Skip to content

Instantly share code, notes, and snippets.

@patrickbrophy
Last active December 4, 2021 05:51
Show Gist options
  • Save patrickbrophy/9c7ab68500f3002d56f6dc4b4b3713be to your computer and use it in GitHub Desktop.
Save patrickbrophy/9c7ab68500f3002d56f6dc4b4b3713be to your computer and use it in GitHub Desktop.
PX 7.2.4 String Deobfuscator

Usage

  1. copy all files from this gist
  2. make a folder called "src"
  3. put index.ts in the src folder
  4. open terminal and run npm i
  5. run npm i -g typscript
  6. then run tsc in the terminal
  7. then run node . in the terminal
  8. check for file called "deobfuscated.js"
  9. have fun reversing.
import * as parser from "@babel/parser";
import * as t from "@babel/types";
import traverse from "@babel/traverse";
import generate from "@babel/generator";
import got from "got";
import atob from "atob";
import { writeFileSync } from "fs";
const decodePxString = (str: string) => {
for (var i = atob(str), a = "zNhxRXI", c = "", u = 0; u < i.length; ++u) {
var f = a.charCodeAt(u % 7);
c += String.fromCharCode(f ^ i.charCodeAt(u));
}
return c;
};
const isPxString = (str: string) => {
const pxRegex = new RegExp(/PX\d*/gm);
return pxRegex.test(str);
};
const deobfuscate = (script: string) => {
const ast = parser.parse(script);
traverse(ast, {
StringLiteral(path) {
const pxString = decodePxString(path.node.value);
if (
path.node.value.match(/KhZZ/gm) &&
isPxString(pxString) &&
path.parentPath.node.type === "CallExpression"
) {
path.parentPath.replaceWith(t.stringLiteral(pxString));
}
},
Identifier(path) {
if (
path.node.name === "H" &&
path.parentPath.node.type === "CallExpression" &&
path.parentPath.node.arguments.length === 1 &&
path.parentPath.node.arguments[0].type === "StringLiteral"
) {
const decodedString = atob(path.parentPath.node.arguments[0].value);
path.parentPath.replaceWith(t.stringLiteral(decodedString));
}
},
});
const code = generate(ast).code;
return code;
};
const main = async () => {
const { body } = await got("https://www.walmart.com/px/PXu6b0qd2S/init.js");
const deobfuscated = deobfuscate(body);
writeFileSync("./deobfuscated.js", deobfuscated);
};
main();
{
"name": "px-deobfuscator",
"version": "1.0.0",
"description": "",
"main": "dist/index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1",
"build": "tsc",
"start": "node ./dist/index.js"
},
"keywords": [],
"author": "",
"license": "ISC",
"devDependencies": {
"@types/atob": "^2.1.2",
"@types/babel-types": "^7.0.9",
"@types/babel__generator": "^7.6.2",
"@types/babel__traverse": "^7.11.1",
"typescript": "^4.2.4"
},
"dependencies": {
"@babel/generator": "^7.13.9",
"@babel/parser": "^7.13.15",
"@babel/traverse": "^7.13.15",
"@babel/types": "^7.13.14",
"@types/btoa": "^1.2.3",
"atob": "^2.1.2",
"got": "^11.8.2"
}
}
{
"compilerOptions": {
/* Visit https://aka.ms/tsconfig.json to read more about this file */
/* Basic Options */
// "incremental": true, /* Enable incremental compilation */
"target": "es5" /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019', 'ES2020', or 'ESNEXT'. */,
"module": "commonjs" /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', 'es2020', or 'ESNext'. */,
// "lib": [], /* Specify library files to be included in the compilation. */
// "allowJs": true, /* Allow javascript files to be compiled. */
// "checkJs": true, /* Report errors in .js files. */
// "jsx": "preserve", /* Specify JSX code generation: 'preserve', 'react-native', or 'react'. */
// "declaration": true, /* Generates corresponding '.d.ts' file. */
// "declarationMap": true, /* Generates a sourcemap for each corresponding '.d.ts' file. */
// "sourceMap": true, /* Generates corresponding '.map' file. */
// "outFile": "./", /* Concatenate and emit output to single file. */
"outDir": "./dist" /* Redirect output structure to the directory. */,
