How to bypass JavaScript anti-debugging techniques with a simple idea
Since JavaScript is designed to expose the code itself to the user, it is obfuscated for reverse engineering measures or equipped with an anti-debugger. A simple and effective countermeasure against such anti-debugging is summarized in the blog 'nullpt.rs' that publishes JavaScript analysis technology.
Evading JavaScript Anti-Debugging Techniques
Debugging tools for analyzing JavaScript behavior are installed in many browsers. For example, in the case of Google Chrome, it can be accessed from the 'Source' tab of the developer tools. Open the JavaScript you want to analyze, click on the left part of the code to set a breakpoint, and see the variables and call stack contents when you reach that line.
In addition to setting from the GUI, breakpoints can also be set by inserting the statement 'debugger' into the code. If the debugger is not open, the debugger statement will be ignored and it will work normally, but if you open the debugger it will pause when it reaches that line.
One of the anti-debugging techniques that use the mechanism of the debugger statement is to prevent the use of the debugger by making this 'debugger' statement infinitely looped or entering it in large numbers. I can't use breakpoints because a lot of unintended pauses occur when analyzing. Of course, you can ignore the debugger statement by turning on 'disable breakpoints', but this will also disable the breakpoints set by the user.
The solution that the authors of nullpt.rs came up with is 'replace the reserved word debugger with another word'. Since it will change the specification of the JavaScript language itself, it is said that Firefox's source code was rewritten and rebuilt to realize it.
The new reserved word adopted this time is 'ticket_debugger'. By doing this, it is possible to completely ignore the debugger statements embedded in the code and pause only the parts necessary for analysis.
Numerous other anti-debugging technology workarounds are explained on the nullpt.rs blog, so check it out if you're interested.
Related Posts:
in Software, Web Application, Posted by log1d_ts