Thursday, October 8, 2009

Using a Custom Spidermonkey Version and bug fixes

I've added instructions within "INSTALL.spidermonkey" showing how to build a js-1.8.0rc1 custom version of spidermonkey with hooked eval() statements. Upon doing so, your decodings will be more reliable and effective!

Attackers can use techniques that change the scope of variables, therefore JavaScript hooks are not sufficient to handle them. When you modify the spidermonkey engine in this manner, you do not change the scope and such cases will continue to decode successfully. I do not distribute spidermonkey with jsunpack-n so you still have some choices in this area, and therefore I did not disable the eval() hooks in pre.js, which this spidermonkey modification replaces.

I've been working much more on parsing SWF files and I have a development version of a Flash Decompiler (for ActionScript code) in the works, stay tuned for that!

From the CHANGELOG:
Updates 2009-10-08 version 0.3.1a
1) bug fixes release
1a) I now distribute an optional gzip.py file (on by default)
This file was built to fix gzip decompression errors (from python2.5), you may not want to use js this if you use python2.6
2) rule detection updates
3) updates to pre.file
4) added instructions for compiling and using custom spidermonkey version INSTALL.spidermonkey
5) (not new) you can type "make clean" to destroy all temporary and log files

2 comments:

  1. I can't seem to extract the release without errors. I've tried 3 different GZIP unpackers and all 3 gave me an EOF exception w/ jsunpack-n.tgz.

    ReplyDelete
  2. You can either try executing this command (on linux),
    $ tar -zxvf jsunpack-n.tgz

    or

    Download 7-Zip from www.7-zip.org, its a free archive extraction program that I just verified works. I'm kind of curious, which ones failed for you? (They probably don't handle tar files correctly, since this is tar.gz file)

    ReplyDelete