control flow switch deobfuscation not triggering without string array

[Le0Developer]

Describe the bug

I am currently trying to make a PR for this. If I don't make one within 3 days, assume I gave up. 😆

Expected Behaviour

The control flow should be resolved. The dispatcher functions are a separate issue.

Code

function gl(jd, c, f, g, h, i, j) {
  var d = "13|10|2|9|16|8|3|11|19|20|7|5|4|6|12|1|17|18|15|0|14".split("|");
  var e = 0;
  while (true) {
    switch (d[e++]) {
      case "0":
        c.egybk(fT).appendChild(gk);
        continue;
      case "1":
        h.innerHTML = i;
        continue;
      case "2":
        gk.height = c.mXvlg;
        continue;
      case "3":
        f = eN.createElement(c.vssHG);
        continue;
      case "4":
        g.className = c.PBaOx;
        continue;
      case "5":
        g = eN.createElement("span");
        continue;
      case "6":
        f.appendChild(g);
        continue;
      case "7":
        f.appendChild(j);
        continue;
      case "8":
        gk.setAttribute("role", "alert");
        continue;
      case "9":
        gk.style.display = c.Nrwph;
        continue;
      case "10":
        gk = eN.createElement("div");
        continue;
      case "11":
        f.className = c.hzxlw;
        continue;
      case "12":
        h = eN.createElement(c.OmBmS);
        continue;
      case "13":
        i = c.xRAoj(fG, c.bxfCq);
        continue;
      case "14":
        return j;
      case "15":
        gk.appendChild(f);
        continue;
      case "16":
        gk.className = "cb-c";
        continue;
      case "17":
        h.className = "cb-lb-t";
        continue;
      case "18":
        f.appendChild(h);
        continue;
      case "19":
        j = eN.createElement("input");
        continue;
      case "20":
        j.type = "checkbox";
        continue;
    }
    break;
  }
}

Logs

[j4k0xb]

(nvm ignore my comment, didn't read the code properly)

[Le0Developer]

My initial assumption also was that it's due to the AssignmentExpressions instead of the VariableDeclarations but even after modifying the script to use var it's still failing.
Simplified the initial example, will tackle that in a different issue in the future.

[Le0Developer]

Nvm, looks like only the web version is failing. Works locally

[j4k0xb]

Ok found the root cause: for optimization webcrack only runs most other deobfuscations if a string array exists:

webcrack/packages/webcrack/src/deobfuscate/index.ts

Line 39 in 60dbb7f

if (!stringArray) return;

webcrack/packages/webcrack/src/deobfuscate/index.ts

Lines 73 to 77 in 60dbb7f

	state.changes += applyTransforms(
	ast,
	[mergeStrings, deadCode, controlFlowObject, controlFlowSwitch],
	{ noScope: true },
	).changes;

If you paste a dummy one in the script it works:

function _0xa94b() { var _0x5a635b = [""]; _0xa94b = function () { return _0x5a635b; }; return _0xa94b(); }

[Le0Developer]

That's… funny.