Anti Anti-debugger

Stops most anti-debugging implementations by JavaScript obfuscators and stops the console logs from being automatically cleared.

< Feedback on Anti Anti-debugger

Question/comment

§
Posted: 18.02.2024
Edited: 18.02.2024

[BUG] There are some bugs that affect usage

the demo page is here

(I'm sorry but I couldn't beautify my issue content because most HTML style is not allowed in GF)

Bug 1: Function cannot be constructed if a "debugger" text is included

Steps to reproduce
  1. Install the userscript
  2. Construct a function. The func does both "debugger" statement and normal codes.
  3. Nothing will run - even the normal code(s)!



Bug is caused by
Line 32
if (callerContent.includes(/\bdebugger\b/gi)) { //Eliminate all debugger statements from the caller, if any
As the MDN Web Docs said,
TypeError
Thrown if searchString is a regex.
String.prototype.includes is not allowed to pass an argument which is a RegExp. It should be considered to use other ways to do this.



Importance
This bug affects some normal app logic in some website.




Bug 2: Couldn't be processed if the Anti-debugger is directly constructed by calling Function

Steps to reproduce
  1. Install the userscript
  2. Construct a function by using code like this: Function('debugger')/* No "new" keyword is used*/
  3. The Anti-debugger works



Bug is caused by
The script overrided Function.prototype.constructor but kept Function itself.



How to fix (my personal opinion)
override Function




Example

the demo page is here. Learn more by opening DevTools on that page.

hacker09Author
§
Posted: 22.02.2024
Edited: 22.02.2024

Thanks I haven't noticed this script giving any bugs on any websites though...

I tried the codes below, and the include error was fixed, but then I ran into another problem

Bug 1 Fix:

// Change this line:
if (callerContent.includes(/\bdebugger\b/gi)) {

// To this:
if (typeof callerContent === 'string' && callerContent.includes('debugger')) {

Bug 2 Fix:

// Add this code after line 24:
const _Function = unsafeWindow.Function;
unsafeWindow.Function = function() {
    if (arguments[0] && arguments[0].includes('debugger')) {
        return function() {};
    }
    return _Function.apply(this, arguments);
};

Post reply

Sign in to post a reply.