[File] [PATCH] Add magic for v8 JavaScript bytecode
Alexandre IOOSS
erdnaxe at crans.org
Wed Aug 31 14:39:07 UTC 2022
Oops, I didn't want to put this description in the commit. Sending a new
patch revision. Sorry,
-- Alexandre
On 8/31/22 15:45, Alexandre Iooss wrote:
> Hello,
>
> I would like to propose the following signature for v8 engine bytecode.
> It is used to protect embedded JavaScript in some desktop applications.
>
> As the header structure changed a lot in the past, I tried to make this
> signature works with bytecode generated from many versions of v8. I ran
> the following script using different versions of Docker NodeJS
> container to generate a test dataset:
> ```
> #!/usr/bin/env bash
> export V8_VERSION=$(node -p process.versions.v8)
> echo $V8_VERSION
> echo 'console.log("Hello");' | /mnt/node_modules/.bin/bytenode --compile - > /mnt/$V8_VERSION.jsc
> ```
>
> Best regards,
>
> ---
> magic/Magdir/javascript | 99 +++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 99 insertions(+)
>
> diff --git a/magic/Magdir/javascript b/magic/Magdir/javascript
> index 1e29c5e8..4feeacc5 100644
> --- a/magic/Magdir/javascript
> +++ b/magic/Magdir/javascript
> @@ -20,3 +20,102 @@
> # BCGen/HBC/BytecodeFileFormat.h#L24
> 0 lequad 0x1F1903C103BC1FC6 Hermes JavaScript bytecode
> >8 lelong x \b, version %d
> +
> +# v8 JavaScript engine bytecode
> +# From: Alexandre Iooss <erdnaxe at crans.org>
> +# URL: https://v8.dev/docs/ignition
> +# Note: used in bytenode and NW.js protected source code
> +# V8 bytecode extraction was added in NodeJS v5.7.0 (V8 4.6.85.31).
> +# Version information is provided for some v8 versions found in NodeJS releases.
> +2 uleshort =0xC0DE
> +>0 ulelong^0xC0DE0000 >0
> +# Reservation table starts at 40
> +>>40 ulelong&0xFFFFFF00 =0x80000000
> +# Stub keys present
> +>>>24 ulelong >0
> +>>>>0 ulelong^0xC0DE0000 x v8 bytecode, external reference table size: %u bytes,
> +>>>>4 ulelong =0xEE4BF478 version 5.1.281.111,
> +>>>>4 ulelong =0xC4A0100C version 5.5.372.43,
> +>>>>8 ulelong x source size: %u bytes,
> +>>>>12 ulelong x cpu features: 0x%08X,
> +>>>>16 ulelong x flag hash: 0x%08X,
> +>>>>20 ulelong x %u reservations,
> +>>>>28 ulelong x payload size: %u bytes,
> +>>>>32 ulelong x checksum1: 0x%08X,
> +>>>>36 ulelong x checksum2: 0x%08X
> +# No stub keys
> +>>>24 ulelong =0
> +>>>>0 ulelong^0xC0DE0000 x v8 bytecode, external reference table size: %u bytes,
> +>>>>4 ulelong =0x54F0AD81 version 6.2.414.46,
> +>>>>4 ulelong =0X7D1BF182 version 6.2.414.54,
> +>>>>4 ulelong =0x35BA122E version 6.2.414.77,
> +>>>>4 ulelong =0X9319F9C2 version 6.2.414.78,
> +>>>>4 ulelong =0xB1240060 version 6.6.346.32,
> +>>>>4 ulelong =0x2B757060 version 6.7.288.46,
> +>>>>4 ulelong =0x09D147AA version 6.7.288.49,
> +>>>>4 ulelong =0xF4D4F48A version 6.8.275.32,
> +>>>>4 ulelong =0xD3961326 version 7.0.276.38,
> +>>>>8 ulelong x source size: %u bytes,
> +>>>>12 ulelong x cpu features: 0x%08X,
> +>>>>16 ulelong x flag hash: 0x%08X,
