Comment by Aperocky
3 years ago
Isn't the same concept also used in Youtube? I believe a python mock of the equivalent VM exist in youtube-dl.
3 years ago
Isn't the same concept also used in Youtube? I believe a python mock of the equivalent VM exist in youtube-dl.
IIRC not exactly. YouTube provides some arbitrary JavaScript that must be evaluated as a form of a challenge. It changes with every page request, but it’s just a set of math operations. It’s easier to evaluate the JS than to statically analyze it
I recall that discussion recently, and thus just happen to have it handy:
a very, very specialized "regex" based JS evaluator that presumably did just enough to make the YT one run: https://github.com/ytdl-org/youtube-dl/blob/2021.12.17/youtu...
and its callsite: https://github.com/ytdl-org/youtube-dl/blob/2021.12.17/youtu...
So the short version is that I would not classify that as a VM, and I don't even believe it's obfuscated. Perhaps there are other extractors that do what you're describing, I didn't go looking