
- package/dist/src/server/MCPServer.transport.js +12 -0
- package/dist/src/server/ToolCallContextGuard.d.ts +5 -0
- package/dist/src/server/ToolCallContextGuard.js +85 -0
- package/dist/src/server/ToolRouter.d.ts +26 -10
- package/dist/src/server/ToolRouter.intent.d.ts +26 -0
- package/dist/src/server/ToolRouter.intent.js +77 -0
- package/dist/src/server/ToolRouter.js +103 -284
- package/dist/src/server/ToolRouter.policy.d.ts +22 -0
- package/dist/src/server/ToolRouter.policy.js +163 -0
- package/dist/src/server/ToolRouter.probe.d.ts +17 -0
- package/dist/src/server/ToolRouter.probe.js +103 -0
- package/dist/src/server/ToolRouter.renderer.d.ts +9 -0
- package/dist/src/server/ToolRouter.renderer.js +52 -0
- package/dist/src/server/activation/ActivationController.js +15 -12
- package/dist/src/server/activation/CompoundConditionEngine.js +1 -1
- package/dist/src/server/activation/PredictiveBooster.js +1 -3
- package/dist/src/server/domains/analysis/definitions.js +155 -655
- package/dist/src/server/domains/analysis/handlers.impl.d.ts +8 -8
- package/dist/src/server/domains/analysis/handlers.impl.js +34 -28
- package/dist/src/server/domains/analysis/handlers.web-tools.js +4 -3
- package/dist/src/server/domains/analysis/manifest.js +6 -4
- package/dist/src/server/domains/antidebug/definitions.js +25 -111
- package/dist/src/server/domains/browser/definitions.tools.advanced.js +59 -88
- package/dist/src/server/domains/browser/definitions.tools.behavior.js +120 -227
- package/dist/src/server/domains/browser/definitions.tools.page-core.js +157 -386
- package/dist/src/server/domains/browser/definitions.tools.page-system.js +108 -250
- package/dist/src/server/domains/browser/definitions.tools.runtime.js +61 -174
- package/dist/src/server/domains/browser/definitions.tools.security.js +92 -237
- package/dist/src/server/domains/browser/handlers/camoufox-browser.js +3 -2
- package/dist/src/server/domains/browser/handlers/captcha-solver.js +3 -3
- package/dist/src/server/domains/browser/handlers/dom-query.js +2 -1
- package/dist/src/server/domains/browser/handlers/facade-initializer.d.ts +3 -3
- package/dist/src/server/domains/browser/handlers/facade-initializer.js +3 -3
- package/dist/src/server/domains/browser/handlers/framework-state.js +231 -3
- package/dist/src/server/domains/browser/handlers/indexeddb-dump.js +21 -20
- package/dist/src/server/domains/browser/handlers/script-management.js +1 -1
- package/dist/src/server/domains/browser/handlers/stealth-injection.js +8 -2
- package/dist/src/server/domains/browser/handlers.impl.d.ts +15 -12
- package/dist/src/server/domains/browser/handlers.impl.js +5 -6
- package/dist/src/server/domains/browser/manifest.js +37 -13
- package/dist/src/server/domains/coordination/definitions.js +50 -149
- package/dist/src/server/domains/coordination/index.d.ts +20 -1
- package/dist/src/server/domains/coordination/index.js +133 -0
- package/dist/src/server/domains/coordination/manifest.js +15 -0
- package/dist/src/server/domains/debugger/definitions.tools.advanced.js +72 -189
- package/dist/src/server/domains/debugger/definitions.tools.core.js +114 -288
- package/dist/src/server/domains/debugger/manifest.js +9 -2
- package/dist/src/server/domains/encoding/definitions.js +43 -153
- package/dist/src/server/domains/encoding/handlers.base.js +2 -2
- package/dist/src/server/domains/evidence/definitions.d.ts +2 -0
- package/dist/src/server/domains/evidence/definitions.js +42 -0
- package/dist/src/server/domains/evidence/handlers.d.ts +582 -0
- package/dist/src/server/domains/evidence/handlers.js +60 -0
- package/dist/src/server/domains/evidence/index.d.ts +2 -0
- package/dist/src/server/domains/evidence/index.js +2 -0
- package/dist/src/server/domains/evidence/manifest.d.ts +63 -0
- package/dist/src/server/domains/evidence/manifest.js +78 -0
- package/dist/src/server/domains/graphql/definitions.js +53 -141
- package/dist/src/server/domains/graphql/handlers.impl.core.runtime.replay.js +92 -114
- package/dist/src/server/domains/hooks/ai-handlers.d.ts +0 -7
- package/dist/src/server/domains/hooks/ai-handlers.js +4 -70
- package/dist/src/server/domains/hooks/definitions.js +69 -335
- package/dist/src/server/domains/hooks/manifest.d.ts +1 -1
- package/dist/src/server/domains/hooks/manifest.js +1 -2
- package/dist/src/server/domains/instrumentation/definitions.d.ts +2 -0
- package/dist/src/server/domains/instrumentation/definitions.js +99 -0
- package/dist/src/server/domains/instrumentation/handlers.d.ts +78 -0
- package/dist/src/server/domains/instrumentation/handlers.js +206 -0
- package/dist/src/server/domains/instrumentation/index.d.ts +2 -0
- package/dist/src/server/domains/instrumentation/index.js +2 -0
- package/dist/src/server/domains/instrumentation/manifest.d.ts +63 -0
- package/dist/src/server/domains/instrumentation/manifest.js +114 -0
- package/dist/src/server/domains/macro/definitions.js +16 -43
- package/dist/src/server/domains/maintenance/definitions.js +60 -219
- package/dist/src/server/domains/maintenance/handlers.d.ts +2 -2
- package/dist/src/server/domains/maintenance/handlers.extensions.js +78 -20
- package/dist/src/server/domains/maintenance/handlers.js +2 -2
- package/dist/src/server/domains/memory/definitions.js +387 -559
- package/dist/src/server/domains/memory/handlers/hooks.d.ts +55 -0
