Fooling the debugger.

J

Jorge

Hi,

I've setup a page that completely overwrites itself after onload and
then sets up a timer to display a count.

Both FireFox/fireBug and Safari/webInspector get quite crazy with such
a convoluted page load and as a consequence there's no way to debug it
in these two, at least afaics. Could you try to stop/debug it and tell
me what you see ?

http://jorgechamorro.com/cljs/083/

TIA,
 
R

rf

Jorge said:
Hi,

I've setup a page that completely overwrites itself after onload and
then sets up a timer to display a count.
Why?

Both FireFox/fireBug and Safari/webInspector get quite crazy with such
a convoluted page load and as a consequence there's no way to debug it
in these two, at least afaics. Could you try to stop/debug it and tell
me what you see ?

What I see is some obfuscated javascript in an onload function.

I'm not even going to think about attempting to help you with this one!
 
J

Jorge

What I see is some obfuscated javascript in an onload function.

I'm not even going to think about attempting to help you with this one!

It's not obfuscated it's in base64, it's just document.writting()
this:

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">

<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Try to stop/debug me !</title>
<meta name="generator" content="TextMate http://macromates.com/">
<meta name="author" content="(e-mail address removed)">
<!-- Date: 2009-09-25 -->
<style>
body {
text-align:center;
font-size:450px;
}
</style>
</head>
<body>
<script type="text/javascript">
(function () {
var n= 0;
var setTimeout= window.setTimeout;
setTimeout(function f () {
document.body.innerHTML= (n++)+ "s";
setTimeout(f, 1e3);
}, 0);
})();
</script>
</body>
</html>

TIA,
 
S

SAM

Le 9/25/09 2:08 PM, Jorge a écrit :
Hi,

I've setup a page that completely overwrites itself after onload and
then sets up a timer to display a count.

Both FireFox/fireBug and Safari/webInspector get quite crazy with such
a convoluted page load and as a consequence there's no way to debug it
in these two, at least afaics. Could you try to stop/debug it and tell
me what you see ?

http://jorgechamorro.com/cljs/083/

Mais qu'est-il encore allé nous inventer là ?

But what he has imagined once more ?

Could you repeat the question ?

What there is to debug ?
 
R

rf

What I see is some obfuscated javascript in an onload function.

I'm not even going to think about attempting to help you with this one!

It's not obfuscated it's in base64, it's just document.writting()
this:

<snip code>

View source reveals this:

window.onload= function () {
var d="PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE"+
"1MIDQuMDEvL0VOIgogICAiaHR0cDovL3d3dy53My5vcmcvVFIv"+
"aHRtbDQvc3RyaWN0LmR0ZCI+Cgo8aHRtbCBsYW5nPSJlbiI+Cj"+
"xoZWFkPgogIDxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlw"+
"ZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij"+
"4KICA8dGl0bGU+VHJ5IHRvIHN0b3AvZGVidWcgbWUgITwvdGl0"+
"bGU+CiAgPG1ldGEgbmFtZT0iZ2VuZXJhdG9yIiBjb250ZW50PS"+
"JUZXh0TWF0ZSBodHRwOi8vbWFjcm9tYXRlcy5jb20vIj4KICA8"+
"bWV0YSBuYW1lPSJhdXRob3IiIGNvbnRlbnQ9ImpvcmdlQGpvcm"+
"dlY2hhbW9ycm8uY29tIj4KICA8IS0tIERhdGU6IDIwMDktMDkt"+
"MjUgLS0+CiAgPHN0eWxlPgogIGJvZHkgewogICAgdGV4dC1hbG"+
"lnbjpjZW50ZXI7CiAgICBmb250LXNpemU6NDUwcHg7CiAgfQog"+
"IDwvc3R5bGU+CjwvaGVhZD4KPGJvZHk+CiAgPHNjcmlwdCB0eX"+
"BlPSJ0ZXh0L2phdmFzY3JpcHQiPgogICAgIChmdW5jdGlvbiAo"+
"KSB7CiAgICAgICB2YXIgbj0gMDsKICAgICAgIHZhciBzZXRUaW"+
"1lb3V0PSB3aW5kb3cuc2V0VGltZW91dDsKICAgICAgIHNldFRp"+
"bWVvdXQoZnVuY3Rpb24gZiAoKSB7CiAgICAgICAgIGRvY3VtZW"+
"50LmJvZHkuaW5uZXJIVE1MPSAobisrKSsgInMiOwogICAgICAg"+
"ICBzZXRUaW1lb3V0KGYsIDFlMyk7CiAgICAgICAgfSwgMCk7Ci"+
"AgICAgfSkoKTsKICA8L3NjcmlwdD4KPC9ib2R5Pgo8L2h0bWw+";
document.write(atob(d));
};
That is obfuscation. True it would take a minute or so to obtain the real
code but, hey, this is *your* question. You do the work.
 
J

Jorge

Le 9/25/09 2:08 PM, Jorge a écrit :





Mais qu'est-il encore allé nous inventer là ?

