Our work mainly focuses on DOM simulation. I believe the following is the most important for deobfuscation, but we also do lot more so that our program can handle normal web pages. We will not list them here.
Our code can be found at:
1. DOM tree generation.
The code is like this:
def __call__(self, *arg): return unknown_obj()
def __getitem__(self, key): return unknown_obj()
def __getattr__(self, name): return unknown_obj()
The three methods are: __call__ for function calls (*arg means arg is the argument list), __getitem__ for the visit to members using '', such as a and 3 is the key, __getattr__ just like we mentioned, for any visit to members using '.'. So almost every kind of codes is legal to an object like this. For example:
There are of course more of them, but we only list which will bring
confusion to our code. Note that the current version is based on IE,
not FF, since its more vulnerable.
I don't know how to write HTML in this blog, so i hope i can make them clear without examples.
1. Both in IE and FF, we can use the ID of a DOM object to call it. But we cannot always use 'document.id' to call it. In FF, document.f (f is id of a form) is undefined, but in IE, document.i (i is id of an image) and some other DOMs is undefined.
It seems that there was some problems in this blog system, and i was busy with my final exam, so i haven't written blog a long time since the project starts.