"rootDir": "./src" /* specify the root directory of input files. use to control the output directory structure with --outdir. */,
// "composite": true, /* Enable project compilation */
// "tsBuildInfoFile": "./", /* Specify file to store incremental compilation information */
// "removeComments": true, /* Do not emit comments to output. */
// "noEmit": true, /* Do not emit outputs. */
// "importHelpers": true, /* Import emit helpers from 'tslib'. */
// "downlevelIteration": true, /* Provide full support for iterables in 'for-of', spread, and destructuring when targeting 'ES5' or 'ES3'. */
// "isolatedModules": true, /* Transpile each file as a separate module (similar to 'ts.transpileModule'). */
/* Strict Type-Checking Options */
"strict": true /* Enable all strict type-checking options. */,
// "noImplicitAny": true, /* Raise error on expressions and declarations with an implied 'any' type. */
// "strictNullChecks": true, /* Enable strict null checks. */
// "strictFunctionTypes": true, /* Enable strict checking of function types. */
// "strictBindCallApply": true, /* Enable strict 'bind', 'call', and 'apply' methods on functions. */
// "strictPropertyInitialization": true, /* Enable strict checking of property initialization in classes. */
// "noImplicitThis": true, /* Raise error on 'this' expressions with an implied 'any' type. */
// "alwaysStrict": true, /* Parse in strict mode and emit "use strict" for each source file. */
/* Additional Checks */
// "noUnusedLocals": true, /* Report errors on unused locals. */
// "noUnusedParameters": true, /* Report errors on unused parameters. */
// "noImplicitReturns": true, /* Report error when not all code paths in function return a value. */
// "noFallthroughCasesInSwitch": true, /* Report errors for fallthrough cases in switch statement. */
// "noUncheckedIndexedAccess": true, /* Include 'undefined' in index signature results */
/* Module Resolution Options */
// "moduleResolution": "node", /* Specify module resolution strategy: 'node' (Node.js) or 'classic' (TypeScript pre-1.6). */
// "baseUrl": "./", /* Base directory to resolve non-absolute module names. */
// "paths": {}, /* A series of entries which re-map imports to lookup locations relative to the 'baseUrl'. */
// "rootDirs": [], /* List of root folders whose combined content represents the structure of the project at runtime. */
// "typeRoots": [], /* List of folders to include type definitions from. */
// "types": [], /* Type declaration files to be included in compilation. */
// "allowSyntheticDefaultImports": true, /* Allow default imports from modules with no default export. This does not affect code emit, just typechecking. */
"esModuleInterop": true /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */,
// "preserveSymlinks": true, /* Do not resolve the real path of symlinks. */
// "allowUmdGlobalAccess": true, /* Allow accessing UMD globals from modules. */
/* Source Map Options */
// "sourceRoot": "", /* Specify the location where debugger should locate TypeScript files instead of source locations. */
// "mapRoot": "", /* Specify the location where debugger should locate map files instead of generated locations. */
// "inlineSourceMap": true, /* Emit a single file with source maps instead of having a separate file. */
// "inlineSources": true, /* Emit the source alongside the sourcemaps within a single file; requires '--inlineSourceMap' or '--sourceMap' to be set. */
/* Experimental Options */
// "experimentalDecorators": true, /* Enables experimental support for ES7 decorators. */
// "emitDecoratorMetadata": true, /* Enables experimental support for emitting type metadata for decorators. */
/* Advanced Options */
"skipLibCheck": true /* Skip type checking of declaration files. */,
"forceConsistentCasingInFileNames": true /* Disallow inconsistently-cased references to the same file. */
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment