Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate 'reverse sourcemap' from unminified output, that can be used directly with the original minified bundle #66

Open
0xdevalias opened this issue Dec 4, 2023 · 7 comments
Open

Generate 'reverse sourcemap' from unminified output, that can be used directly with the original minified bundle #66

0xdevalias opened this issue Dec 4, 2023 · 7 comments
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@0xdevalias
Copy link

Another sourcemap related idea I had (which probably deserves it's own issue) is that it would be cool to be able to 'retroactively generate a sourcemap) for a webapp, based on the unminified output from wakaru; such that we could than take that sourcemap, and apply it to the original minified web app source for debugging the live app.

Originally posted by @0xdevalias in #34 (comment)
@0xdevalias 0xdevalias mentioned this issue Dec 4, 2023
Open
@pionxzh
Copy link
Owner

pionxzh commented Dec 4, 2023

I can see the value of this. But jscodeshift does not support sourcemap, so we could not do anything about this.

@pionxzh pionxzh added enhancement New feature or request wontfix This will not be worked on labels Dec 4, 2023
@pionxzh pionxzh closed this as not planned Won't fix, can't repro, duplicate, stale Dec 4, 2023
@j4k0xb
Copy link

j4k0xb commented Dec 4, 2023

I experimented with this a while ago.
Here's a script to reverse it (babel/webcrack can generate sourcemaps of the transformations):
https://gist.github.com/j4k0xb/0d76d103db9696b515ce9c51c45b76b8

reverse-sourcemap.mp4

With some changes it should also be possible to make it work for modules of an unpacked bundles.

if there are sourcemaps available for that original module, then we could potentially extract the original function/variable/etc names from the names field of the sourcemap, and use them in a sort of 'smart-rename with sourcemap' type way.
Originally posted by @0xdevalias in #34 (comment)

Then you might as well get the original source code ^^ https://github.com/Anthonyzou/Sourcemap-Unpack

@0xdevalias
Copy link
Author

0xdevalias commented Dec 5, 2023
edited
Loading

But jscodeshift does not support sourcemap, so we could not do anything about this.

@pionxzh Oh wow.. really? recast definitely does, so I'm surprised jscodeshift doesn't!

This was the only issue I could find mentioning it, and while it was 'closed as completed', it didn't really suggest that it actually was implemented anywhere:

It also seems that @babel/generator has support for them:

But I'm not sure if jscodeshift uses that when babel is used as the parser. This was the only issue I found related to @babel/parser and sourcemaps:

Then you might as well get the original source code ^^ Anthonyzou/Sourcemap-Unpack

@j4k0xb I was more thinking in the case of a common library such as React, bundled into the web app I'm reversing. I could go and manually look at React's source code/etc because it's open source. If the sourcemaps contain the full source I could also extract them from there.

But I'm sort of less interested in getting the original source code of the (likely open source anyway) bundled module, as I am in being able to identify all of the bits related to that lib and 'reduce the noise' in the rest of the code I'm actually trying to look at; while also enriching the 'downstream app' with proper names for any functions/etc exported from that common lib that might have been mangled in minification process.

@pionxzh
Copy link
Owner

pionxzh commented Dec 5, 2023

I also saw that issue and assumed it's closed as wont fix. I have left a comment in facebook/jscodeshift#322 to check its status. But I'm afraid that there are still lebab, prettier running in the middle, and they don't support sourcemap.

lebab's rule can be re-implemented back into wakaru. prettier can be altered with other tools. Just sharing the information here first.

@pionxzh
Copy link
Owner

pionxzh commented Dec 5, 2023

I just checked the implementation in jscodeshift, and it seems like it might be possible to generate the sourcemap via recast. jscodeshift is simply manipulating the recast node, so recast should be able to do its work.

But this would be low-priority for me; PRs are welcome if anyone is interested.
PR can ignore the part that I mentioned about lebab and prettier.

@pionxzh pionxzh reopened this Dec 5, 2023
@pionxzh pionxzh added help wanted Extra attention is needed and removed wontfix This will not be worked on labels Dec 5, 2023
@0xdevalias
Copy link
Author

0xdevalias commented Dec 6, 2023
edited
Loading

But I'm afraid that there are still lebab, prettier running in the middle, and they don't support sourcemap.

@pionxzh It looks like at least part of lebab is also built on top of recast, so should hopefully be able to leverage it's sourcemap support that way:

I just checked the implementation in jscodeshift, and it seems like it might be possible to generate the sourcemap via recast

@pionxzh Exciting!

But this would be low-priority for me; PRs are welcome if anyone is interested.
PR can ignore the part that I mentioned about lebab and prettier.

@pionxzh nods, totally understandable

@0xdevalias 0xdevalias mentioned this issue Dec 10, 2024
Open
@0xdevalias
Copy link
Author

See also:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@0xdevalias @pionxzh @j4k0xb