- package/dist/src/server/domains/memory/handlers/hooks.js +115 -0
- package/dist/src/server/domains/memory/handlers/integrity.d.ts +77 -0
- package/dist/src/server/domains/memory/handlers/integrity.js +180 -0
- package/dist/src/server/domains/memory/handlers/pointer-chain.d.ts +29 -0
- package/dist/src/server/domains/memory/handlers/pointer-chain.js +82 -0
- package/dist/src/server/domains/memory/handlers/readwrite.d.ts +41 -0
- package/dist/src/server/domains/memory/handlers/readwrite.js +78 -0
- package/dist/src/server/domains/memory/handlers/scan.d.ts +35 -0
- package/dist/src/server/domains/memory/handlers/scan.js +97 -0
- package/dist/src/server/domains/memory/handlers/session.d.ts +23 -0
- package/dist/src/server/domains/memory/handlers/session.js +49 -0
- package/dist/src/server/domains/memory/handlers/structure.d.ts +29 -0
- package/dist/src/server/domains/memory/handlers/structure.js +74 -0
- package/dist/src/server/domains/memory/handlers.impl.d.ts +49 -54
- package/dist/src/server/domains/memory/handlers.impl.js +63 -494
- package/dist/src/server/domains/memory/manifest.js +236 -64
- package/dist/src/server/domains/native-bridge/definitions.js +54 -192
- package/dist/src/server/domains/native-bridge/index.d.ts +1 -0
- package/dist/src/server/domains/native-bridge/index.js +2 -1
- package/dist/src/server/domains/network/auth-extractor.js +1 -1
- package/dist/src/server/domains/network/definitions.js +175 -578
- package/dist/src/server/domains/network/handlers.base.core.d.ts +64 -0
- package/dist/src/server/domains/network/handlers.base.core.js +623 -0
- package/dist/src/server/domains/network/handlers.base.d.ts +2 -124
- package/dist/src/server/domains/network/handlers.base.js +3 -878
- package/dist/src/server/domains/network/handlers.base.performance.d.ts +63 -0
- package/dist/src/server/domains/network/handlers.base.performance.js +193 -0
- package/dist/src/server/domains/network/handlers.base.types.d.ts +42 -0
- package/dist/src/server/domains/network/handlers.base.types.js +89 -0
- package/dist/src/server/domains/network/handlers.impl.core.runtime.d.ts +1 -1
- package/dist/src/server/domains/network/handlers.impl.core.runtime.intercept.d.ts +21 -0
- package/dist/src/server/domains/network/handlers.impl.core.runtime.intercept.js +186 -0
- package/dist/src/server/domains/network/handlers.impl.core.runtime.js +1 -1
- package/dist/src/server/domains/network/manifest.js +15 -0
- package/dist/src/server/domains/network/replay.js +1 -4
- package/dist/src/server/domains/platform/definitions.js +121 -112
- package/dist/src/server/domains/platform/handlers/bridge-handlers.d.ts +5 -1
- package/dist/src/server/domains/platform/handlers/bridge-handlers.js +194 -5
- package/dist/src/server/domains/platform/handlers/electron-asar-helpers.js +26 -6
- package/dist/src/server/domains/platform/handlers/electron-dual-cdp.d.ts +3 -0
- package/dist/src/server/domains/platform/handlers/electron-dual-cdp.js +170 -0
- package/dist/src/server/domains/platform/handlers/electron-fuse-handler.d.ts +3 -0
- package/dist/src/server/domains/platform/handlers/electron-fuse-handler.js +193 -0
- package/dist/src/server/domains/platform/handlers/electron-handlers.d.ts +6 -0
- package/dist/src/server/domains/platform/handlers/electron-handlers.js +95 -2
- package/dist/src/server/domains/platform/handlers/electron-ipc-sniffer.d.ts +2 -0
- package/dist/src/server/domains/platform/handlers/electron-ipc-sniffer.js +370 -0
- package/dist/src/server/domains/platform/handlers/electron-userdata-handler.d.ts +2 -0
- package/dist/src/server/domains/platform/handlers/electron-userdata-handler.js +78 -0
- package/dist/src/server/domains/platform/handlers/miniapp-handlers.d.ts +1 -1
- package/dist/src/server/domains/platform/handlers/miniapp-handlers.js +4 -4
- package/dist/src/server/domains/platform/handlers/v8-bytecode-handler.d.ts +2 -0
- package/dist/src/server/domains/platform/handlers/v8-bytecode-handler.js +207 -0
- package/dist/src/server/domains/platform/handlers.d.ts +48 -0
- package/dist/src/server/domains/platform/handlers.js +29 -0
- package/dist/src/server/domains/platform/manifest.js +38 -0
- package/dist/src/server/domains/process/definitions.js +163 -647
- package/dist/src/server/domains/process/handlers.base.d.ts +3 -95
- package/dist/src/server/domains/process/handlers.base.js +7 -462
- package/dist/src/server/domains/process/handlers.base.process.d.ts +61 -0
- package/dist/src/server/domains/process/handlers.base.process.js +417 -0
- package/dist/src/server/domains/process/handlers.base.types.d.ts +57 -0
- package/dist/src/server/domains/process/handlers.base.types.js +50 -0
- package/dist/src/server/domains/process/handlers.impl.core.runtime.inject.js +19 -17
- package/dist/src/server/domains/process/manifest.js +6 -1
- package/dist/src/server/domains/sandbox/definitions.js +11 -33
- package/dist/src/server/domains/sandbox/handlers.js +8 -3
- package/dist/src/server/domains/shared/ResponseBuilder.d.ts +209 -0
- package/dist/src/server/domains/shared/ResponseBuilder.js +48 -0
- package/dist/src/server/domains/shared/modules.d.ts +0 -2
- package/dist/src/server/domains/shared/modules.js +0 -1
- package/dist/src/server/domains/sourcemap/definitions.js +27 -111
- package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-common.js +7 -2
