@jshookmcp/jshook 0.2.3 → 0.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -5
- package/README.zh.md +18 -3
- package/dist/packages/extension-sdk/src/bridges/shared.js +2 -2
- package/dist/packages/extension-sdk/src/plugin.d.ts +5 -0
- package/dist/packages/extension-sdk/src/plugin.js +119 -33
- package/dist/packages/extension-sdk/src/workflow.d.ts +156 -0
- package/dist/packages/extension-sdk/src/workflow.js +236 -0
- package/dist/src/config/search-defaults.js +161 -0
- package/dist/src/constants.d.ts +3 -0
- package/dist/src/constants.js +4 -1
- package/dist/src/index.d.ts +1 -1
- package/dist/src/index.js +13 -17
- package/dist/src/modules/analyzer/CodeAnalyzer.d.ts +1 -3
- package/dist/src/modules/analyzer/CodeAnalyzer.js +16 -28
- package/dist/src/modules/analyzer/CodeAnalyzerDataFlow.d.ts +1 -2
- package/dist/src/modules/analyzer/CodeAnalyzerDataFlow.js +1 -45
- package/dist/src/modules/analyzer/IntelligentAnalyzer.d.ts +1 -37
- package/dist/src/modules/analyzer/IntelligentAnalyzer.js +9 -142
- package/dist/src/modules/analyzer/PatternDetector.js +3 -3
- package/dist/src/modules/analyzer/PatternDetectorAuthPatterns.js +1 -1
- package/dist/src/modules/browser/BrowserDiscovery.js +2 -2
- package/dist/src/modules/browser/BrowserModeManager.js +11 -10
- package/dist/src/modules/browser/TabRegistry.js +2 -2
- package/dist/src/modules/browser/UnifiedBrowserManager.d.ts +1 -0
- package/dist/src/modules/browser/UnifiedBrowserManager.js +18 -3
- package/dist/src/modules/captcha/AICaptchaDetector.d.ts +1 -10
- package/dist/src/modules/captcha/AICaptchaDetector.js +7 -201
- package/dist/src/modules/collector/CodeCollector.js +4 -5
- package/dist/src/modules/collector/DOMInspector.js +48 -58
- package/dist/src/modules/collector/PageController.d.ts +17 -4
- package/dist/src/modules/collector/PageController.js +2 -5
- package/dist/src/modules/collector/PageScriptCollectors.js +3 -3
- package/dist/src/modules/crypto/CryptoDetector.d.ts +1 -4
- package/dist/src/modules/crypto/CryptoDetector.js +2 -42
- package/dist/src/modules/crypto/CryptoRules.js +1 -1
- package/dist/src/modules/debugger/BlackboxManager.js +1 -1
- package/dist/src/modules/debugger/DebuggerManager.impl.core.scope.js +1 -1
- package/dist/src/modules/debugger/ScriptManager.impl.extract-function-tree.js +4 -2
- package/dist/src/modules/debugger/WatchExpressionManager.js +1 -1
- package/dist/src/modules/deobfuscator/Deobfuscator.d.ts +1 -4
- package/dist/src/modules/deobfuscator/Deobfuscator.js +4 -39
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.d.ts +0 -3
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.js +2 -8
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.restore.d.ts +1 -2
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.restore.js +3 -55
- package/dist/src/modules/deobfuscator/JScramblerDeobfuscator.js +3 -4
- package/dist/src/modules/deobfuscator/VMDeobfuscator.d.ts +2 -10
- package/dist/src/modules/deobfuscator/VMDeobfuscator.js +3 -128
- package/dist/src/modules/deobfuscator/webcrack.js +15 -2
- package/dist/src/modules/emulator/AIEnvironmentAnalyzer.d.ts +5 -8
- package/dist/src/modules/emulator/AIEnvironmentAnalyzer.js +10 -102
- package/dist/src/modules/emulator/EnvironmentEmulator.d.ts +1 -5
- package/dist/src/modules/emulator/EnvironmentEmulator.js +7 -91
- package/dist/src/modules/emulator/EnvironmentEmulatorFetch.js +58 -61
- package/dist/src/modules/emulator/templates/chrome-env.d.ts +17 -7
- package/dist/src/modules/emulator/templates/chrome-env.js +14 -7
- package/dist/src/modules/external/ExternalToolRunner.js +25 -22
- package/dist/src/modules/hook/HookGeneratorBuilders.core.generators.compose.js +5 -5
- package/dist/src/modules/hook/HookGeneratorBuilders.core.generators.network.js +311 -311
- package/dist/src/modules/hook/HookGeneratorBuilders.core.generators.runtime.js +410 -410
- package/dist/src/modules/hook/HookGeneratorBuilders.core.generators.storage.js +122 -122
- package/dist/src/modules/monitor/ConsoleMonitor.impl.core.class.d.ts +13 -0
- package/dist/src/modules/monitor/ConsoleMonitor.impl.core.class.js +42 -0
- package/dist/src/modules/monitor/ConsoleMonitor.impl.core.dynamic.js +194 -194
- package/dist/src/modules/monitor/FetchInterceptor.d.ts +46 -0
- package/dist/src/modules/monitor/FetchInterceptor.js +191 -0
- package/dist/src/modules/monitor/PerformanceMonitor.js +8 -7
- package/dist/src/modules/monitor/PlaywrightNetworkMonitor.js +62 -62
- package/dist/src/modules/process/BaseMemoryManager.d.ts +1 -1
- package/dist/src/modules/process/LinuxProcessManager.js +2 -0
- package/dist/src/modules/process/MacProcessManager.js +25 -25
- package/dist/src/modules/process/MemoryManager.d.ts +1 -1
- package/dist/src/modules/process/MemoryManager.js +2 -2
- package/dist/src/modules/process/memory/AuditTrail.js +1 -1
- package/dist/src/modules/process/memory/availability.js +49 -49
- package/dist/src/modules/process/memory/injector.js +185 -185
- package/dist/src/modules/process/memory/reader.js +85 -53
- package/dist/src/modules/process/memory/regions.dump.js +51 -51
- package/dist/src/modules/process/memory/regions.enumerate.js +108 -108
- package/dist/src/modules/process/memory/regions.modules.js +80 -80
- package/dist/src/modules/process/memory/regions.protection.js +148 -115
- package/dist/src/modules/process/memory/scanner.d.ts +5 -1
- package/dist/src/modules/process/memory/scanner.darwin.js +98 -41
- package/dist/src/modules/process/memory/scanner.js +88 -4
- package/dist/src/modules/process/memory/scanner.windows.js +124 -124
- package/dist/src/modules/process/memory/writer.js +98 -58
- package/dist/src/modules/security/ExecutionSandbox.js +51 -52
- package/dist/src/modules/stealth/FingerprintManager.js +1 -1
- package/dist/src/modules/stealth/StealthScripts.d.ts +1 -0
- package/dist/src/modules/stealth/StealthScripts.js +18 -13
- package/dist/src/modules/stealth/StealthVerifier.js +1 -3
- package/dist/src/modules/symbolic/JSVMPSymbolicExecutor.d.ts +14 -0
- package/dist/src/modules/symbolic/JSVMPSymbolicExecutor.js +181 -2
- package/dist/src/modules/trace/TraceDB.js +75 -69
