From 521907fba198f12d603cb16878843a4bed610a3d Mon Sep 17 00:00:00 2001
From: Ben Baryo <60312583+BenBaryoPX@users.noreply.github.com>
Date: Sun, 29 Jan 2023 12:41:44 +0200
Subject: [PATCH] Avoid anti debugging trap (#69)

* Prevent resolving a function's toString as it might be an anti-debugging mechanism which will spring if the code is beautified

* Improve comparison between eval results

* 1.6.5
---
 package-lock.json                       | 4 ++--
 package.json                            | 2 +-
 src/modules/unsafe/evalInVm.js          | 2 +-
 src/modules/unsafe/resolveLocalCalls.js | 4 ++++
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 13247a6..b528612 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "restringer",
-  "version": "1.6.4",
+  "version": "1.6.5",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "restringer",
-      "version": "1.6.4",
+      "version": "1.6.5",
       "license": "MIT",
       "dependencies": {
         "flast": "^1.0.1",
diff --git a/package.json b/package.json
index 2da5a09..67133bf 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "restringer",
-  "version": "1.6.4",
+  "version": "1.6.5",
   "description": "Deobfuscate Javascript with emphasis on reconstructing strings",
   "main": "index.js",
   "bin": {
diff --git a/src/modules/unsafe/evalInVm.js b/src/modules/unsafe/evalInVm.js
index 98846e1..f1a3ec4 100644
--- a/src/modules/unsafe/evalInVm.js
+++ b/src/modules/unsafe/evalInVm.js
@@ -66,7 +66,7 @@ function evalInVm(stringToEval) {
 				else {
 					// To exclude results based on randomness or timing, eval again and compare results
 					const res2 = (new VM(vmOptions)).run(stringToEval);
-					assert.deepEqual(res, res2);
+					assert.deepEqual(res.toString(), res2.toString());
 					cache[cacheName] = createNewNode(res);
 				}
 			}
diff --git a/src/modules/unsafe/resolveLocalCalls.js b/src/modules/unsafe/resolveLocalCalls.js
index 28f1707..96fde51 100644
--- a/src/modules/unsafe/resolveLocalCalls.js
+++ b/src/modules/unsafe/resolveLocalCalls.js
@@ -67,6 +67,10 @@ function resolveLocalCalls(arb, candidateFilter = () => true) {
 		const src = context ? `${context}\n${nodeSrc}` : nodeSrc;
 		const newNode = evalInVm(src);
 		if (newNode !== badValue && newNode.type !== 'FunctionDeclaration' && newNode.name !== 'undefined') {
+			// Prevent resolving a function's toString as it might be an anti-debugging mechanism
+			// which will spring if the code is beautified
+			if (c.callee.type === 'MemberExpression' && (c.callee.property?.name || c.callee.property?.value) === 'toString' &&
+				(new RegExp('^function ')).test(newNode?.value)) continue;
 			arb.markNode(c, newNode);
 			modifiedRanges.push(c.range);
 		}