Skip to content
This repository was archived by the owner on Feb 12, 2025. It is now read-only.

Commit

Permalink
Attempt at protecting scope from n decoding code eval
Browse files Browse the repository at this point in the history
  • Loading branch information
@Seneral
Seneral committed Aug 3, 2024
1 parent 68846d4 commit b63b139
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 8 deletions.
31 changes: 24 additions & 7 deletions page.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3365,15 +3365,32 @@ function yt_decodeStreams (config) {
decodeNCipher: function(cipher) {
if (!decodingData.nCodeBody || discardNCipherCode)
return "";
var evalString = "\"use strict\";\nvar " + decodingData.nCodeVar + " = \"" + cipher + "\";\n(function() {\n" + decodingData.nCodeBody + "\n}())";
var deciphered = "";
try {
deciphered = eval?.(evalString);
// Protect as many global variables as possible (all that are configurable)
// Copy them to backup and hide backup from evaluating scope before restoring
let backup = {};
for (let k of Object.keys(window)) {
let prop = Object.getOwnPropertyDescriptor(window, k);
if (!prop.configurable) continue; // Cannot protect this global variable
backup[k] = prop;
delete window[k];
}
var evalString = "\"use strict\";\nlet backup = {};\n(function(" + decodingData.nCodeVar + ") {\n" + decodingData.nCodeBody + "\n}(\"" + cipher + "\"))";
var deciphered = "";
try {
deciphered = eval?.(evalString);
}
catch (e) { console.error("Failed to evaluate n-cipher code: " + e); return ""; };
for (let k of Object.keys(backup)) {
if (Object.getOwnPropertyDescriptor(window, k) != undefined)
console.warn("Failed to protect global variable " + k + " or n deciphering code attempted to overwrite it!");
Object.defineProperty(window, k, backup[k]);
}
if (deciphered.includes("except"))
return "";
return deciphered;
}
catch (e) { console.error("Failed to evaluate n-cipher code: " + e); return ""; };
if (deciphered.includes("except"))
return "";
return deciphered;
catch (e) { console.error("Failed to prepare safe evaluation environment for n-cipher code: " + e); return ""; };
}
};
})
Expand Down
2 changes: 1 addition & 1 deletion sw.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ Licensed under AGPLv3
See https://github.com/Seneral/FlagPlayer for details
*/

var VERSION = 53;
var VERSION = 54;
var APP_CACHE = "flagplayer-cache-1";
var IMG_CACHE = "flagplayer-thumbs";
var MEDIA_CACHE = "flagplayer-media";
Expand Down

0 comments on commit b63b139

Please sign in to comment.