- package/dist/src/modules/trace/TraceRecorder.js +1 -5
- package/dist/src/native/AntiCheatDetector.js +67 -16
- package/dist/src/native/CodeInjector.js +3 -3
- package/dist/src/native/HardwareBreakpoint.js +24 -15
- package/dist/src/native/HeapAnalyzer.js +2 -2
- package/dist/src/native/MemoryController.js +1 -1
- package/dist/src/native/MemoryScanSession.js +2 -2
- package/dist/src/native/MemoryScanner.js +4 -8
- package/dist/src/native/NativeMemoryManager.impl.js +2 -2
- package/dist/src/native/PEAnalyzer.js +14 -15
- package/dist/src/native/PointerChainEngine.js +2 -4
- package/dist/src/native/ScriptLoader.js +4 -9
- package/dist/src/native/Speedhack.js +1 -1
- package/dist/src/native/StructureAnalyzer.js +52 -33
- package/dist/src/native/Win32API.d.ts +1 -0
- package/dist/src/native/Win32API.js +13 -0
- package/dist/src/native/Win32Debug.js +19 -19
- package/dist/src/native/platform/darwin/DarwinAPI.d.ts +2 -0
- package/dist/src/native/platform/darwin/DarwinAPI.js +8 -0
- package/dist/src/native/platform/darwin/DarwinMemoryProvider.js +6 -1
- package/dist/src/server/MCPServer.context.d.ts +2 -1
- package/dist/src/server/MCPServer.d.ts +2 -1
- package/dist/src/server/MCPServer.domain.d.ts +1 -1
- package/dist/src/server/MCPServer.domain.js +81 -16
- package/dist/src/server/MCPServer.js +41 -14
- package/dist/src/server/MCPServer.resources.d.ts +2 -0
- package/dist/src/server/MCPServer.resources.js +91 -0
- package/dist/src/server/MCPServer.search.handlers.call.js +2 -1
- package/dist/src/server/MCPServer.search.helpers.js +1 -1
- package/dist/src/server/MCPServer.transport.js +12 -0
- package/dist/src/server/ToolCallContextGuard.js +8 -0
- package/dist/src/server/ToolRouter.d.ts +25 -9
- package/dist/src/server/ToolRouter.intent.d.ts +26 -0
- package/dist/src/server/ToolRouter.intent.js +77 -0
- package/dist/src/server/ToolRouter.js +103 -284
- package/dist/src/server/ToolRouter.policy.d.ts +22 -0
- package/dist/src/server/ToolRouter.policy.js +163 -0
- package/dist/src/server/ToolRouter.probe.d.ts +17 -0
- package/dist/src/server/ToolRouter.probe.js +103 -0
- package/dist/src/server/ToolRouter.renderer.d.ts +9 -0
- package/dist/src/server/ToolRouter.renderer.js +52 -0
- package/dist/src/server/activation/ActivationController.js +15 -12
- package/dist/src/server/activation/CompoundConditionEngine.js +1 -1
- package/dist/src/server/activation/PredictiveBooster.js +1 -3
- package/dist/src/server/domains/analysis/definitions.js +155 -655
- package/dist/src/server/domains/analysis/handlers.impl.js +26 -20
- package/dist/src/server/domains/analysis/handlers.web-tools.js +2 -1
- package/dist/src/server/domains/analysis/manifest.js +6 -4
- package/dist/src/server/domains/antidebug/definitions.js +25 -111
- package/dist/src/server/domains/browser/definitions.tools.advanced.js +59 -88
- package/dist/src/server/domains/browser/definitions.tools.behavior.js +120 -227
- package/dist/src/server/domains/browser/definitions.tools.page-core.js +210 -439
- package/dist/src/server/domains/browser/definitions.tools.page-system.js +108 -250
- package/dist/src/server/domains/browser/definitions.tools.runtime.js +98 -211
- package/dist/src/server/domains/browser/definitions.tools.security.js +194 -339
- package/dist/src/server/domains/browser/handlers/camoufox-browser.js +3 -2
- package/dist/src/server/domains/browser/handlers/captcha-solver.js +3 -3
- package/dist/src/server/domains/browser/handlers/dom-query.js +2 -1
- package/dist/src/server/domains/browser/handlers/framework-state.js +27 -9
- package/dist/src/server/domains/browser/handlers/indexeddb-dump.js +21 -20
- package/dist/src/server/domains/browser/handlers/script-management.js +1 -1
- package/dist/src/server/domains/browser/handlers.impl.d.ts +1 -2
- package/dist/src/server/domains/browser/handlers.impl.js +2 -3
- package/dist/src/server/domains/browser/manifest.js +37 -13
- package/dist/src/server/domains/coordination/definitions.js +50 -216
- package/dist/src/server/domains/coordination/index.d.ts +2 -1
- package/dist/src/server/domains/coordination/index.js +1 -0
- package/dist/src/server/domains/debugger/definitions.tools.advanced.js +72 -189
- package/dist/src/server/domains/debugger/definitions.tools.core.js +114 -288
- package/dist/src/server/domains/debugger/manifest.js +9 -2
- package/dist/src/server/domains/encoding/definitions.js +43 -153
- package/dist/src/server/domains/encoding/handlers.base.js +2 -2
- package/dist/src/server/domains/evidence/definitions.d.ts +2 -0
- package/dist/src/server/domains/evidence/definitions.js +42 -0
- package/dist/src/server/domains/evidence/handlers.d.ts +582 -0
- package/dist/src/server/domains/evidence/handlers.js +60 -0
- package/dist/src/server/domains/evidence/index.d.ts +2 -0
- package/dist/src/server/domains/evidence/index.js +2 -0
- package/dist/src/server/domains/evidence/manifest.d.ts +63 -0
- package/dist/src/server/domains/evidence/manifest.js +78 -0
- package/dist/src/server/domains/graphql/definitions.js +53 -141
- package/dist/src/server/domains/graphql/handlers.impl.core.runtime.replay.js +92 -114
- package/dist/src/server/domains/graphql/handlers.impl.core.runtime.shared.js +77 -77
- package/dist/src/server/domains/hooks/ai-handlers.d.ts +0 -7
- package/dist/src/server/domains/hooks/ai-handlers.js +1 -67
- package/dist/src/server/domains/hooks/definitions.js +69 -335
- package/dist/src/server/domains/hooks/manifest.d.ts +1 -1
- package/dist/src/server/domains/hooks/manifest.js +1 -2
- package/dist/src/server/domains/instrumentation/definitions.d.ts +2 -0
- package/dist/src/server/domains/instrumentation/definitions.js +99 -0
- package/dist/src/server/domains/instrumentation/handlers.d.ts +78 -0
- package/dist/src/server/domains/instrumentation/handlers.js +206 -0
- package/dist/src/server/domains/instrumentation/index.d.ts +2 -0
- package/dist/src/server/domains/instrumentation/index.js +2 -0
- package/dist/src/server/domains/instrumentation/manifest.d.ts +63 -0
- package/dist/src/server/domains/instrumentation/manifest.js +114 -0
- package/dist/src/server/domains/macro/definitions.js +16 -43
- package/dist/src/server/domains/maintenance/definitions.js +60 -219
