From e24147b6fa3df5269af97519cdbe6a856f1cad88 Mon Sep 17 00:00:00 2001
From: j4k0xb <55899582+j4k0xb@users.noreply.github.com>
Date: Sun, 17 Dec 2023 03:41:41 +0100
Subject: [PATCH] chore: re-add debug logs

---
 packages/webcrack/src/ast-utils/transform.ts | 27 ++++++++++++++++----
 packages/webcrack/src/deobfuscate/index.ts   | 11 +++++++-
 packages/webcrack/src/deobfuscate/vm.ts      | 10 ++++++--
 packages/webcrack/src/index.ts               | 13 +++++-----
 packages/webcrack/src/unminify/index.ts      |  4 ++-
 packages/webcrack/src/unpack/index.ts        |  2 ++
 6 files changed, 51 insertions(+), 16 deletions(-)

diff --git a/packages/webcrack/src/ast-utils/transform.ts b/packages/webcrack/src/ast-utils/transform.ts
index a41ae1eb..88640eea 100644
--- a/packages/webcrack/src/ast-utils/transform.ts
+++ b/packages/webcrack/src/ast-utils/transform.ts
@@ -1,16 +1,26 @@
-import traverse, { Node, TraverseOptions, Visitor, visitors } from '@babel/traverse';
+import traverse, {
+  Node,
+  TraverseOptions,
+  Visitor,
+  visitors,
+} from '@babel/traverse';
+import debug from 'debug';
+
+const logger = debug('webcrack:transforms');
 
 export async function applyTransformAsync<TOptions>(
   ast: Node,
   transform: AsyncTransform<TOptions>,
   options?: TOptions,
 ): Promise<TransformState> {
+  logger(`${transform.name}: started`);
   const state: TransformState = { changes: 0 };
 
   await transform.run?.(ast, state, options);
   if (transform.visitor)
     traverse(ast, transform.visitor(options), undefined, state);
 
+  logger(`${transform.name}: finished with ${state.changes} changes`);
   return state;
 }
 
@@ -20,24 +30,30 @@ export function applyTransform<TOptions>(
   options?: TOptions,
   noScopeOverride?: boolean,
 ): TransformState {
+  logger(`${transform.name}: started`);
   const state: TransformState = { changes: 0 };
-
   transform.run?.(ast, state, options);
 
   if (transform.visitor) {
-    const visitor = transform.visitor(options) as TraverseOptions<TransformState>;
+    const visitor = transform.visitor(
+      options,
+    ) as TraverseOptions<TransformState>;
     visitor.noScope = noScopeOverride || !transform.scope;
     traverse(ast, visitor, undefined, state);
   }
 
+  logger(`${transform.name}: finished with ${state.changes} changes`);
   return state;
 }
 
 export function applyTransforms(
   ast: Node,
   transforms: Transform[],
-  noScopeOverride?: boolean,
+  options: { noScope?: boolean; name?: string; log?: boolean } = {},
 ): TransformState {
+  options.log ??= true;
+  const name = options.name ?? transforms.map((t) => t.name).join(', ');
+  if (options.log) logger(`${name}: started`);
   const state: TransformState = { changes: 0 };
 
   for (const transform of transforms) {
@@ -48,10 +64,11 @@ export function applyTransforms(
   if (traverseOptions.length > 0) {
     const visitor: TraverseOptions<TransformState> =
       visitors.merge(traverseOptions);
-    visitor.noScope = noScopeOverride || transforms.every((t) => !t.scope);
+    visitor.noScope = options.noScope || transforms.every((t) => !t.scope);
     traverse(ast, visitor, undefined, state);
   }
 
+  if (options.log) logger(`${name}: finished with ${state.changes} changes`);
   return state;
 }
 
diff --git a/packages/webcrack/src/deobfuscate/index.ts b/packages/webcrack/src/deobfuscate/index.ts
index a537d5e9..7402e23d 100644
--- a/packages/webcrack/src/deobfuscate/index.ts
+++ b/packages/webcrack/src/deobfuscate/index.ts
@@ -1,3 +1,4 @@
+import debug from 'debug';
 import {
   AsyncTransform,
   applyTransform,
@@ -32,12 +33,20 @@ export default {
   async run(ast, state, sandbox) {
     if (!sandbox) return;
 