- package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-main.js +1 -1
- package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-parse-base.js +1 -1
- package/dist/src/server/domains/sourcemap/manifest.d.ts +1 -1
- package/dist/src/server/domains/sourcemap/manifest.js +1 -1
- package/dist/src/server/domains/streaming/definitions.js +36 -148
- package/dist/src/server/domains/streaming/handlers.impl.streaming-sse.js +163 -164
- package/dist/src/server/domains/streaming/handlers.impl.streaming-ws.js +1 -1
- package/dist/src/server/domains/trace/TraceSummarizer.d.ts +60 -0
- package/dist/src/server/domains/trace/TraceSummarizer.js +112 -0
- package/dist/src/server/domains/trace/definitions.tools.js +51 -176
- package/dist/src/server/domains/trace/handlers.d.ts +2 -1
- package/dist/src/server/domains/trace/handlers.js +62 -9
- package/dist/src/server/domains/trace/index.d.ts +2 -1
- package/dist/src/server/domains/trace/index.js +2 -1
- package/dist/src/server/domains/trace/manifest.js +18 -4
- package/dist/src/server/domains/transform/definitions.js +50 -210
- package/dist/src/server/domains/transform/handlers.impl.transform-base.js +6 -6
- package/dist/src/server/domains/transform/handlers.impl.transform-crypto.js +18 -19
- package/dist/src/server/domains/transform/manifest.d.ts +1 -1
- package/dist/src/server/domains/transform/manifest.js +1 -1
- package/dist/src/server/domains/wasm/definitions.js +55 -232
- package/dist/src/server/domains/wasm/handlers.js +3 -3
- package/dist/src/server/domains/workflow/definitions.js +144 -414
- package/dist/src/server/domains/workflow/handlers.impl.workflow-account-bundle.js +2 -2
- package/dist/src/server/domains/workflow/handlers.impl.workflow-base.d.ts +2 -0
- package/dist/src/server/domains/workflow/handlers.impl.workflow-base.js +126 -87
- package/dist/src/server/domains/workflow/handlers.impl.workflow-batch.js +5 -5
- package/dist/src/server/evidence/ReverseEvidenceGraph.d.ts +20 -0
- package/dist/src/server/evidence/ReverseEvidenceGraph.js +208 -0
- package/dist/src/server/evidence/index.d.ts +2 -0
- package/dist/src/server/evidence/index.js +1 -0
- package/dist/src/server/evidence/types.d.ts +22 -0
- package/dist/src/server/evidence/types.js +1 -0
- package/dist/src/server/extensions/ExtensionManager.d.ts +1 -0
- package/dist/src/server/extensions/ExtensionManager.discovery.js +72 -9
- package/dist/src/server/extensions/ExtensionManager.integrity.js +1 -1
- package/dist/src/server/extensions/ExtensionManager.js +193 -40
- package/dist/src/server/extensions/ExtensionManager.roots.d.ts +1 -1
- package/dist/src/server/extensions/ExtensionManager.roots.js +19 -9
- package/dist/src/server/extensions/plugin-config.js +1 -1
- package/dist/src/server/extensions/plugin-env.d.ts +1 -1
- package/dist/src/server/extensions/plugin-env.js +10 -4
- package/dist/src/server/extensions/types.d.ts +17 -0
- package/dist/src/server/extensions/types.js +1 -1
- package/dist/src/server/http/HttpMiddleware.js +1 -1
- package/dist/src/server/instrumentation/EvidenceGraphBridge.d.ts +13 -0
- package/dist/src/server/instrumentation/EvidenceGraphBridge.js +150 -0
- package/dist/src/server/instrumentation/InstrumentationSession.d.ts +60 -0
- package/dist/src/server/instrumentation/InstrumentationSession.js +269 -0
- package/dist/src/server/instrumentation/index.d.ts +2 -0
- package/dist/src/server/instrumentation/index.js +2 -0
- package/dist/src/server/instrumentation/types.d.ts +62 -0
- package/dist/src/server/instrumentation/types.js +7 -0
- package/dist/src/server/macros/MacroConfigLoader.d.ts +6 -5
- package/dist/src/server/macros/MacroConfigLoader.js +61 -59
- package/dist/src/server/macros/MacroRunner.js +6 -2
- package/dist/src/server/macros/builtins/index.d.ts +2 -3
- package/dist/src/server/macros/builtins/index.js +51 -7
- package/dist/src/server/plugins/PluginContract.d.ts +1 -1
- package/dist/src/server/registry/contracts.d.ts +7 -1
- package/dist/src/server/registry/discovery.js +5 -4
- package/dist/src/server/registry/ensure-browser-core.js +0 -3
- package/dist/src/server/registry/index.js +4 -4
- package/dist/src/server/registry/tool-builder.d.ts +46 -0
- package/dist/src/server/registry/tool-builder.js +105 -0
- package/dist/src/server/sandbox/MCPBridge.d.ts +9 -0
- package/dist/src/server/sandbox/MCPBridge.js +22 -0
- package/dist/src/server/sandbox/QuickJSSandbox.d.ts +4 -1
- package/dist/src/server/sandbox/QuickJSSandbox.js +162 -2
- package/dist/src/server/sandbox/types.d.ts +13 -0
- package/dist/src/server/search/AffinityGraph.d.ts +7 -1
- package/dist/src/server/search/AffinityGraph.js +24 -3
- package/dist/src/server/search/EmbeddingWorker.js +5 -3
- package/dist/src/server/search/FeedbackTracker.d.ts +9 -0
- package/dist/src/server/search/FeedbackTracker.js +26 -0
- package/dist/src/server/search/QueryNormalizer.d.ts +6 -0
- package/dist/src/server/search/QueryNormalizer.js +94 -0
- package/dist/src/server/search/ToolSearchEngineImpl.d.ts +2 -3
- package/dist/src/server/search/ToolSearchEngineImpl.js +38 -88
- package/dist/src/server/workflows/WorkflowContract.d.ts +24 -0
- package/dist/src/server/workflows/WorkflowContract.js +12 -0
- package/dist/src/server/workflows/WorkflowEngine.d.ts +1 -0
- package/dist/src/server/workflows/WorkflowEngine.js +136 -3
- package/dist/src/types/config.d.ts +0 -14