- package/dist/src/server/domains/maintenance/handlers.extensions.js +78 -20
- package/dist/src/server/domains/memory/definitions.js +387 -559
- package/dist/src/server/domains/memory/handlers/hooks.d.ts +55 -0
- package/dist/src/server/domains/memory/handlers/hooks.js +115 -0
- package/dist/src/server/domains/memory/handlers/integrity.d.ts +77 -0
- package/dist/src/server/domains/memory/handlers/integrity.js +180 -0
- package/dist/src/server/domains/memory/handlers/pointer-chain.d.ts +29 -0
- package/dist/src/server/domains/memory/handlers/pointer-chain.js +82 -0
- package/dist/src/server/domains/memory/handlers/readwrite.d.ts +41 -0
- package/dist/src/server/domains/memory/handlers/readwrite.js +78 -0
- package/dist/src/server/domains/memory/handlers/scan.d.ts +35 -0
- package/dist/src/server/domains/memory/handlers/scan.js +97 -0
- package/dist/src/server/domains/memory/handlers/session.d.ts +23 -0
- package/dist/src/server/domains/memory/handlers/session.js +49 -0
- package/dist/src/server/domains/memory/handlers/structure.d.ts +29 -0
- package/dist/src/server/domains/memory/handlers/structure.js +74 -0
- package/dist/src/server/domains/memory/handlers.impl.d.ts +49 -54
- package/dist/src/server/domains/memory/handlers.impl.js +63 -494
- package/dist/src/server/domains/memory/manifest.js +236 -64
- package/dist/src/server/domains/native-bridge/definitions.js +54 -192
- package/dist/src/server/domains/native-bridge/index.d.ts +1 -0
- package/dist/src/server/domains/native-bridge/index.js +2 -1
- package/dist/src/server/domains/network/auth-extractor.js +1 -1
- package/dist/src/server/domains/network/definitions.js +175 -578
- package/dist/src/server/domains/network/handlers.base.core.d.ts +64 -0
- package/dist/src/server/domains/network/handlers.base.core.js +623 -0
- package/dist/src/server/domains/network/handlers.base.d.ts +2 -124
- package/dist/src/server/domains/network/handlers.base.js +3 -878
- package/dist/src/server/domains/network/handlers.base.performance.d.ts +63 -0
- package/dist/src/server/domains/network/handlers.base.performance.js +193 -0
- package/dist/src/server/domains/network/handlers.base.types.d.ts +42 -0
- package/dist/src/server/domains/network/handlers.base.types.js +89 -0
- package/dist/src/server/domains/network/handlers.impl.core.runtime.d.ts +1 -1
- package/dist/src/server/domains/network/handlers.impl.core.runtime.intercept.d.ts +21 -0
- package/dist/src/server/domains/network/handlers.impl.core.runtime.intercept.js +186 -0
- package/dist/src/server/domains/network/handlers.impl.core.runtime.js +1 -1
- package/dist/src/server/domains/network/manifest.js +15 -0
- package/dist/src/server/domains/network/replay.js +1 -4
- package/dist/src/server/domains/platform/definitions.js +121 -112
- package/dist/src/server/domains/platform/handlers/bridge-handlers.d.ts +4 -0
- package/dist/src/server/domains/platform/handlers/bridge-handlers.js +193 -4
- package/dist/src/server/domains/platform/handlers/electron-asar-helpers.js +26 -6
- package/dist/src/server/domains/platform/handlers/electron-dual-cdp.d.ts +3 -0
- package/dist/src/server/domains/platform/handlers/electron-dual-cdp.js +170 -0
- package/dist/src/server/domains/platform/handlers/electron-fuse-handler.d.ts +3 -0
- package/dist/src/server/domains/platform/handlers/electron-fuse-handler.js +193 -0
- package/dist/src/server/domains/platform/handlers/electron-handlers.d.ts +6 -0
- package/dist/src/server/domains/platform/handlers/electron-handlers.js +95 -2
- package/dist/src/server/domains/platform/handlers/electron-ipc-sniffer.d.ts +2 -0
- package/dist/src/server/domains/platform/handlers/electron-ipc-sniffer.js +370 -0
- package/dist/src/server/domains/platform/handlers/electron-userdata-handler.d.ts +2 -0
- package/dist/src/server/domains/platform/handlers/electron-userdata-handler.js +78 -0
- package/dist/src/server/domains/platform/handlers/miniapp-handlers.js +3 -3
- package/dist/src/server/domains/platform/handlers/v8-bytecode-handler.d.ts +2 -0
- package/dist/src/server/domains/platform/handlers/v8-bytecode-handler.js +207 -0
- package/dist/src/server/domains/platform/handlers.d.ts +48 -0
- package/dist/src/server/domains/platform/handlers.js +29 -0
- package/dist/src/server/domains/platform/manifest.js +38 -0
- package/dist/src/server/domains/process/definitions.js +163 -647
- package/dist/src/server/domains/process/handlers.base.d.ts +3 -95
- package/dist/src/server/domains/process/handlers.base.js +7 -462
- package/dist/src/server/domains/process/handlers.base.process.d.ts +61 -0
- package/dist/src/server/domains/process/handlers.base.process.js +417 -0
- package/dist/src/server/domains/process/handlers.base.types.d.ts +57 -0
- package/dist/src/server/domains/process/handlers.base.types.js +50 -0
- package/dist/src/server/domains/process/handlers.impl.core.runtime.inject.js +18 -16
- package/dist/src/server/domains/process/manifest.js +6 -1
- package/dist/src/server/domains/sandbox/definitions.js +11 -33
- package/dist/src/server/domains/sandbox/handlers.js +8 -3
- package/dist/src/server/domains/shared/ResponseBuilder.d.ts +209 -0
- package/dist/src/server/domains/shared/ResponseBuilder.js +48 -0
- package/dist/src/server/domains/shared/modules.d.ts +0 -2
- package/dist/src/server/domains/shared/modules.js +0 -1
- package/dist/src/server/domains/sourcemap/definitions.js +27 -111
- package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-common.js +7 -2
- package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-main.js +1 -1
- package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-parse-base.js +1 -1
- package/dist/src/server/domains/sourcemap/manifest.d.ts +1 -1
- package/dist/src/server/domains/sourcemap/manifest.js +1 -1
- package/dist/src/server/domains/streaming/definitions.js +36 -148
- package/dist/src/server/domains/streaming/handlers.impl.streaming-sse.js +163 -164
- package/dist/src/server/domains/streaming/handlers.impl.streaming-ws.js +1 -1
- package/dist/src/server/domains/trace/TraceSummarizer.js +8 -5
- package/dist/src/server/domains/trace/definitions.tools.js +51 -206