But what he has imagined once more ?

Could you repeat the question ?

What there is to debug ?

Hi Sam,

The page at jorgechamorro.com/cljs/083/index.html completely
overwrites itself after onload with the same .html (**) that you can
see in jorgechamorro.com/cljs/083/index2.html.

The debugger in Safari, Chrome and FireFox works fine with the latter,
but not at all (*) with the former. I'm asking: why ? does it happen
to you too ?

Only Opera 10's dragonFly debugger does do it fine.

Can you try to stop the counter and tell me if you can, and how ?

Thanks,

(*)There's no way to set a breakpoint nor to see the running
<script>'s source code.

(**)In order to document.write() in window.onload(), I've put
the .html text to write in base64 format so that there's no need to
escape it. That's the "var d" you see in the source @ index.html, that
when decoded gives exactly the .html that you can see @ index2.html :
a very simple page with a running counter.
 
J

Jorge

It's not obfuscated it's in base64, it's just document.writting()
this:

<snip code>

View source reveals this:

window.onload= function () {
  var d="PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE"+
  "1MIDQuMDEvL0VOIgogICAiaHR0cDovL3d3dy53My5vcmcvVFIv"+
  "aHRtbDQvc3RyaWN0LmR0ZCI+Cgo8aHRtbCBsYW5nPSJlbiI+Cj"+
  "xoZWFkPgogIDxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlw"+
  "ZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij"+
  "4KICA8dGl0bGU+VHJ5IHRvIHN0b3AvZGVidWcgbWUgITwvdGl0"+
  "bGU+CiAgPG1ldGEgbmFtZT0iZ2VuZXJhdG9yIiBjb250ZW50PS"+
  "JUZXh0TWF0ZSBodHRwOi8vbWFjcm9tYXRlcy5jb20vIj4KICA8"+
  "bWV0YSBuYW1lPSJhdXRob3IiIGNvbnRlbnQ9ImpvcmdlQGpvcm"+
  "dlY2hhbW9ycm8uY29tIj4KICA8IS0tIERhdGU6IDIwMDktMDkt"+
  "MjUgLS0+CiAgPHN0eWxlPgogIGJvZHkgewogICAgdGV4dC1hbG"+
  "lnbjpjZW50ZXI7CiAgICBmb250LXNpemU6NDUwcHg7CiAgfQog"+
  "IDwvc3R5bGU+CjwvaGVhZD4KPGJvZHk+CiAgPHNjcmlwdCB0eX"+
  "BlPSJ0ZXh0L2phdmFzY3JpcHQiPgogICAgIChmdW5jdGlvbiAo"+
  "KSB7CiAgICAgICB2YXIgbj0gMDsKICAgICAgIHZhciBzZXRUaW"+
  "1lb3V0PSB3aW5kb3cuc2V0VGltZW91dDsKICAgICAgIHNldFRp"+
  "bWVvdXQoZnVuY3Rpb24gZiAoKSB7CiAgICAgICAgIGRvY3VtZW"+
  "50LmJvZHkuaW5uZXJIVE1MPSAobisrKSsgInMiOwogICAgICAg"+
  "ICBzZXRUaW1lb3V0KGYsIDFlMyk7CiAgICAgICAgfSwgMCk7Ci"+
  "AgICAgfSkoKTsKICA8L3NjcmlwdD4KPC9ib2R5Pgo8L2h0bWw+";
  document.write(atob(d));};

That is obfuscation. True it would take a minute or so to obtain the real
code but (..)

That's the point, that there's no way to see it (neither the .html nor
the .js) even though it's been decoded and document.written() and it's
running in front of your nose... There's no way to debug it nor stop
it... ?
 
T

Thomas 'PointedEars' Lahn

Stefan said:
Hundreds of ways. If the browser can receive and interpret it, so can I.
Disable JavaScript, use wget, use telnet, use a network sniffer, use a
proxy, etc... Remember, you are sending a) obfuscated code, along with
b) a function to descramble it. a + b = ?

"Debug" is simple with Firebug's multi-line console:

1. Press Ctrl+U to show the original source code.
2. Copy-paste lines from `window.atob= function atob (input) {' to `};'.
3. Replace `window.atob' with `var atob' (less error-prone).
4. Append lines from `var d="PC...' to `document.write(atob(d));' via
copy-paste.
5. Replace `document.write' with `console.log' (or omit the call).
6. Press Ctrl+Return to run the code.
7. Do whatever you want with the displayed value. Debug the result.

As for "stop", I don't think that is possible (besides disabling client-side
script support afterwards with e.g. the QuickJava extension, or rewriting
the code) because the return value of window.setTimeout() is not stored
anywhere and so is not available for the corresponding window.clearTimeout()
call; in addition, `f' is local, and the execution context is associated
only with an anonymous function [so eval("...", funcRef) cannot be used.]

BTW, the markup is not Valid, but its author declares it HTML 4.01 Strict.