- package/dist/src/types/deobfuscator.d.ts +0 -1
- package/dist/src/types/index.d.ts +1 -1
- package/dist/src/utils/DetailedDataManager.js +2 -0
- package/dist/src/utils/RingBuffer.js +5 -5
- package/dist/src/utils/TokenBudgetManager.js +1 -1
- package/dist/src/utils/UnifiedCacheManager.d.ts +1 -1
- package/dist/src/utils/UnifiedCacheManager.js +3 -3
- package/dist/src/utils/artifactRetention.js +2 -2
- package/dist/src/utils/betterSqlite3.d.ts +11 -0
- package/dist/src/utils/betterSqlite3.js +88 -0
- package/dist/src/utils/browserExecutable.js +2 -2
- package/dist/src/utils/cliFastPath.js +17 -6
- package/dist/src/utils/config.js +4 -26
- package/dist/src/utils/environmentDoctor.js +138 -11
- package/dist/src/utils/outputPaths.js +16 -9
- package/dist/src/utils/parallel.js +1 -3
- package/package.json +76 -72
- package/scripts/postinstall.cjs +37 -37
- package/src/native/scripts/linux/enum-windows.sh +12 -12
- package/src/native/scripts/macos/enum-windows.applescript +22 -22
- package/src/native/scripts/windows/enum-windows-by-class.ps1 +51 -51
- package/src/native/scripts/windows/enum-windows.ps1 +44 -44
- package/src/native/scripts/windows/inject-dll.ps1 +21 -21
- package/workflows/.gitkeep +0 -0
- package/dist/src/modules/analyzer/AISummarizer.d.ts +0 -39
- package/dist/src/modules/analyzer/AISummarizer.js +0 -122
- package/dist/src/modules/hook/AIHookGenerator.d.ts +0 -52
- package/dist/src/modules/hook/AIHookGenerator.js +0 -360
- package/dist/src/modules/hook/AIHookGeneratorTemplates.d.ts +0 -9
- package/dist/src/modules/hook/AIHookGeneratorTemplates.js +0 -157
- package/dist/src/server/macros/builtins/deobfuscate-ast-flow.d.ts +0 -2
- package/dist/src/server/macros/builtins/deobfuscate-ast-flow.js +0 -25
- package/dist/src/server/macros/builtins/unpacker-flow.d.ts +0 -2
- package/dist/src/server/macros/builtins/unpacker-flow.js +0 -25
- package/dist/src/services/LLMService.d.ts +0 -37
- package/dist/src/services/LLMService.js +0 -233
- package/dist/src/services/prompts/analysis.d.ts +0 -9
- package/dist/src/services/prompts/analysis.js +0 -158
- package/dist/src/services/prompts/crypto.d.ts +0 -2
- package/dist/src/services/prompts/crypto.js +0 -108
- package/dist/src/services/prompts/deobfuscation.d.ts +0 -6
- package/dist/src/services/prompts/deobfuscation.js +0 -300
- package/dist/src/services/prompts/environment.d.ts +0 -16
- package/dist/src/services/prompts/environment.js +0 -372
- package/dist/src/services/prompts/intelligence.d.ts +0 -4
- package/dist/src/services/prompts/intelligence.js +0 -250
- package/dist/src/services/prompts/taint.d.ts +0 -2
- package/dist/src/services/prompts/taint.js +0 -54
|
@@ -103,13 +103,26 @@ export declare class PageController {
|
|
|
103
103
|
export declare function evaluateWithTimeout<Args extends readonly unknown[], Result>(page: Page, pageFunction: (...args: Args) => Result, ...args: Args): Promise<Awaited<Result>>;
|
|
104
104
|
export declare function evaluateWithTimeout(page: Page, pageFunction: string, ...args: readonly unknown[]): Promise<unknown>;
|
|
105
105
|
export declare function evaluateOnNewDocumentWithTimeout<Args extends readonly unknown[], Result>(page: Page, pageFunction: string | ((...args: never[]) => Result), ...args: Args): Promise<unknown>;
|
|
106
|
-
|
|
106
|
+
interface CoveragePage {
|
|
107
|
+
coverage: {
|
|
108
|
+
startJSCoverage(options?: {
|
|
109
|
+
resetOnNavigation?: boolean;
|
|
110
|
+
reportAnonymousScripts?: boolean;
|
|
111
|
+
}): Promise<void>;
|
|
112
|
+
stopJSCoverage(): Promise<unknown>;
|
|
113
|
+
startCSSCoverage(options?: {
|
|
114
|
+
resetOnNavigation?: boolean;
|
|
115
|
+
}): Promise<void>;
|
|
116
|
+
stopCSSCoverage(): Promise<unknown>;
|
|
117
|
+
};
|
|
118
|
+
}
|
|
119
|
+
export declare function coverageStartJSWithTimeout(page: CoveragePage, options?: {
|
|
107
120
|
resetOnNavigation?: boolean;
|
|
108
121
|
reportAnonymousScripts?: boolean;
|
|
109
122
|
}): Promise<void>;
|
|
110
|
-
export declare function coverageStartCSSWithTimeout(page:
|
|
123
|
+
export declare function coverageStartCSSWithTimeout(page: CoveragePage, options?: {
|
|
111
124
|
resetOnNavigation?: boolean;
|
|
112
125
|
}): Promise<void>;
|
|
113
|
-
export declare function coverageStopJSWithTimeout(page:
|
|
114
|
-
export declare function coverageStopCSSWithTimeout(page:
|
|
126
|
+
export declare function coverageStopJSWithTimeout(page: CoveragePage): Promise<unknown>;
|
|
127
|
+
export declare function coverageStopCSSWithTimeout(page: CoveragePage): Promise<unknown>;
|
|
115
128
|
export {};
|
|
@@ -313,10 +313,7 @@ async function checkPageCDPHealth(page, timeoutMs = 500) {
|
|
|
313
313
|
throw new Error('cdp_unreachable');
|
|
314
314
|
});
|
|
315
315
|
try {
|
|
316
|
-
const cdp = await Promise.race([
|
|
317
|
-
page.createCDPSession(),
|
|
318
|
-
timer,
|
|
319
|
-
]);
|
|
316
|
+
const cdp = await Promise.race([page.createCDPSession(), timer]);
|
|
320
317
|
await Promise.race([
|
|
321
318
|
cdp.send('Runtime.evaluate', { expression: '1', returnByValue: true }),
|
|
322
319
|
timer,
|
|
@@ -326,7 +323,7 @@ async function checkPageCDPHealth(page, timeoutMs = 500) {
|
|
|
326
323
|
const msg = err instanceof Error ? err.message : String(err);
|
|
327
324
|
if (msg === 'cdp_unreachable') {
|
|
328
325
|
throw new Error('CDP session unresponsive — the debugger may be blocking page evaluation. ' +