- package/dist/src/server/domains/trace/handlers.js +10 -12
- package/dist/src/server/domains/trace/index.d.ts +2 -1
- package/dist/src/server/domains/trace/index.js +2 -1
- package/dist/src/server/domains/trace/manifest.js +15 -3
- package/dist/src/server/domains/transform/definitions.js +50 -210
- package/dist/src/server/domains/transform/handlers.impl.transform-base.js +108 -108
- package/dist/src/server/domains/transform/handlers.impl.transform-crypto.js +18 -19
- package/dist/src/server/domains/transform/manifest.d.ts +1 -1
- package/dist/src/server/domains/transform/manifest.js +1 -1
- package/dist/src/server/domains/wasm/definitions.js +55 -232
- package/dist/src/server/domains/wasm/handlers.js +1 -1
- package/dist/src/server/domains/workflow/definitions.js +144 -414
- package/dist/src/server/domains/workflow/handlers.impl.workflow-account-bundle.js +1 -1
- package/dist/src/server/domains/workflow/handlers.impl.workflow-api.js +51 -51
- package/dist/src/server/domains/workflow/handlers.impl.workflow-base.d.ts +2 -0
- package/dist/src/server/domains/workflow/handlers.impl.workflow-base.js +126 -87
- package/dist/src/server/domains/workflow/handlers.impl.workflow-batch.js +5 -5
- package/dist/src/server/evidence/ReverseEvidenceGraph.d.ts +20 -0
- package/dist/src/server/evidence/ReverseEvidenceGraph.js +208 -0
- package/dist/src/server/evidence/index.d.ts +2 -0
- package/dist/src/server/evidence/index.js +1 -0
- package/dist/src/server/evidence/types.d.ts +22 -0
- package/dist/src/server/evidence/types.js +1 -0
- package/dist/src/server/extensions/ExtensionManager.d.ts +1 -0
- package/dist/src/server/extensions/ExtensionManager.discovery.js +72 -9
- package/dist/src/server/extensions/ExtensionManager.integrity.js +1 -1
- package/dist/src/server/extensions/ExtensionManager.js +193 -40
- package/dist/src/server/extensions/ExtensionManager.roots.d.ts +1 -1
- package/dist/src/server/extensions/ExtensionManager.roots.js +4 -4
- package/dist/src/server/extensions/plugin-config.js +1 -1
- package/dist/src/server/extensions/plugin-env.d.ts +1 -1
- package/dist/src/server/extensions/plugin-env.js +10 -4
- package/dist/src/server/extensions/types.d.ts +17 -0
- package/dist/src/server/extensions/types.js +1 -1
- package/dist/src/server/instrumentation/EvidenceGraphBridge.d.ts +13 -0
- package/dist/src/server/instrumentation/EvidenceGraphBridge.js +150 -0
- package/dist/src/server/instrumentation/InstrumentationSession.d.ts +60 -0
- package/dist/src/server/instrumentation/InstrumentationSession.js +269 -0
- package/dist/src/server/instrumentation/index.d.ts +2 -0
- package/dist/src/server/instrumentation/index.js +2 -0
- package/dist/src/server/instrumentation/types.d.ts +62 -0
- package/dist/src/server/instrumentation/types.js +7 -0
- package/dist/src/server/macros/MacroConfigLoader.d.ts +6 -5
- package/dist/src/server/macros/MacroConfigLoader.js +61 -59
- package/dist/src/server/macros/MacroRunner.js +6 -2
- package/dist/src/server/macros/builtins/index.d.ts +2 -3
- package/dist/src/server/macros/builtins/index.js +51 -7
- package/dist/src/server/plugins/PluginContract.d.ts +1 -1
- package/dist/src/server/registry/contracts.d.ts +1 -1
- package/dist/src/server/registry/discovery.js +5 -4
- package/dist/src/server/registry/ensure-browser-core.js +0 -3
- package/dist/src/server/registry/index.js +4 -4
- package/dist/src/server/registry/tool-builder.d.ts +46 -0
- package/dist/src/server/registry/tool-builder.js +105 -0
- package/dist/src/server/sandbox/QuickJSSandbox.js +16 -5
- package/dist/src/server/sandbox/SandboxHelpers.js +250 -250
- package/dist/src/server/search/EmbeddingWorker.js +5 -3
- package/dist/src/server/search/FeedbackTracker.d.ts +9 -0
- package/dist/src/server/search/FeedbackTracker.js +26 -0
- package/dist/src/server/search/QueryNormalizer.d.ts +6 -0
- package/dist/src/server/search/QueryNormalizer.js +94 -0
- package/dist/src/server/search/ToolSearchEngineImpl.d.ts +2 -3
- package/dist/src/server/search/ToolSearchEngineImpl.js +38 -88
- package/dist/src/server/workflows/WorkflowContract.d.ts +24 -0
- package/dist/src/server/workflows/WorkflowContract.js +12 -0
- package/dist/src/server/workflows/WorkflowEngine.d.ts +1 -0
- package/dist/src/server/workflows/WorkflowEngine.js +136 -3
- package/dist/src/types/config.d.ts +0 -14
- package/dist/src/types/deobfuscator.d.ts +0 -1
- package/dist/src/types/index.d.ts +1 -1
- package/dist/src/utils/DetailedDataManager.js +2 -0
- package/dist/src/utils/RingBuffer.js +5 -5
- package/dist/src/utils/TokenBudgetManager.js +1 -1
- package/dist/src/utils/UnifiedCacheManager.js +1 -1
- package/dist/src/utils/artifactRetention.js +2 -2
- package/dist/src/utils/betterSqlite3.d.ts +11 -0
- package/dist/src/utils/betterSqlite3.js +88 -0
- package/dist/src/utils/browserExecutable.js +2 -2
- package/dist/src/utils/cliFastPath.js +5 -8
- package/dist/src/utils/config.js +4 -26
- package/dist/src/utils/environmentDoctor.js +138 -11
- package/dist/src/utils/outputPaths.js +16 -9
- package/dist/src/utils/parallel.js +1 -3
- package/package.json +74 -72
- package/workflows/.gitkeep +0 -0
- package/dist/src/modules/analyzer/AISummarizer.d.ts +0 -39
- package/dist/src/modules/analyzer/AISummarizer.js +0 -122
- package/dist/src/modules/hook/AIHookGenerator.d.ts +0 -52
- package/dist/src/modules/hook/AIHookGenerator.js +0 -360
- package/dist/src/modules/hook/AIHookGeneratorTemplates.d.ts +0 -9
- package/dist/src/modules/hook/AIHookGeneratorTemplates.js +0 -157
- package/dist/src/server/macros/builtins/deobfuscate-ast-flow.d.ts +0 -2
- package/dist/src/server/macros/builtins/deobfuscate-ast-flow.js +0 -25
- package/dist/src/server/macros/builtins/unpacker-flow.d.ts +0 -2
- package/dist/src/server/macros/builtins/unpacker-flow.js +0 -25
- package/dist/src/services/LLMService.d.ts +0 -37
- package/dist/src/services/LLMService.js +0 -233
- package/dist/src/services/prompts/analysis.d.ts +0 -9
- package/dist/src/services/prompts/analysis.js +0 -158
- package/dist/src/services/prompts/crypto.d.ts +0 -2
- package/dist/src/services/prompts/crypto.js +0 -108
- package/dist/src/services/prompts/deobfuscation.d.ts +0 -6
