The most common method in javascript obfuscation to access "window" in an obfuscated way is to leak it. In standard mode (non "strict mode"), the global object (window) can leak in some cases. Here's a quick example to show how you can leak it :
function test() {
return this;
}
a = test();
The variable "a" will now contain "window". This is a simple example, but it's not that great for obfuscation. What is better to use for obfuscation are native method that can leak the "window". One of the native method that is the simplest and most reliable to leak the global object from is "Array.prototype.concat".
Example :
a = [].concat; // We create a reference to Array.prototype.concat
b= a()[0]; // b now contains "window"
If you want to obfuscate this further you can always use the trick learned in the previous blog post and transform it into this :
[_=[][(1+{})[6]+(1+{})[2]+([][0]+"")[1]+(1+{})[6]+(!1+"")[1]+(!0+"")[0]],__=_()[0]]
Now "__" contains the "window" global object.
Great, Thanks !
ReplyDelete