|
|
329
|
-
'Call debugger_disable() before this tool, or run it before debugger_enable().');
|
|
326
|
+
'Call debugger_disable() before this tool, or run it before debugger_enable().', { cause: err });
|
|
330
327
|
}
|
|
331
328
|
throw err;
|
|
332
329
|
}
|
|
@@ -28,7 +28,7 @@ export async function setupWebWorkerTracking(page) {
|
|
|
28
28
|
});
|
|
29
29
|
}
|
|
30
30
|
export async function collectInlineScripts(page, maxSingleSize, maxFilesPerCollect) {
|
|
31
|
-
const scripts = await page.evaluate((
|
|
31
|
+
const scripts = await page.evaluate((limit) => {
|
|
32
32
|
const scriptElements = Array.from(document.querySelectorAll('script'));
|
|
33
33
|
return scriptElements
|
|
34
34
|
.filter((script) => !script.src && script.textContent)
|
|
@@ -36,8 +36,8 @@ export async function collectInlineScripts(page, maxSingleSize, maxFilesPerColle
|
|
|
36
36
|
let content = script.textContent || '';
|
|
37
37
|
const originalSize = content.length;
|
|
38
38
|
let truncated = false;
|
|
39
|
-
if (content.length >
|
|
40
|
-
content = content.substring(0,
|
|
39
|
+
if (content.length > limit) {
|
|
40
|
+
content = content.substring(0, limit);
|
|
41
41
|
truncated = true;
|
|
42
42
|
}
|
|
43
43
|
return {
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
import type { DetectCryptoOptions, DetectCryptoResult } from '../../types/index.js';
|
|
2
|
-
import { LLMService } from '../../services/LLMService.js';
|
|
3
2
|
import { CryptoRulesManager } from '../crypto/CryptoRules.js';
|
|
4
3
|
export interface SecurityIssue {
|
|
5
4
|
severity: 'critical' | 'high' | 'medium' | 'low';
|
|
@@ -22,9 +21,8 @@ export interface CryptoStrength {
|
|
|
22
21
|
};
|
|
23
22
|
}
|
|
24
23
|
export declare class CryptoDetector {
|
|
25
|
-
private llm;
|
|
26
24
|
private rulesManager;
|
|
27
|
-
constructor(
|
|
25
|
+
constructor(_llm?: any, customRules?: CryptoRulesManager);
|
|
28
26
|
loadCustomRules(json: string): void;
|
|
29
27
|
exportRules(): string;
|
|
30
28
|
detect(options: DetectCryptoOptions): Promise<DetectCryptoResult & {
|
|
@@ -33,7 +31,6 @@ export declare class CryptoDetector {
|
|
|
33
31
|
}>;
|
|
34
32
|
private detectByKeywords;
|
|
35
33
|
private escapeRegex;
|
|
36
|
-
private detectByAI;
|
|
37
34
|
private detectLibraries;
|
|
38
35
|
private detectByAST;
|
|
39
36
|
private mergeParameters;
|
|
@@ -1,16 +1,11 @@
|
|
|
1
1
|
import * as parser from '@babel/parser';
|
|
2
2
|
import traverse from '@babel/traverse';
|
|
3
3
|
import * as t from '@babel/types';
|
|
4
|
-
import { LLMService } from '../../services/LLMService.js';
|
|
5
|
-
import { generateCryptoDetectionPrompt } from '../../services/prompts/crypto.js';
|
|
6
4
|
import { logger } from '../../utils/logger.js';
|
|
7
|
-
import { CRYPTO_DETECT_LLM_MAX_TOKENS } from '../../constants.js';
|
|
8
5
|
import { CryptoRulesManager } from '../crypto/CryptoRules.js';
|
|
9
6
|
export class CryptoDetector {
|
|
10
|
-
llm;
|
|
11
7
|
rulesManager;
|
|
12
|
-
constructor(
|
|
13
|
-
this.llm = llm;
|
|
8
|
+
constructor(_llm, customRules) {
|
|
14
9
|
this.rulesManager = customRules || new CryptoRulesManager();
|
|
15
10
|
}
|
|
16
11
|
loadCustomRules(json) {
|
|
@@ -36,11 +31,6 @@ export class CryptoDetector {
|
|
|
36
31
|
if (astResults.parameters) {
|
|
37
32
|
this.mergeParameters(algorithms, astResults.parameters);
|
|
38
33
|
}
|
|
39
|
-
const useAI = options.useAI !== false;
|
|
40
|
-
if (useAI) {
|
|
41
|
-
const aiResults = await this.detectByAI(code);
|
|
42
|
-
algorithms.push(...aiResults);
|
|
43
|
-
}
|
|
44
34
|
const mergedAlgorithms = this.mergeResults(algorithms);
|
|
45
35
|
const securityResults = this.evaluateSecurity(mergedAlgorithms, code);
|
|
46
36
|
securityIssues.push(...securityResults);
|
|
@@ -82,36 +72,6 @@ export class CryptoDetector {
|
|
|
82
72
|
escapeRegex(str) {
|
|
83
73
|
return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
|
|
84
74
|
}
|
|
85
|
-
async detectByAI(code) {
|
|
86
|
-
try {
|
|
87
|
-
const messages = generateCryptoDetectionPrompt(code);
|
|
88
|
-
const response = await this.llm.chat(messages, {
|
|
89
|
-
temperature: 0.2,
|
|
90
|
-
maxTokens: CRYPTO_DETECT_LLM_MAX_TOKENS,
|
|
91
|
-
});
|
|
92
|
-
const jsonMatch = response.content.match(/\{[\s\S]*\}/);
|
|
93
|
-
if (!jsonMatch)
|
|
94
|
-
return [];
|
|
95
|
-
const result = JSON.parse(jsonMatch[0]);
|
|
96
|
-
if (!Array.isArray(result.algorithms))
|
|
97
|
-
return [];
|
|
98
|
-
return result.algorithms.map((algo) => {
|
|
99
|
-
const a = algo;
|
|
100
|
-
return {
|
|
101
|
-
name: a.name || 'Unknown',
|
|
102
|
-
type: a.type || 'other',
|
|
103
|
-
confidence: a.confidence || 0.5,
|
|
104
|
-
location: { file: 'current', line: 0 },
|
|
105
|
-
parameters: a.parameters,
|
|
106
|
-
usage: a.usage || '',
|
|
107
|
-
};
|
|
108
|
-
});
|
|
109
|
-
}
|
|
110
|
-
catch (error) {
|
|
111
|
-
logger.warn('AI crypto detection failed', error);
|
|
112
|
-
return [];
|
|
113
|
-
}
|
|
114
|
-
}
|
|
115
75
|
detectLibraries(code) {
|
|
116
76
|
const libraries = [];
|
|
117
77
|
const libraryRules = this.rulesManager.getLibraryRules();
|
|
@@ -308,7 +268,7 @@ export class CryptoDetector {
|
|
|
308
268
|
merged.set(key, algo);
|
|
309
269
|
}
|
|
310
270
|
});
|
|
311
|
-
return Array.from(merged.values()).