- package/dist/src/services/prompts/deobfuscation.js +0 -300
- package/dist/src/services/prompts/environment.d.ts +0 -16
- package/dist/src/services/prompts/environment.js +0 -372
- package/dist/src/services/prompts/intelligence.d.ts +0 -4
- package/dist/src/services/prompts/intelligence.js +0 -250
- package/dist/src/services/prompts/taint.d.ts +0 -2
- package/dist/src/services/prompts/taint.js +0 -54
|
@@ -38,7 +38,7 @@ export async function extractFunctionTreeCore(ctx, scriptId, functionName, optio
|
|
|
38
38
|
t = await import('@babel/types');
|
|
39
39
|
}
|
|
40
40
|
catch (error) {
|
|
41
|
-
throw new Error(`Failed to load Babel dependencies. Please install: npm install @babel/parser @babel/traverse @babel/generator @babel/types\nError: ${getErrorMessage(error)}
|
|
41
|
+
throw new Error(`Failed to load Babel dependencies. Please install: npm install @babel/parser @babel/traverse @babel/generator @babel/types\nError: ${getErrorMessage(error)}`, { cause: error });
|
|
42
42
|
}
|
|
43
43
|
let ast;
|
|
44
44
|
try {
|
|
@@ -48,7 +48,9 @@ export async function extractFunctionTreeCore(ctx, scriptId, functionName, optio
|
|
|
48
48
|
});
|
|
49
49
|
}
|
|
50
50
|
catch (error) {
|
|
51
|
-
throw new Error(`Failed to parse script ${scriptId}: ${getErrorMessage(error)}
|
|
51
|
+
throw new Error(`Failed to parse script ${scriptId}: ${getErrorMessage(error)}`, {
|
|
52
|
+
cause: error,
|
|
53
|
+
});
|
|
52
54
|
}
|
|
53
55
|
const allFunctions = new Map();
|
|
54
56
|
const callGraph = {};
|
|
@@ -101,7 +101,7 @@ export class WatchExpressionManager {
|
|
|
101
101
|
deepEqual(a, b) {
|
|
102
102
|
if (a === b)
|
|
103
103
|
return true;
|
|
104
|
-
if (a
|
|
104
|
+
if (a === null || a === undefined || b === null || b === undefined)
|
|
105
105
|
return false;
|
|
106
106
|
if (!this.isRecord(a) || !this.isRecord(b))
|
|
107
107
|
return false;
|
|
@@ -1,15 +1,12 @@
|
|
|
1
1
|
import type { DeobfuscateOptions, DeobfuscateResult } from '../../types/index.js';
|
|
2
|
-
import { type LLMService } from '../../services/LLMService.js';
|
|
3
2
|
export declare class Deobfuscator {
|
|
4
|
-
private llm?;
|
|
5
3
|
private resultCache;
|
|
6
4
|
private maxCacheSize;
|
|
7
|
-
constructor(
|
|
5
|
+
constructor(legacyDependency?: unknown);
|
|
8
6
|
private generateCacheKey;
|
|
9
7
|
deobfuscate(options: DeobfuscateOptions): Promise<DeobfuscateResult>;
|
|
10
8
|
private detectObfuscationType;
|
|
11
9
|
private calculateReadabilityScore;
|
|
12
10
|
private calculateConfidence;
|
|
13
11
|
private buildAnalysis;
|
|
14
|
-
private llmAnalysis;
|
|
15
12
|
}
|
|
@@ -1,16 +1,12 @@
|
|
|
1
1
|
import crypto from 'crypto';
|
|
2
2
|
import { logger } from '../../utils/logger.js';
|
|
3
|
-
import { DEOBF_LLM_MAX_TOKENS } from '../../constants.js';
|
|
4
|
-
import {} from '../../services/LLMService.js';
|
|
5
|
-
import { generateDeobfuscationPrompt } from '../../services/prompts/deobfuscation.js';
|
|
6
3
|
import { calculateReadabilityScore as calculateReadabilityScoreUtil, detectObfuscationType as detectObfuscationTypeUtil, } from '../deobfuscator/Deobfuscator.utils.js';
|
|
7
4
|
import { runWebcrack } from '../deobfuscator/webcrack.js';
|
|
8
5
|
export class Deobfuscator {
|
|
9
|
-
llm;
|
|
10
6
|
resultCache = new Map();
|
|
11
7
|
maxCacheSize = 100;
|
|
12
|
-
constructor(
|
|
13
|
-
|
|
8
|
+
constructor(legacyDependency) {
|
|
9
|
+
void legacyDependency;
|
|
14
10
|
}
|
|
15
11
|
generateCacheKey(options) {
|
|
16
12
|
const key = JSON.stringify({
|
|
@@ -18,7 +14,7 @@ export class Deobfuscator {
|
|
|
18
14
|
forceOutput: options.forceOutput,
|
|
19
15
|
includeModuleCode: options.includeModuleCode,
|
|
20
16
|
jsx: options.jsx,
|
|
21
|
-
llm:
|
|
17
|
+
llm: false,
|
|
22
18
|
mangle: options.mangle ?? options.renameVariables,
|
|
23
19
|
mappings: options.mappings,
|
|
24
20
|
maxBundleModules: options.maxBundleModules,
|
|
@@ -64,13 +60,7 @@ export class Deobfuscator {
|
|
|
64
60
|
logger.error(`webcrack deobfuscation failed: ${reason}`);
|
|
65
61
|
throw new Error(reason);
|
|
66
62
|
}
|
|
67
|
-
|
|
68
|
-
if (this.llm && options.llm) {
|
|
69
|
-
const llmResult = await this.llmAnalysis(webcrackResult.code);
|
|
70
|
-
if (llmResult) {
|
|
71
|
-
analysis = llmResult;
|
|
72
|
-
}
|
|
73
|
-
}
|
|
63
|
+
const analysis = this.buildAnalysis(webcrackResult, obfuscationType);
|
|
74
64
|
const transformations = [
|
|
75
65
|
{
|
|
76
66
|
type: 'webcrack',
|
|
@@ -95,15 +85,6 @@ export class Deobfuscator {
|
|
|
95
85
|
},
|
|
96
86
|
]
|
|
97
87
|
: []),
|
|
98
|
-
...(this.llm && options.llm
|
|
99
|
-
? [
|
|
100
|
-
{
|
|
101
|
-
type: 'llm-analysis',
|
|
102
|
-
description: 'AI-assisted analysis completed after webcrack deobfuscation',
|
|
103
|
-
success: true,
|
|
104
|
-
},
|
|
105
|
-
]
|
|
106
|
-
: []),
|
|
107
88
|
];
|
|
108
89
|
const readabilityScore = this.calculateReadabilityScore(webcrackResult.code);
|
|
109
90
|
const confidence = this.calculateConfidence(webcrackResult, readabilityScore);
|
|
@@ -161,20 +142,4 @@ export class Deobfuscator {
|
|
|
161
142
|
}
|
|
162
143
|
return parts.join(' ');
|
|
163
144
|
}
|
|
164
|
-
async llmAnalysis(code) {
|
|
165
|
-
if (!this.llm)
|
|
166
|
-
return null;
|
|
167
|
-
try {
|
|
168
|
-
const messages = generateDeobfuscationPrompt(code);
|
|
169
|
-
const response = await this.llm.chat(messages, {
|
|
170
|
-
temperature: 0.3,
|
|
171
|
-
maxTokens: DEOBF_LLM_MAX_TOKENS,
|
|
172
|
-
});
|
|
173
|
-
return response.content;
|
|
174
|
-
}
|
|
175
|
-
catch (error) {
|
|
176
|
-
logger.warn('LLM analysis failed after webcrack deobfuscation', error);
|
|
177
|
-
return null;
|
|
178
|
-
}
|
|
179
|
-
}
|
|
180
145
|
}
|
|
@@ -1,9 +1,6 @@
|
|
|
1
1
|
import type { JSVMPDeobfuscatorOptions, JSVMPDeobfuscatorResult } from '../../types/index.js';
|
|
2
|
-
import type { LLMService } from '../../services/LLMService.js';
|
|
3
2
|
export declare class JSVMPDeobfuscator {
|
|
4
|
-
private llm?;
|
|
5
3
|
private readonly sandbox;
|
|
6
|
-
constructor(llm?: LLMService);
|
|
7
4
|
deobfuscate(options: JSVMPDeobfuscatorOptions): Promise<JSVMPDeobfuscatorResult>;