> +>>>>20 ulelong x %u reservations,
> +>>>>28 ulelong x payload size: %u bytes,
> +>>>>32 ulelong x checksum1: 0x%08X,
> +>>>>36 ulelong x checksum2: 0x%08X
> +# Reservation table starts at 32
> +>>32 ulelong&0xFFFFFF00 =0x80000000
> +# Second checksum present
> +>>>28 ulelong >0
> +>>>>0 ulelong^0xC0DE0000 x v8 bytecode, external reference table size: %u bytes,
> +>>>>4 ulelong =0x21DDF627 version 7.4.288.21,
> +>>>>4 ulelong =0x1FC9FE84 version 7.4.288.27,
> +>>>>4 ulelong =0x60A99E8B version 7.5.288.22,
> +>>>>4 ulelong =0x4F665E90 version 7.6.303.29,
> +>>>>4 ulelong =0xC7ACFCDE version 7.7.299.11,
> +>>>>4 ulelong =0x7F641D8F version 7.7.299.13,
> +>>>>4 ulelong =0xFD9A4F2E version 7.8.279.17,
> +>>>>4 ulelong =0x3A845324 version 7.8.279.23,
> +>>>>4 ulelong =0xFF52FEAF version 7.9.317.25,
> +>>>>8 ulelong x source size: %u bytes,
> +>>>>12 ulelong x flag hash: 0x%08X,
> +>>>>16 ulelong x %u reservations,
> +>>>>20 ulelong x payload size: %u bytes,
> +>>>>24 ulelong x checksum1: 0x%08X,
> +>>>>28 ulelong x checksum2: 0x%08X
> +# No second checksum
> +>>>28 ulelong =0
> +>>>>0 ulelong^0xC0DE0000 x v8 bytecode, external reference table size: %u bytes,
> +>>>>4 ulelong =0x8725E0F8 version 8.1.307.30,
> +>>>>4 ulelong =0x09ED1289 version 8.1.307.31,
> +>>>>4 ulelong =0xA5728C87 version 8.3.110.9,
> +>>>>4 ulelong =0xB45C5D30 version 8.4.371.23,
> +>>>>4 ulelong =0xED9C278B version 8.4.371.19,
> +>>>>4 ulelong =0xD27BFF42 version 8.6.395.16,
> +>>>>8 ulelong x source size: %u bytes,
> +>>>>12 ulelong x flag hash: 0x%08X,
> +>>>>16 ulelong x %u reservations,
> +>>>>20 ulelong x payload size: %u bytes,
> +>>>>24 ulelong x payload checksum: 0x%08X
> +# No reservation table and code starts at 24
> +>>32 ulelong =0
> +>>>0 ulelong^0xC0DE0000 x v8 bytecode, external reference table size: %u bytes,
> +>>>4 ulelong =0x9A6F0B0F version 9.0.257.17,
> +>>>4 ulelong =0x271D5D1E version 9.0.257.24,
> +>>>4 ulelong =0x4EEA75DF version 9.0.257.25,
> +>>>4 ulelong =0x80809479 version 9.1.269.36,
> +>>>4 ulelong =0x55C46F65 version 9.1.269.38,
> +>>>4 ulelong =0x8A9C758A version 9.2.230.21,
> +>>>4 ulelong =0x9712F0E1 version 9.3.345.16,
> +>>>4 ulelong =0x29593715 version 9.4.146.19,
> +>>>4 ulelong =0xCD991825 version 9.4.146.24,
> +>>>4 ulelong =0xACDD64EE version 9.4.146.26,
> +>>>4 ulelong =0xC96B4CD5 version 9.5.172.21,
> +>>>4 ulelong =0xBCCE4578 version 9.5.172.25,
> +>>>4 ulelong =0xA2EEA077 version 9.6.180.15,
> +>>>4 ulelong =0xFD350011 version 10.1.124.8,
> +>>>4 ulelong =0xBEF4028F version 10.2.154.13,
> +>>>4 ulelong =0xAF632352 version 10.2.154.4,
> +>>>8 ulelong x source size: %u bytes,
> +>>>12 ulelong x flag hash: 0x%08X,
> +>>>16 ulelong x payload size: %u bytes,
> +>>>20 ulelong x payload checksum: 0x%08X
--
Alexandre
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://mailman.astron.com/pipermail/file/attachments/20220831/5a13cf71/attachment.asc>
More information about the File
mailing list