|
|
271
|
+
return Array.from(merged.values()).toSorted((a, b) => b.confidence - a.confidence);
|
|
312
272
|
}
|
|
313
273
|
findLineNumber(code, keyword) {
|
|
314
274
|
const lines = code.split('\n');
|
|
@@ -138,7 +138,7 @@ export async function getObjectPropertiesByIdCore(ctx, objectId) {
|
|
|
138
138
|
const message = toErrorMessage(error);
|
|
139
139
|
if (message.includes('Could not find object with given id') ||
|
|
140
140
|
message.includes('Invalid remote object id')) {
|
|
141
|
-
throw new Error('Object handle is expired or invalid. Pause execution again and reacquire objectId from get_scope_variables_enhanced.');
|
|
141
|
+
throw new Error('Object handle is expired or invalid. Pause execution again and reacquire objectId from get_scope_variables_enhanced.', { cause: error });
|
|
142
142
|
}
|
|
143
143
|
throw error;
|
|
144
144
|
}
|
|
@@ -14,7 +14,7 @@ const resolveCallableExport = (moduleValue, namedExport) => {
|
|
|
14
14
|
export async function extractFunctionTreeCore(ctx, scriptId, functionName, options = {}) {
|
|
15
15
|
const { maxDepth = 3, maxSize = 500, includeComments = true } = options;
|
|
16
16
|
const script = await ctx.getScriptSource(scriptId);
|
|
17
|
-
if (!script
|
|
17
|
+
if (!script?.source) {
|
|
18
18
|
throw new Error(`Script not found: ${scriptId}`);
|
|
19
19
|
}
|
|
20
20
|
let parser;
|
|
@@ -38,7 +38,7 @@ export async function extractFunctionTreeCore(ctx, scriptId, functionName, optio
|
|
|
38
38
|
t = await import('@babel/types');
|
|
39
39
|
}
|
|
40
40
|
catch (error) {
|
|
41
|
-
throw new Error(`Failed to load Babel dependencies. Please install: npm install @babel/parser @babel/traverse @babel/generator @babel/types\nError: ${getErrorMessage(error)}
|
|
41
|
+
throw new Error(`Failed to load Babel dependencies. Please install: npm install @babel/parser @babel/traverse @babel/generator @babel/types\nError: ${getErrorMessage(error)}`, { cause: error });
|
|
42
42
|
}
|
|
43
43
|
let ast;
|
|
44
44
|
try {
|
|
@@ -48,7 +48,9 @@ export async function extractFunctionTreeCore(ctx, scriptId, functionName, optio
|
|
|
48
48
|
});
|
|
49
49
|
}
|
|
50
50
|
catch (error) {
|
|
51
|
-
throw new Error(`Failed to parse script ${scriptId}: ${getErrorMessage(error)}
|
|
51
|
+
throw new Error(`Failed to parse script ${scriptId}: ${getErrorMessage(error)}`, {
|
|
52
|
+
cause: error,
|
|
53
|
+
});
|
|
52
54
|
}
|
|
53
55
|
const allFunctions = new Map();
|
|
54
56
|
const callGraph = {};
|
|
@@ -101,7 +101,7 @@ export class WatchExpressionManager {
|
|
|
101
101
|
deepEqual(a, b) {
|
|
102
102
|
if (a === b)
|
|
103
103
|
return true;
|
|
104
|
-
if (a
|
|
104
|
+
if (a === null || a === undefined || b === null || b === undefined)
|
|
105
105
|
return false;
|
|
106
106
|
if (!this.isRecord(a) || !this.isRecord(b))
|
|
107
107
|
return false;
|
|
@@ -1,15 +1,12 @@
|
|
|
1
1
|
import type { DeobfuscateOptions, DeobfuscateResult } from '../../types/index.js';
|
|
2
|
-
import { LLMService } from '../../services/LLMService.js';
|
|
3
2
|
export declare class Deobfuscator {
|
|
4
|
-
private llm?;
|
|
5
3
|
private resultCache;
|
|
6
4
|
private maxCacheSize;
|
|
7
|
-
constructor(
|
|
5
|
+
constructor(legacyDependency?: unknown);
|
|
8
6
|
private generateCacheKey;
|
|
9
7
|
deobfuscate(options: DeobfuscateOptions): Promise<DeobfuscateResult>;
|
|
10
8
|
private detectObfuscationType;
|
|
11
9
|
private calculateReadabilityScore;
|
|
12
10
|
private calculateConfidence;
|
|
13
11
|
private buildAnalysis;
|
|
14
|
-
private llmAnalysis;
|
|
15
12
|
}
|
|
@@ -1,16 +1,12 @@
|
|
|
1
1
|
import crypto from 'crypto';
|
|
2
2
|
import { logger } from '../../utils/logger.js';
|
|
3
|
-
import { DEOBF_LLM_MAX_TOKENS } from '../../constants.js';
|
|
4
|
-
import { LLMService } from '../../services/LLMService.js';
|
|
5
|
-
import { generateDeobfuscationPrompt } from '../../services/prompts/deobfuscation.js';
|
|
6
3
|
import { calculateReadabilityScore as calculateReadabilityScoreUtil, detectObfuscationType as detectObfuscationTypeUtil, } from '../deobfuscator/Deobfuscator.utils.js';
|
|
7
4
|
import { runWebcrack } from '../deobfuscator/webcrack.js';
|
|
8
5
|
export class Deobfuscator {
|
|
9
|
-
llm;
|
|
10
6
|
resultCache = new Map();
|
|
11
7
|
maxCacheSize = 100;
|
|
12
|
-
constructor(
|
|
13
|
-
|
|
8
|
+
constructor(legacyDependency) {
|
|
9
|
+
void legacyDependency;
|
|
14
10
|
}
|
|
15
11
|
generateCacheKey(options) {
|
|
16
12
|
const key = JSON.stringify({
|
|
@@ -18,7 +14,7 @@ export class Deobfuscator {
|
|
|
18
14
|
forceOutput: options.forceOutput,
|
|
19
15
|
includeModuleCode: options.includeModuleCode,
|
|
20
16
|
jsx: options.jsx,
|
|
21
|
-
llm:
|
|
17
|
+
llm: false,
|
|
22
18
|
mangle: options.mangle ?? options.renameVariables,
|
|
23
19
|
mappings: options.mappings,
|
|
24
20
|
maxBundleModules: options.maxBundleModules,
|
|
@@ -64,13 +60,7 @@ export class Deobfuscator {
|
|
|
64
60
|
logger.error(`webcrack deobfuscation failed: ${reason}`);
|
|
65
61
|
throw new Error(reason);
|
|
66
62
|
}
|
|
67
|
-
|
|
68
|
-
if (this.llm && options.llm) {
|
|
69
|
-
const llmResult = await this.llmAnalysis(webcrackResult.code);
|
|
70
|
-
if (llmResult) {
|
|
71
|
-
analysis = llmResult;
|
|
72
|
-
}
|
|
73
|
-
}
|
|
63
|
+
const analysis = this.buildAnalysis(webcrackResult, obfuscationType);