|
|
8
5
|
private detectJSVMP;
|
|
9
6
|
private detectJSVMPWithRegex;
|
|
@@ -7,11 +7,7 @@ import { JSVMP_DEOBFUSCATE_TIMEOUT_MS, JSVMP_MAX_ITERATIONS } from '../../consta
|
|
|
7
7
|
import { ExecutionSandbox } from '../security/ExecutionSandbox.js';
|
|
8
8
|
import { restoreCustomVMBasic, restoreJSVMPCode, } from '../deobfuscator/JSVMPDeobfuscator.restore.js';
|
|
9
9
|
export class JSVMPDeobfuscator {
|
|
10
|
-
llm;
|
|
11
10
|
sandbox = new ExecutionSandbox();
|
|
12
|
-
constructor(llm) {
|
|
13
|
-
this.llm = llm;
|
|
14
|
-
}
|
|
15
11
|
async deobfuscate(options) {
|
|
16
12
|
const startTime = Date.now();
|
|
17
13
|
const { code, aggressive = false, extractInstructions = false, timeout = JSVMP_DEOBFUSCATE_TIMEOUT_MS, maxIterations = JSVMP_MAX_ITERATIONS, } = options;
|
|
@@ -205,9 +201,8 @@ export class JSVMPDeobfuscator {
|
|
|
205
201
|
sourceType: 'unambiguous',
|
|
206
202
|
plugins: ['jsx', 'typescript'],
|
|
207
203
|
});
|
|
208
|
-
const self = this;
|
|
209
204
|
traverse(ast, {
|
|
210
|
-
SwitchStatement(path) {
|
|
205
|
+
SwitchStatement: (path) => {
|
|
211
206
|
if (path.node.cases.length === features.instructionCount) {
|
|
212
207
|
path.node.cases.forEach((caseNode, index) => {
|
|
213
208
|
const opcode = caseNode.test
|
|
@@ -217,7 +212,7 @@ export class JSVMPDeobfuscator {
|
|
|
217
212
|
? caseNode.test.value
|
|
218
213
|
: index
|
|
219
214
|
: index;
|
|
220
|
-
const type =
|
|
215
|
+
const type = this.inferInstructionType(caseNode);
|
|
221
216
|
instructions.push({
|
|
222
217
|
opcode,
|
|
223
218
|
name: `INST_${opcode}`,
|
|
@@ -289,7 +284,6 @@ export class JSVMPDeobfuscator {
|
|
|
289
284
|
async restoreCode(code, _features, vmType, aggressive, _timeout, _maxIterations) {
|
|
290
285
|
void this.restoreCustomVMBasic;
|
|
291
286
|
return restoreJSVMPCode({
|
|
292
|
-
llm: this.llm,
|
|
293
287
|
sandbox: this.sandbox,
|
|
294
288
|
}, code, vmType, aggressive);
|
|
295
289
|
}
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import type { LLMService } from '../../services/LLMService.js';
|
|
2
1
|
import type { UnresolvedPart, VMType } from '../../types/index.js';
|
|
3
2
|
import { type ExecutionSandbox } from '../security/ExecutionSandbox.js';
|
|
4
3
|
type RestoreResult = {
|
|
@@ -8,7 +7,7 @@ type RestoreResult = {
|
|
|
8
7
|
unresolvedParts?: UnresolvedPart[];
|
|
9
8
|
};
|
|
10
9
|
type RestoreContext = {
|
|
11
|
-
llm?:
|
|
10
|
+
llm?: any;
|
|
12
11
|
sandbox: ExecutionSandbox;
|
|
13
12
|
};
|
|
14
13
|
export declare function restoreJSVMPCode(context: RestoreContext, code: string, vmType: VMType, aggressive: boolean): Promise<RestoreResult>;
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { generateVMAnalysisMessages } from '../../services/prompts/deobfuscation.js';
|
|
2
1
|
import { logger } from '../../utils/logger.js';
|
|
3
2
|
import {} from '../security/ExecutionSandbox.js';
|
|
4
3
|
export async function restoreJSVMPCode(context, code, vmType, aggressive) {
|
|
@@ -184,60 +183,9 @@ async function restoreJJEncode(context, code, warnings) {
|
|
|
184
183
|
};
|
|
185
184
|
}
|
|
186
185
|
}
|
|
187
|
-
async function restoreCustomVM(
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
warnings.push('Configure DeepSeek/OpenAI API key for AI-assisted deobfuscation');
|
|
191
|
-
return restoreCustomVMBasic(code, aggressive, warnings, unresolvedParts);
|
|
192
|
-
}
|
|
193
|
-
try {
|
|
194
|
-
logger.info(' LLMVM...');
|
|
195
|
-
const response = await context.llm.chat(generateVMAnalysisMessages(code));
|
|
196
|
-
const analysisText = response.content;
|
|
197
|
-
logger.info(' LLM');
|
|
198
|
-
logger.info(`: ${analysisText.substring(0, 200)}...`);
|
|
199
|
-
let vmAnalysis;
|
|
200
|
-
try {
|
|
201
|
-
const jsonMatch = analysisText.match(/\{[\s\S]*\}/);
|
|
202
|
-
if (jsonMatch) {
|
|
203
|
-
const parsed = JSON.parse(jsonMatch[0]);
|
|
204
|
-
if (parsed && typeof parsed === 'object') {
|
|
205
|
-
vmAnalysis = parsed;
|
|
206
|
-
}
|
|
207
|
-
}
|
|
208
|
-
}
|
|
209
|
-
catch {
|
|
210
|
-
warnings.push('LLM analysis failed, using fallback');
|
|
211
|
-
return restoreCustomVMBasic(code, aggressive, warnings, unresolvedParts);
|
|
212
|
-
}
|
|
213
|
-
if (vmAnalysis) {
|
|
214
|
-
warnings.push(`LLMVM: ${typeof vmAnalysis.vmType === 'string' ? vmAnalysis.vmType : 'Unknown'}`);
|
|
215
|
-
const vmWarnings = vmAnalysis.warnings;
|
|
216
|
-
if (Array.isArray(vmWarnings)) {
|
|
217
|
-
warnings.push(...vmWarnings);
|
|
218
|
-
}
|
|
219
|
-
const restorationSteps = vmAnalysis.restorationSteps;
|
|
220
|
-
if (Array.isArray(restorationSteps)) {
|
|
221
|
-
unresolvedParts.push({
|
|
222
|
-
location: 'VM Restoration',
|
|
223
|
-
reason: 'LLM',
|
|
224
|
-
suggestion: restorationSteps.join('\n'),
|
|
225
|
-
});
|
|
226
|
-
}
|
|
227
|
-
return {
|
|
228
|
-
code,
|
|
229
|
-
confidence: 0.6,
|
|
230
|
-
warnings,
|
|
231
|
-
unresolvedParts: unresolvedParts.length > 0 ? unresolvedParts : undefined,
|
|
232
|
-
};
|
|
233
|
-
}
|
|
234
|
-
return restoreCustomVMBasic(code, aggressive, warnings, unresolvedParts);
|
|
235
|
-
}
|
|
236
|
-
catch (error) {
|
|
237
|
-
logger.error('LLM', error);
|
|
238
|
-
warnings.push(`LLM: ${error}`);
|
|
239
|
-
return restoreCustomVMBasic(code, aggressive, warnings, unresolvedParts);
|
|
240
|
-
}
|
|
186
|
+
async function restoreCustomVM(_context, code, aggressive, warnings, unresolvedParts) {
|
|
187
|
+
warnings.push('AI-assisted deobfuscation removed, using fallback directly.');
|
|
188
|
+
return restoreCustomVMBasic(code, aggressive, warnings, unresolvedParts);
|
|
241
189
|
}
|
|
242
190
|
export function restoreCustomVMBasic(code, aggressive, warnings, unresolvedParts) {
|
|
243
191
|
let restored = code;
|
|
@@ -144,12 +144,11 @@ export class JScramberDeobfuscator {
|
|
|
144
144
|
}
|
|
145
145
|
restoreControlFlow(ast) {
|
|
146
146
|
let count = 0;
|
|
147
|
-
const self = this;
|
|
148
147
|
traverse(ast, {
|
|
149
|
-
WhileStatement(path) {
|
|
150
|
-
if (
|
|
148
|
+
WhileStatement: (path) => {
|
|
149
|
+
if (this.isControlFlowFlatteningPattern(path.node)) {