PointedEars
___________
¹ in Firefox one could use Firebug's console instead
 
J

Jorge

Hundreds of ways. If the browser can receive and interpret it, so can I.
Disable JavaScript, use wget, use telnet, use a network sniffer, use a
proxy, etc... Remember, you are sending a) obfuscated code, along with
b) a function to descramble it. a + b = ?

That the .html source comes encoded in base64 has nothing to do with
the question. I did it so just to just avoid having to escape it. So
please try to forget about it. That's not the important point.

The thing is that the page completely overwrites itself with a
different page, and that then, both FireFox/FireBug and Safari/
WebInspector go crazy and are rendered useless.
"No way to debug it?" - Are you saying you're obfuscating your code on
purpose, and then want it to be easy to debug? Make up your mind :)

Again, please try to forget about the base64. See above.
 
J

Jorge

"Debug" is simple with Firebug's multi-line console:

1. Press Ctrl+U to show the original source code.
2. Copy-paste lines from `window.atob= function atob (input) {' to `};'..
3. Replace `window.atob' with `var atob' (less error-prone).
4. Append lines from `var d="PC...' to `document.write(atob(d));' via
   copy-paste.
5. Replace `document.write' with `console.log' (or omit the call).
6. Press Ctrl+Return to run the code.
7. Do whatever you want with the displayed value.  Debug the result.

Yes. Thanks. Try with this instead:

window.onload= function () {
var d= atob("PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE"+
"1MIDQuMDEvL0VOIgogICAiaHR0cDovL3d3dy53My5vcmcvVFIv"+
...
"ICBzZXRUaW1lb3V0KGYsIDFlMyk7CiAgICAgICAgfSwgMCk7Ci"+
"AgICAgfSkoKTsKICA8L3NjcmlwdD4KPC9ib2R5Pgo8L2h0bWw+");
alert(d);
document.write(d);
};
</script>

(I've saved it @ http://jorgechamorro.com/cljs/083/index3.html )

So that you can see the source as text, then, just after the
document.write executes, the debugger goes nuts (both firefox and/or
the webInspector too) and that's the end of the story (of the
debugging session). Why ?

(...)

TIA,
 
S

SAM

Le 9/26/09 2:18 AM, Jorge a écrit :
Hi Sam,

The page at jorgechamorro.com/cljs/083/index.html completely
overwrites itself after onload

I saw that. overwrite without closing.
(and I did not understand how that counter could count without timeout)
with the same .html (**) that you can
see in jorgechamorro.com/cljs/083/index2.html.
OK

The debugger in Safari, Chrome and FireFox works fine with the latter,
but not at all (*) with the former.

Yes.
I can save :
- the source (save as html)
- the displayed count (save all)
I'm asking: why ?

I don't know. ;-)
But it is funny.
(you're very inventive !)

Maybe it is because Firebug shows the modified html code ?
(as it uses to)
And see there nothing to debug ?
does it happen to you too ?

Yes.

You told about to use binary to do the same thing, I think.
Does that give the same result ?
Only Opera 10's dragonFly debugger does do it fine.

I have none of both.
Can you try to stop the counter and tell me if you can, and how ?

Very easily: closing the window.
(I cant speak in base 64, all what I see is to use a gun)

Anyway, how do you expect to clear a timeout that wasn't named ?

javascript:setTimeout(function f () {document.body.innerHTML= '';},0);
.... no ... don't work.
So ... a rifle ?

I tried !
(*)There's no way to set a breakpoint nor to see the running
<script>'s source code.

(**)In order to document.write() in window.onload(), I've put
the .html text to write in base64 format so that there's no need to
escape it. That's the "var d" you see in the source @ index.html, that
when decoded gives exactly the .html that you can see @ index2.html :
a very simple page with a running counter.

Think to put a space after the --
if not, that is not seen as a signature.
 
J

Jorge

Le 9/26/09 2:18 AM, Jorge a écrit :




I saw that. overwrite without closing.
(and I did not understand how that counter could count without timeout)


Yes.
I can save :
- the source (save as html)
- the displayed count (save all)


I don't know. ;-)
But it is funny.
(you're very inventive !)

Maybe it is because Firebug shows the modified html code ?
(as it uses to)
And see there nothing to debug ?


Yes.

You told about to use binary to do the same thing, I think.
Does that give the same result ?


Yes. At the end the document.write() parameter has to be a text,
anyways.

I have none of both.


You should try it. Opera 10 is a jewel. DragonFly is the (very good)
built-in debugger in Opera 10.

Very easily: closing the window.
(I cant speak in base 64, all what I see is to use a gun)

Anyway, how do you expect to clear a timeout that wasn't named ?


By setting a breakpoint in the debugger...

javascript:setTimeout(function f () {document.body.innerHTML= '';},0);
... no ... don't work.
So ... a rifle ?


I tried !


And I thank you very much !

Think to put a space after the --
if not, that is not seen as a signature.

oops.

Cheers,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,906
Latest member
SkinfixSkintag

Latest Threads

Top