|
|
74
64
|
const transformations = [
|
|
75
65
|
{
|
|
76
66
|
type: 'webcrack',
|
|
@@ -95,15 +85,6 @@ export class Deobfuscator {
|
|
|
95
85
|
},
|
|
96
86
|
]
|
|
97
87
|
: []),
|
|
98
|
-
...(this.llm && options.llm
|
|
99
|
-
? [
|
|
100
|
-
{
|
|
101
|
-
type: 'llm-analysis',
|
|
102
|
-
description: 'AI-assisted analysis completed after webcrack deobfuscation',
|
|
103
|
-
success: true,
|
|
104
|
-
},
|
|
105
|
-
]
|
|
106
|
-
: []),
|
|
107
88
|
];
|
|
108
89
|
const readabilityScore = this.calculateReadabilityScore(webcrackResult.code);
|
|
109
90
|
const confidence = this.calculateConfidence(webcrackResult, readabilityScore);
|
|
@@ -161,20 +142,4 @@ export class Deobfuscator {
|
|
|
161
142
|
}
|
|
162
143
|
return parts.join(' ');
|
|
163
144
|
}
|
|
164
|
-
async llmAnalysis(code) {
|
|
165
|
-
if (!this.llm)
|
|
166
|
-
return null;
|
|
167
|
-
try {
|
|
168
|
-
const messages = generateDeobfuscationPrompt(code);
|
|
169
|
-
const response = await this.llm.chat(messages, {
|
|
170
|
-
temperature: 0.3,
|
|
171
|
-
maxTokens: DEOBF_LLM_MAX_TOKENS,
|
|
172
|
-
});
|
|
173
|
-
return response.content;
|
|
174
|
-
}
|
|
175
|
-
catch (error) {
|
|
176
|
-
logger.warn('LLM analysis failed after webcrack deobfuscation', error);
|
|
177
|
-
return null;
|
|
178
|
-
}
|
|
179
|
-
}
|
|
180
145
|
}
|
|
@@ -1,9 +1,6 @@
|
|
|
1
1
|
import type { JSVMPDeobfuscatorOptions, JSVMPDeobfuscatorResult } from '../../types/index.js';
|
|
2
|
-
import type { LLMService } from '../../services/LLMService.js';
|
|
3
2
|
export declare class JSVMPDeobfuscator {
|
|
4
|
-
private llm?;
|
|
5
3
|
private readonly sandbox;
|
|
6
|
-
constructor(llm?: LLMService);
|
|
7
4
|
deobfuscate(options: JSVMPDeobfuscatorOptions): Promise<JSVMPDeobfuscatorResult>;
|
|
8
5
|
private detectJSVMP;
|
|
9
6
|
private detectJSVMPWithRegex;
|
|
@@ -7,11 +7,7 @@ import { JSVMP_DEOBFUSCATE_TIMEOUT_MS, JSVMP_MAX_ITERATIONS } from '../../consta
|
|
|
7
7
|
import { ExecutionSandbox } from '../security/ExecutionSandbox.js';
|
|
8
8
|
import { restoreCustomVMBasic, restoreJSVMPCode, } from '../deobfuscator/JSVMPDeobfuscator.restore.js';
|
|
9
9
|
export class JSVMPDeobfuscator {
|
|
10
|
-
llm;
|
|
11
10
|
sandbox = new ExecutionSandbox();
|
|
12
|
-
constructor(llm) {
|
|
13
|
-
this.llm = llm;
|
|
14
|
-
}
|
|
15
11
|
async deobfuscate(options) {
|
|
16
12
|
const startTime = Date.now();
|
|
17
13
|
const { code, aggressive = false, extractInstructions = false, timeout = JSVMP_DEOBFUSCATE_TIMEOUT_MS, maxIterations = JSVMP_MAX_ITERATIONS, } = options;
|
|
@@ -205,9 +201,8 @@ export class JSVMPDeobfuscator {
|
|
|
205
201
|
sourceType: 'unambiguous',
|
|
206
202
|
plugins: ['jsx', 'typescript'],
|
|
207
203
|
});
|
|
208
|
-
const self = this;
|
|
209
204
|
traverse(ast, {
|
|
210
|
-
SwitchStatement(path) {
|
|
205
|
+
SwitchStatement: (path) => {
|
|
211
206
|
if (path.node.cases.length === features.instructionCount) {
|
|
212
207
|
path.node.cases.forEach((caseNode, index) => {
|
|
213
208
|
const opcode = caseNode.test
|
|
@@ -217,7 +212,7 @@ export class JSVMPDeobfuscator {
|
|
|
217
212
|
? caseNode.test.value
|
|
218
213
|
: index
|
|
219
214
|
: index;
|
|
220
|
-
const type =
|
|
215
|
+
const type = this.inferInstructionType(caseNode);
|
|
221
216
|
instructions.push({
|
|
222
217
|
opcode,
|
|
223
218
|
name: `INST_${opcode}`,
|
|
@@ -289,7 +284,6 @@ export class JSVMPDeobfuscator {
|
|
|
289
284
|
async restoreCode(code, _features, vmType, aggressive, _timeout, _maxIterations) {
|
|
290
285
|
void this.restoreCustomVMBasic;
|
|
291
286
|
return restoreJSVMPCode({
|
|
292
|
-
llm: this.llm,
|
|
293
287
|
sandbox: this.sandbox,
|
|
294
288
|
}, code, vmType, aggressive);
|
|
295
289
|
}
|
|
@@ -1,6 +1,5 @@
|
|
|
1
|
-
import type { LLMService } from '../../services/LLMService.js';
|
|
2
1
|
import type { UnresolvedPart, VMType } from '../../types/index.js';
|
|
3
|
-
import { ExecutionSandbox } from '../security/ExecutionSandbox.js';
|
|
2
|
+
import { type ExecutionSandbox } from '../security/ExecutionSandbox.js';
|
|
4
3
|
type RestoreResult = {
|
|
5
4
|
code: string;
|
|
6
5
|
confidence: number;
|
|
@@ -8,7 +7,7 @@ type RestoreResult = {
|
|
|
8
7
|
unresolvedParts?: UnresolvedPart[];
|
|
9
8
|
};
|
|
10
9
|
type RestoreContext = {
|
|
11
|
-
llm?:
|
|
10
|
+
llm?: any;
|
|
12
11
|
sandbox: ExecutionSandbox;
|
|
13
12
|
};
|
|
14
13
|
export declare function restoreJSVMPCode(context: RestoreContext, code: string, vmType: VMType, aggressive: boolean): Promise<RestoreResult>;
|
|
@@ -1,6 +1,5 @@
|
|
|
1
|
-
import { generateVMAnalysisMessages } from '../../services/prompts/deobfuscation.js';
|
|
2
1
|
import { logger } from '../../utils/logger.js';
|
|
3
|
-
import {
|
|
2
|
+
import {} from '../security/ExecutionSandbox.js';
|
|
4
3
|
export async function restoreJSVMPCode(context, code, vmType, aggressive) {
|
|
5
4
|
const warnings = [];
|
|
6
5
|
const unresolvedParts = [];
|
|
@@ -138,7 +137,7 @@ async function restoreJJEncode(context, code, warnings) {
|
|
|
138
137
|
try {
|
|
139
138
|
const lines = code.split('\n').filter((line) => line.trim());
|
|
140
139
|
const lastLine = lines.length > 0 ? lines[lines.length - 1] : '';
|
|
141
|
-
if (lastLine
|
|
140
|
+
if (lastLine?.includes('$$$$')) {