|
|
151
150
|
try {
|
|
152
|
-
|
|
151
|
+
this.unflattenControlFlowPattern(path);
|
|
153
152
|
count++;
|
|
154
153
|
}
|
|
155
154
|
catch { }
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { type LLMService } from '../../services/LLMService.js';
|
|
2
1
|
type VMStructure = {
|
|
3
2
|
hasInterpreter: boolean;
|
|
4
3
|
instructionTypes: string[];
|
|
@@ -11,15 +10,14 @@ type VMComponents = {
|
|
|
11
10
|
interpreterFunction?: string;
|
|
12
11
|
};
|
|
13
12
|
export declare class VMDeobfuscator {
|
|
14
|
-
|
|
15
|
-
constructor(llm?: LLMService);
|
|
13
|
+
constructor(legacyDependency?: unknown);
|
|
16
14
|
detectVMProtection(code: string): {
|
|
17
15
|
detected: boolean;
|
|
18
16
|
type: string;
|
|
19
17
|
instructionCount: number;
|
|
20
18
|
};
|
|
21
19
|
countVMInstructions(code: string): number;
|
|
22
|
-
deobfuscateVM(code: string,
|
|
20
|
+
deobfuscateVM(code: string, _vmInfo: {
|
|
23
21
|
type: string;
|
|
24
22
|
instructionCount: number;
|
|
25
23
|
}): Promise<{
|
|
@@ -28,12 +26,6 @@ export declare class VMDeobfuscator {
|
|
|
28
26
|
}>;
|
|
29
27
|
analyzeVMStructure(code: string): VMStructure;
|
|
30
28
|
extractVMComponents(code: string): VMComponents;
|
|
31
|
-
buildVMDeobfuscationPrompt(code: string, vmInfo: {
|
|
32
|
-
type: string;
|
|
33
|
-
instructionCount: number;
|
|
34
|
-
}, vmStructure: VMStructure, vmComponents: VMComponents): string;
|
|
35
29
|
simplifyVMCode(code: string, vmComponents: VMComponents): string;
|
|
36
|
-
extractCodeFromLLMResponse(response: string): string;
|
|
37
|
-
isValidJavaScript(code: string): boolean;
|
|
38
30
|
}
|
|
39
31
|
export {};
|
|
@@ -1,14 +1,10 @@
|
|
|
1
1
|
import { logger } from '../../utils/logger.js';
|
|
2
|
-
import { VM_DEOBF_LLM_MAX_TOKENS } from '../../constants.js';
|
|
3
|
-
import {} from '../../services/LLMService.js';
|
|
4
2
|
import * as parser from '@babel/parser';
|
|
5
3
|
import traverse from '@babel/traverse';
|
|
6
4
|
import * as t from '@babel/types';
|
|
7
|
-
import { generateVMDeobfuscationMessages } from '../../services/prompts/deobfuscation.js';
|
|
8
5
|
export class VMDeobfuscator {
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
this.llm = llm;
|
|
6
|
+
constructor(legacyDependency) {
|
|
7
|
+
void legacyDependency;
|
|
12
8
|
}
|
|
13
9
|
detectVMProtection(code) {
|
|
14
10
|
const vmPatterns = [
|
|
@@ -31,7 +27,7 @@ export class VMDeobfuscator {
|
|
|
31
27
|
const match = code.match(/case\s+\d+:/g);
|
|
32
28
|
return match ? match.length : 0;
|
|
33
29
|
}
|
|
34
|
-
async deobfuscateVM(code,
|
|
30
|
+
async deobfuscateVM(code, _vmInfo) {
|
|
35
31
|
logger.warn('VM deobfuscation is experimental and may fail');
|
|
36
32
|
try {
|
|
37
33
|
const vmStructure = this.analyzeVMStructure(code);
|
|
@@ -39,24 +35,6 @@ export class VMDeobfuscator {
|
|
|
39
35
|
logger.info(`Detected VM interpreter with ${vmStructure.instructionTypes.length} instruction types`);
|
|
40
36
|
}
|
|
41
37
|
const vmComponents = this.extractVMComponents(code);
|
|
42
|
-
if (this.llm) {
|
|
43
|
-
const prompt = this.buildVMDeobfuscationPrompt(code, vmInfo, vmStructure, vmComponents);
|
|
44
|
-
const response = await this.llm.chat(generateVMDeobfuscationMessages(prompt), {
|
|
45
|
-
temperature: 0.05,
|
|
46
|
-
maxTokens: VM_DEOBF_LLM_MAX_TOKENS,
|
|
47
|
-
});
|
|
48
|
-
const deobfuscatedCode = this.extractCodeFromLLMResponse(response.content);
|
|
49
|
-
if (this.isValidJavaScript(deobfuscatedCode)) {
|
|
50
|
-
logger.success('VM deobfuscation succeeded via LLM');
|
|
51
|
-
return {
|
|
52
|
-
success: true,
|
|
53
|
-
code: deobfuscatedCode,
|
|
54
|
-
};
|
|
55
|
-
}
|
|
56
|
-
else {
|
|
57
|
-
logger.warn('LLM output is not valid JavaScript, falling back to original');
|
|
58
|
-
}
|
|
59
|
-
}
|
|
60
38
|
const simplifiedCode = this.simplifyVMCode(code, vmComponents);
|
|
61
39
|
return {
|
|
62
40
|
success: simplifiedCode !== code,
|
|
@@ -134,91 +112,6 @@ export class VMDeobfuscator {
|
|
|
134
112
|
}
|
|
135
113
|
return components;
|
|
136
114
|
}
|
|
137
|
-
buildVMDeobfuscationPrompt(code, vmInfo, vmStructure, vmComponents) {
|
|
138
|
-
const codeSnippet = code.length > 2000 ? code.slice(0, 2000) + '\n...(truncated)' : code;
|
|
139
|
-
return `# VM Deobfuscation Analysis
|
|
140
|
-
|
|
141
|
-
## VM Profile
|
|
142
|
-
- **Architecture**: ${vmInfo.type}
|
|
143
|
-
- **Instruction Count**: ${vmInfo.instructionCount}
|
|
144
|
-
- **Interpreter Loop**: ${vmStructure.hasInterpreter ? 'Detected' : 'Not detected'}
|
|
145
|
-
- **Stack Operations**: ${vmStructure.hasStack ? 'Present' : 'Absent'}
|
|
146
|
-
- **Register Usage**: ${vmStructure.hasRegisters ? 'Present' : 'Absent'}
|
|
147
|
-
- **Instruction Variety**: ${vmStructure.instructionTypes.length} distinct types
|
|
148
|
-
|
|
149
|
-
## Identified Components
|
|
150
|
-
${vmComponents.instructionArray ? ` Instruction Array: Found at ${vmComponents.instructionArray}` : ' Instruction Array: Not found'}
|
|
151
|
-
${vmComponents.dataArray ? ` Data Array: Found at ${vmComponents.dataArray}` : ' Data Array: Not found'}
|
|
152
|
-
${vmComponents.interpreterFunction ? ` Interpreter Function: Found at ${vmComponents.interpreterFunction}` : ' Interpreter Function: Not found'}
|
|
153
|
-
|
|
154
|
-
## VM-Protected Code
|
|
155
|
-
\`\`\`javascript
|
|
156
|
-
${codeSnippet}
|
|
157
|
-
\`\`\`
|
|
158
|
-
|
|
159
|
-
## Deobfuscation Instructions (Chain-of-Thought)
|
|
160
|
-
|
|
161
|
-
### Step 1: VM Structure Analysis
|
|
162
|
-
Examine the code to identify:
|
|
163
|
-
- Instruction array (usually a large array of numbers/strings)
|
|
164
|
-
- Interpreter loop (while/for loop processing instructions)
|
|
165
|
-
- Stack/register variables
|
|
166
|
-
- Opcode handlers (switch-case or if-else chains)
|
|
167
|
-
|
|
168
|
-
### Step 2: Instruction Decoding
|
|
169
|
-
For each instruction type, determine:
|
|
170
|
-
- What JavaScript operation it represents (e.g., opcode 0x01 = addition)
|
|
171
|
-
- How it manipulates the stack/registers
|
|
172
|
-
- What side effects it has (function calls, property access, etc.)
