7

I'm trying to reverse engineer a malicious JavaScript. When I initially load the side, JS code is injected that includes the -debugger- statement and injects breakpoints into my chrome developer console.

Reading through stackoverflow

  • Deactivate all breakpoints does not help -> script freezes
  • Continue debugger afterwards does not help -> script freezes
  • Mark the script as blackbox does not help -> script already frozen. Reload doesn't work.

Do you have any ideas how I could analyze / debug the script?

Actually I'm not even able to use the Console from the chrome developer tools because everything freezes.

Chrome Developer Console

tonispark
  • 133
  • 2
  • 7
  • https://stackoverflow.com/questions/15831685/how-to-stop-chrome-from-going-into-debug-mode – Colin Apr 27 '20 at 19:24
  • Not sure how this helps. Pause on Exceptions is deactived (see picture attached). Deactivate all breakpoint by the button beneath causes the same experience. – tonispark Apr 27 '20 at 19:34
  • 3
    See these answers: 1) [Is it possible to avoid breaking on a debugger statement in Chrome?](https://stackoverflow.com/q/53970719), 2) [Chrome how to disable debugger keyword or disable pause](https://stackoverflow.com/q/44463814), 3) [Chrome Developer Tools: Way to temporarily ignore or disable all debugger keywords](https://stackoverflow.com/q/36024166) – wOxxOm Apr 27 '20 at 19:37

2 Answers2

6

you probably found the option to right-click the line next to the debugger statement and select "Never pause here".

screenshot

however if blackboxing does not work for you - the above won't work either. you can use blackbox with a regex pattern, if applicable. it probably won't work either because malicious codes often use window.eval. in that case you override the window.eval yourself. for example

window.eval=x=>console.log(x);
oriadam
  • 7,747
  • 2
  • 50
  • 48
-2

visit chrome://version/

check v8 version

building v8 from source

edit src/ast/ast.h

class DebuggerStatement final : public Statement {
 private:
  friend class AstNodeFactory;
  friend Zone;

--  explicit DebuggerStatement(int pos) : Statement(pos, kDebuggerStatement) {}
++  explicit DebuggerStatement(int pos) : Statement(pos, kEmptyStatement) {}
};

building v8 again

diff out.gn/x64.release/d8

patch chromium binary

elf
  • 1