+    const logger = debug('webcrack:deobfuscate');
     const stringArray = findStringArray(ast);
+    logger(
+      stringArray
+        ? `String Array: ${stringArray.length} strings`
+        : 'String Array: no'
+    );
     if (!stringArray) return;
 
     const rotator = findArrayRotator(stringArray);
+    logger(`String Array Rotate: ${rotator ? 'yes' : 'no'}`);
 
     const decoders = findDecoders(stringArray);
+    logger(`String Array Encodings: ${decoders.length}`);
 
     state.changes += applyTransform(ast, inlineObjectProps).changes;
 
@@ -62,7 +71,7 @@ export default {
     state.changes += applyTransforms(
       ast,
       [mergeStrings, deadCode, controlFlowObject, controlFlowSwitch],
-      true,
+      { noScope: true },
     ).changes;
   },
 } satisfies AsyncTransform<Sandbox>;
diff --git a/packages/webcrack/src/deobfuscate/vm.ts b/packages/webcrack/src/deobfuscate/vm.ts
index cfc0ee3a..e18c11a9 100644
--- a/packages/webcrack/src/deobfuscate/vm.ts
+++ b/packages/webcrack/src/deobfuscate/vm.ts
@@ -1,5 +1,6 @@
 import { NodePath } from '@babel/traverse';
 import { CallExpression } from '@babel/types';
+import debug from 'debug';
 import { generate } from '../ast-utils';
 import { ArrayRotator } from './array-rotator';
 import { Decoder } from './decoder';
@@ -67,7 +68,12 @@ export class VMDecoder {
       return [${calls.join(',')}]
     })()`;
 
-    const result = await this.sandbox(code);
-    return result as unknown[];
+    try {
+      const result = await this.sandbox(code);
+      return result as unknown[];
+    } catch (error) {
+      debug('webcrack:deobfuscate')('vm code:', code);
+      throw error;
+    }
   }
 }
diff --git a/packages/webcrack/src/index.ts b/packages/webcrack/src/index.ts
index 75690d86..19c0a4b6 100644
--- a/packages/webcrack/src/index.ts
+++ b/packages/webcrack/src/index.ts
@@ -130,12 +130,11 @@ export async function webcrack(
       }));
     },
     () => {
-      return applyTransforms(ast, [
-        blockStatements,
-        sequence,
-        splitVariableDeclarations,
-        varFunctions,
-      ]);
+      return applyTransforms(
+        ast,
+        [blockStatements, sequence, splitVariableDeclarations, varFunctions],
+        { name: 'prepare' },
+      );
     },
     options.deobfuscate &&
       (() => applyTransformAsync(ast, deobfuscate, options.sandbox)),
@@ -153,7 +152,7 @@ export async function webcrack(
             options.deobfuscate ? [selfDefending, debugProtection] : [],
             options.jsx ? [jsx, jsxNew] : [],
           ].flat(),
-          true,
+          { noScope: true },
         );
       }),
     options.deobfuscate && (() => applyTransform(ast, mergeObjectAssignments)),
diff --git a/packages/webcrack/src/unminify/index.ts b/packages/webcrack/src/unminify/index.ts
index 5b52b969..e8c08e0e 100644
--- a/packages/webcrack/src/unminify/index.ts
+++ b/packages/webcrack/src/unminify/index.ts
@@ -12,7 +12,9 @@ export const unminify = {
   tags: ['safe'],
   scope: true,
   run(ast, state) {
-    state.changes += applyTransforms(ast, Object.values(transforms)).changes;
+    state.changes += applyTransforms(ast, Object.values(transforms), {
+      log: false,
+    }).changes;
   },
 } satisfies Transform;
 
diff --git a/packages/webcrack/src/unpack/index.ts b/packages/webcrack/src/unpack/index.ts
index 3da93e36..205f5ae2 100644
--- a/packages/webcrack/src/unpack/index.ts
+++ b/packages/webcrack/src/unpack/index.ts
@@ -5,6 +5,7 @@ import * as m from '@codemod/matchers';
 import { unpackBrowserify } from './browserify';
 import { Bundle } from './bundle';
 import { unpackWebpack } from './webpack';
+import debug from 'debug';
 
 export { Bundle } from './bundle';
 
@@ -34,6 +35,7 @@ export function unpackAST(
   if (options.bundle) {
     options.bundle.applyMappings(mappings);
     options.bundle.applyTransforms();
+    debug('webcrack:unpack')('Bundle:', options.bundle.type);
   }
   return options.bundle;
 }