|
|
173
|
-
|
|
174
|
-
### Step 3: Control Flow Reconstruction
|
|
175
|
-
- Map VM jumps/branches to JavaScript if/while/for statements
|
|
176
|
-
- Identify function calls and returns
|
|
177
|
-
- Reconstruct try-catch blocks if present
|
|
178
|
-
|
|
179
|
-
### Step 4: Code Generation
|
|
180
|
-
- Replace VM instruction sequences with equivalent JavaScript
|
|
181
|
-
- Use meaningful variable names based on usage context
|
|
182
|
-
- Remove VM overhead (interpreter loop, stack management)
|
|
183
|
-
- Preserve all side effects and program behavior
|
|
184
|
-
|
|
185
|
-
### Step 5: Validation
|
|
186
|
-
- Ensure output is syntactically valid JavaScript
|
|
187
|
-
- Verify no functionality is lost
|
|
188
|
-
- Add comments for complex patterns
|
|
189
|
-
|
|
190
|
-
## Example Transformation (Few-shot Learning)
|
|
191
|
-
|
|
192
|
-
**VM Code (Before)**:
|
|
193
|
-
\`\`\`javascript
|
|
194
|
-
var vm = [0x01, 0x05, 0x02, 0x03, 0x10];
|
|
195
|
-
var stack = [];
|
|
196
|
-
for(var i=0; i<vm.length; i++) {
|
|
197
|
-
switch(vm[i]) {
|
|
198
|
-
case 0x01: stack.push(5); break;
|
|
199
|
-
case 0x02: stack.push(3); break;
|
|
200
|
-
case 0x10: var b=stack.pop(), a=stack.pop(); stack.push(a+b); break;
|
|
201
|
-
}
|
|
202
|
-
}
|
|
203
|
-
console.log(stack[0]);
|
|
204
|
-
\`\`\`
|
|
205
|
-
|
|
206
|
-
**Deobfuscated Code (After)**:
|
|
207
|
-
\`\`\`javascript
|
|
208
|
-
var result = 5 + 3;
|
|
209
|
-
console.log(result);
|
|
210
|
-
\`\`\`
|
|
211
|
-
|
|
212
|
-
## Critical Requirements
|
|
213
|
-
1. Output ONLY the deobfuscated JavaScript code
|
|
214
|
-
2. NO markdown code blocks, NO explanations, NO comments outside the code
|
|
215
|
-
3. Code must be syntactically valid and executable
|
|
216
|
-
4. Preserve exact program logic and side effects
|
|
217
|
-
5. If full deobfuscation is impossible, return the best partial result
|
|
218
|
-
|
|
219
|
-
## Output Format
|
|
220
|
-
Return clean JavaScript code starting immediately (no preamble).`;
|
|
221
|
-
}
|
|
222
115
|
simplifyVMCode(code, vmComponents) {
|
|
223
116
|
try {
|
|
224
117
|
let simplified = code;
|
|
@@ -237,22 +130,4 @@ Return clean JavaScript code starting immediately (no preamble).`;
|
|
|
237
130
|
return code;
|
|
238
131
|
}
|
|
239
132
|
}
|
|
240
|
-
extractCodeFromLLMResponse(response) {
|
|
241
|
-
let code = response.trim();
|
|
242
|
-
code = code.replace(/^```(?:javascript|js)?\s*\n/i, '');
|
|
243
|
-
code = code.replace(/\n```\s*$/i, '');
|
|
244
|
-
return code.trim();
|
|
245
|
-
}
|
|
246
|
-
isValidJavaScript(code) {
|
|
247
|
-
try {
|
|
248
|
-
parser.parse(code, {
|
|
249
|
-
sourceType: 'module',
|
|
250
|
-
plugins: ['jsx', 'typescript'],
|
|
251
|
-
});
|
|
252
|
-
return true;
|
|
253
|
-
}
|
|
254
|
-
catch {
|
|
255
|
-
return false;
|
|
256
|
-
}
|
|
257
|
-
}
|
|
258
133
|
}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { readdir, rm, stat } from 'node:fs/promises';
|
|
2
2
|
import path from 'node:path';
|
|
3
|
+
import vm from 'node:vm';
|
|
3
4
|
import { logger } from '../../utils/logger.js';
|
|
4
5
|
const DEFAULT_OPTIONS = {
|
|
5
6
|
jsx: true,
|
|
@@ -60,7 +61,7 @@ function applyBundleMappings(bundle, mappings) {
|
|
|
60
61
|
function summarizeBundle(bundle, options, remapped) {
|
|
61
62
|
const maxBundleModules = options.maxBundleModules ?? MAX_BUNDLE_MODULES;
|
|
62
63
|
const modules = Array.from(bundle.modules.values())
|
|
63
|
-
.
|
|
64
|
+
.toSorted((left, right) => {
|
|
64
65
|
if (left.isEntry !== right.isEntry) {
|
|
65
66
|
return left.isEntry ? -1 : 1;
|
|
66
67
|
}
|
|
@@ -103,7 +104,7 @@ async function collectSavedArtifacts(rootDir, currentDir = rootDir) {
|
|
|
103
104
|
type: 'file',
|
|
104
105
|
});
|
|
105
106
|
}
|
|
106
|
-
return artifacts.
|
|
107
|
+
return artifacts.toSorted((left, right) => left.path.localeCompare(right.path));
|
|
107
108
|
}
|
|
108
109
|
export async function runWebcrack(code, options) {
|
|
109
110
|
const optionsUsed = normalizeOptions(options);
|
|
@@ -117,6 +118,17 @@ export async function runWebcrack(code, options) {
|
|
|
117
118
|
reason,
|
|
118
119
|
};
|
|
119
120
|
}
|
|
121
|
+
let sandboxOption;
|
|
122
|
+
try {
|
|
123
|
+
await import('isolated-vm');
|
|
124
|
+
}
|
|
125
|
+
catch {
|
|
126
|
+
logger.warn('isolated-vm is unavailable (likely Node 24 incompatibility). Falling back to native node:vm for deobfuscation sandbox.');
|
|
127
|
+
sandboxOption = async (evalCode) => {
|
|
128
|
+
const context = vm.createContext(Object.create(null));
|
|
129
|
+
return vm.runInContext(evalCode, context, { timeout: 8000 });
|
|
130
|
+
};
|
|
131
|
+
}
|
|
120
132
|
try {
|
|
121
133
|
const { webcrack } = (await import('webcrack'));
|
|
122
134
|
const result = await webcrack(code, {
|
|
@@ -125,6 +137,7 @@ export async function runWebcrack(code, options) {
|
|
|
125
137
|
deobfuscate: true,
|
|
126
138
|
unminify: optionsUsed.unminify,
|
|
127
139
|
mangle: optionsUsed.mangle,
|
|
140
|
+
...(sandboxOption ? { sandbox: sandboxOption } : {}),
|
|
128
141
|
});
|
|
129
142
|
const remapped = result.bundle
|
|
130
143
|
? applyBundleMappings(result.bundle, options.mappings)
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import type { LLMService } from '../../services/LLMService.js';
|
|
2
1
|
import type { DetectedEnvironmentVariables, MissingAPI } from '../../types/index.js';
|
|
3
2
|
import type { BrowserType } from '../emulator/BrowserEnvironmentRules.js';
|
|
4
3
|
export interface AIAnalysisResult {
|
|
@@ -18,13 +17,11 @@ export interface AIAnalysisResult {
|
|
|
18
17
|
confidence: number;
|
|
19
18
|
}
|
|
20
19
|
export declare class AIEnvironmentAnalyzer {
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
analyze(code: string, detected: DetectedEnvironmentVariables, missing: MissingAPI[], browserType?: BrowserType): Promise<AIAnalysisResult>;
|
|
24
|
-
private parseAIResponse;
|
|
20
|
+
constructor(legacyDependency?: unknown);
|
|
21
|
+
analyze(_code: string, _detected: DetectedEnvironmentVariables, _missing: MissingAPI[], _browserType?: BrowserType): Promise<AIAnalysisResult>;
|
|
25
22
|
private getEmptyResult;
|
|
26
|
-
analyzeAntiCrawl(
|
|
27
|
-
inferAPIImplementation(
|
|
28
|
-
generateSuggestions(detected: DetectedEnvironmentVariables, missing: MissingAPI[],
|
|
23
|
+
analyzeAntiCrawl(_code: string): Promise<AIAnalysisResult['antiCrawlFeatures']>;
|
|
24
|
+
inferAPIImplementation(_apiPath: string, _context: string): Promise<string | null>;
|
|
25
|
+
generateSuggestions(detected: DetectedEnvironmentVariables, missing: MissingAPI[], _browserType: BrowserType): Promise<string[]>;
|
|
29
26
|
private getDefaultSuggestions;
|
|
30
27
|
}
|