|
|
142
141
|
const sandboxResult = await context.sandbox.execute({
|
|
143
142
|
code: `${code}; return $$$$()`,
|
|
144
143
|
timeoutMs: 5000,
|
|
@@ -184,60 +183,9 @@ async function restoreJJEncode(context, code, warnings) {
|
|
|
184
183
|
};
|
|
185
184
|
}
|
|
186
185
|
}
|
|
187
|
-
async function restoreCustomVM(
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
warnings.push('Configure DeepSeek/OpenAI API key for AI-assisted deobfuscation');
|
|
191
|
-
return restoreCustomVMBasic(code, aggressive, warnings, unresolvedParts);
|
|
192
|
-
}
|
|
193
|
-
try {
|
|
194
|
-
logger.info(' LLMVM...');
|
|
195
|
-
const response = await context.llm.chat(generateVMAnalysisMessages(code));
|
|
196
|
-
const analysisText = response.content;
|
|
197
|
-
logger.info(' LLM');
|
|
198
|
-
logger.info(`: ${analysisText.substring(0, 200)}...`);
|
|
199
|
-
let vmAnalysis;
|
|
200
|
-
try {
|
|
201
|
-
const jsonMatch = analysisText.match(/\{[\s\S]*\}/);
|
|
202
|
-
if (jsonMatch) {
|
|
203
|
-
const parsed = JSON.parse(jsonMatch[0]);
|
|
204
|
-
if (parsed && typeof parsed === 'object') {
|
|
205
|
-
vmAnalysis = parsed;
|
|
206
|
-
}
|
|
207
|
-
}
|
|
208
|
-
}
|
|
209
|
-
catch {
|
|
210
|
-
warnings.push('LLM analysis failed, using fallback');
|
|
211
|
-
return restoreCustomVMBasic(code, aggressive, warnings, unresolvedParts);
|
|
212
|
-
}
|
|
213
|
-
if (vmAnalysis) {
|
|
214
|
-
warnings.push(`LLMVM: ${typeof vmAnalysis.vmType === 'string' ? vmAnalysis.vmType : 'Unknown'}`);
|
|
215
|
-
const vmWarnings = vmAnalysis.warnings;
|
|
216
|
-
if (Array.isArray(vmWarnings)) {
|
|
217
|
-
warnings.push(...vmWarnings);
|
|
218
|
-
}
|
|
219
|
-
const restorationSteps = vmAnalysis.restorationSteps;
|
|
220
|
-
if (Array.isArray(restorationSteps)) {
|
|
221
|
-
unresolvedParts.push({
|
|
222
|
-
location: 'VM Restoration',
|
|
223
|
-
reason: 'LLM',
|
|
224
|
-
suggestion: restorationSteps.join('\n'),
|
|
225
|
-
});
|
|
226
|
-
}
|
|
227
|
-
return {
|
|
228
|
-
code,
|
|
229
|
-
confidence: 0.6,
|
|
230
|
-
warnings,
|
|
231
|
-
unresolvedParts: unresolvedParts.length > 0 ? unresolvedParts : undefined,
|
|
232
|
-
};
|
|
233
|
-
}
|
|
234
|
-
return restoreCustomVMBasic(code, aggressive, warnings, unresolvedParts);
|
|
235
|
-
}
|
|
236
|
-
catch (error) {
|
|
237
|
-
logger.error('LLM', error);
|
|
238
|
-
warnings.push(`LLM: ${error}`);
|
|
239
|
-
return restoreCustomVMBasic(code, aggressive, warnings, unresolvedParts);
|
|
240
|
-
}
|
|
186
|
+
async function restoreCustomVM(_context, code, aggressive, warnings, unresolvedParts) {
|
|
187
|
+
warnings.push('AI-assisted deobfuscation removed, using fallback directly.');
|
|
188
|
+
return restoreCustomVMBasic(code, aggressive, warnings, unresolvedParts);
|
|
241
189
|
}
|
|
242
190
|
export function restoreCustomVMBasic(code, aggressive, warnings, unresolvedParts) {
|
|
243
191
|
let restored = code;
|
|
@@ -144,12 +144,11 @@ export class JScramberDeobfuscator {
|
|
|
144
144
|
}
|
|
145
145
|
restoreControlFlow(ast) {
|
|
146
146
|
let count = 0;
|
|
147
|
-
const self = this;
|
|
148
147
|
traverse(ast, {
|
|
149
|
-
WhileStatement(path) {
|
|
150
|
-
if (
|
|
148
|
+
WhileStatement: (path) => {
|
|
149
|
+
if (this.isControlFlowFlatteningPattern(path.node)) {
|
|
151
150
|
try {
|
|
152
|
-
|
|
151
|
+
this.unflattenControlFlowPattern(path);
|
|
153
152
|
count++;
|
|
154
153
|
}
|
|
155
154
|
catch { }
|
|
@@ -44,7 +44,7 @@ export class PackerDeobfuscator {
|
|
|
44
44
|
}
|
|
45
45
|
async unpack(code) {
|
|
46
46
|
const match = code.match(/eval\s*\(\s*function\s*\(\s*p\s*,\s*a\s*,\s*c\s*,\s*k\s*,\s*e\s*,\s*[dr]\s*\)\s*{([\s\S]*?)}\s*\((.*?)\)\s*\)/);
|
|
47
|
-
if (!match
|
|
47
|
+
if (!match?.[2]) {
|
|
48
48
|
return code;
|
|
49
49
|
}
|
|
50
50
|
const args = match[2];
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { LLMService } from '../../services/LLMService.js';
|
|
2
1
|
type VMStructure = {
|
|
3
2
|
hasInterpreter: boolean;
|
|
4
3
|
instructionTypes: string[];
|
|
@@ -11,15 +10,14 @@ type VMComponents = {
|
|
|
11
10
|
interpreterFunction?: string;
|
|
12
11
|
};
|
|
13
12
|
export declare class VMDeobfuscator {
|
|
14
|
-
|
|
15
|
-
constructor(llm?: LLMService);
|
|
13
|
+
constructor(legacyDependency?: unknown);
|
|
16
14
|
detectVMProtection(code: string): {
|
|
17
15
|
detected: boolean;
|
|
18
16
|
type: string;
|
|
19
17
|
instructionCount: number;
|
|
20
18
|
};
|
|
21
19
|
countVMInstructions(code: string): number;
|
|
22
|
-
deobfuscateVM(code: string,
|
|
20
|
+
deobfuscateVM(code: string, _vmInfo: {
|
|
23
21
|
type: string;
|
|
24
22
|
instructionCount: number;
|
|
25
23
|
}): Promise<{
|
|
@@ -28,12 +26,6 @@ export declare class VMDeobfuscator {
|
|
|
28
26
|
}>;
|
|
29
27
|
analyzeVMStructure(code: string): VMStructure;
|
|
30
28
|
extractVMComponents(code: string): VMComponents;
|
|
31
|
-
buildVMDeobfuscationPrompt(code: string, vmInfo: {
|
|
32
|
-
type: string;
|
|
33
|
-
instructionCount: number;
|
|
34
|
-
}, vmStructure: VMStructure, vmComponents: VMComponents): string;
|
|
35
29
|
simplifyVMCode(code: string, vmComponents: VMComponents): string;
|
|
36
|
-
extractCodeFromLLMResponse(response: string): string;
|
|
37
|
-
isValidJavaScript(code: string): boolean;
|
|
38
30
|
}
|
|
39
31
|
export {};
|