1

I'm working on an encrypted NodeJS code. The developer has set a license check, but because it is too old and the domain is no longer valid, the license cannot be verified and the program stops working.

I need to figure out what made the program stop working. I tried using the debugger but I think the debugger wrote a function to block it. When I try to debug, I get the following result. Each step creates a different file.

debugger

I need to find where the process was killed. I tried the code below but nothing returns.

process.on('exit', function(code) {
    return console.log(`exiting the code implicitly ${code}`);
});

zsh: terminated  node index.js

Is there anyone have an idea? Thank you.

sercan
  • 182
  • 19
  • `zsh: terminated` suggests it gets killed (or kills itself) using a `SIGTERM` signal. Perhaps set a breakpoint on `process.kill()`? – robertklep Jul 21 '22 at 06:08
  • @robertklep Are you talking about the need to write `process.kill()` and put a breakpoint on it? – sercan Jul 21 '22 at 14:02
  • No, putting a breaking on the `process.kill()` function that Node.js provides, so when it gets called you can see from where. – robertklep Jul 21 '22 at 16:49
  • @robertklep But the code is encrypted and I can't find the process.kill() function in the encrypted code. I tried decrypting it but it is not readable. – sercan Jul 21 '22 at 18:07
  • 1
    You could try to "hack" Node.js internal `process.kill()` method definition and add some kind of logger there so it is "globally" added (kind of "extending" or tweaking Node.js itself). Then whenever a process calls the `kill` method, it would be logged. That way you wouldn't have to "find the process.kill()" in any code. Just run them. – Moa Jul 23 '22 at 13:43
  • @Moa you telling that he should do something like `delete process.kill`, `process.kill = console.trace`. What if there `return` statement? – Aziz Hakberdiev Jul 26 '22 at 19:02
  • 1
    @sercan What sort of encryption is on the files? Can you still add statements to them that get executed? Intellij also does a good job at auto formatting it, I see it's still included from a single line. Often this kind of "encryption" is less solid than you might expect. Could be feasible to stop it from disabling the debugger. – inwerpsel Jul 27 '22 at 12:05

0 Answers0