From d675987654972c6aa4cc2b291d25bc49fa60173e Mon Sep 17 00:00:00 2001
From: ThetaDev <thetadev@magenta.de>
Date: Wed, 23 Apr 2025 17:22:22 +0200
Subject: [PATCH] fix: deobfuscator: handle 1-char long global variables, find
 nsig fn (player 6450230e)

---
 src/deobfuscate.rs              | 12 +++++-------
 testfiles/deobf/dummy_player.js |  2 +-
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/deobfuscate.rs b/src/deobfuscate.rs
index 1ff1c32..b2424a9 100644
--- a/src/deobfuscate.rs
+++ b/src/deobfuscate.rs
@@ -147,8 +147,8 @@ fn get_sig_fn(player_js: &str) -> Result<String, DeobfError> {
 
 fn get_nsig_fn_names(player_js: &str) -> impl Iterator<Item = String> + '_ {
     static FUNCTION_NAME_REGEX: Lazy<Regex> = Lazy::new(|| {
-        // x.get( OR index.m3u8 OR delete x.y.file .. y=functionName[array_num](z) .. x.set(
-        Regex::new(r#"(?:[\w$]\.get\(|index\.m3u8|delete [\w$]+\.[\w$]+\.file).+[a-zA-Z]=([\w$]{2,})(?:\[(\d+)\])?\([a-zA-Z0-9]\).+[a-zA-Z0-9]\.set\("#)
+        // ( ==="index.m3u8" OR "index.m3u8"=== ) .. delete .. y=functionName[array_num](z)
+        Regex::new(r#"(?:(?:===(?:[\w$]+\[\d+\]|"index\.m3u8"))|(?:(?:[\w$]+\[\d+\]|"index\.m3u8")===)).+\bdelete\b.+\b[a-zA-Z]=([\w$]{2,})(?:\[(\d+)\])?\([a-zA-Z0-9]\)"#)
             .unwrap()
     });
 
@@ -331,11 +331,8 @@ fn extract_js_fn(js: &str, name: &str) -> Result<String, DeobfError> {
                         _ => {}
                     },
                     Token::Ident(id) => {
-                        // Ignore object attributes and 1char long local vars
-                        if !period_before
-                            && id.as_ref().len() > 1
-                            && !global_objects.contains(&id.as_ref())
-                        {
+                        // Ignore object attributes
+                        if !period_before && !global_objects.contains(&id.as_ref()) {
                             // If we are on the left hand side of a variable definition statement
                             // or after "function", mark the variable name as defined
                             if var_def_stmt
@@ -780,6 +777,7 @@ c[36](c[8],c[32]),c[20](c[25],c[10]),c[2](c[22],c[8]),c[32](c[20],c[16]),c[32](c
             ("643afba4", "N5uAlLqm0eg1GyHO", "dCBQOejdq5s-ww"),
             ("69f581a5", "-qIP447rVlTTwaZjY", "KNcGOksBAvwqQg"),
             ("363db69b", "eWYu5d5YeY_4LyEDc", "XJQqf-N7Xra3gg"),
+            ("6450230e", "eWYu5d5YeY_4LyEDc", "VfULHmlBUoDPVMN"),
         ];
 
         for (js_hash, nsig_in, exp_nsig) in cases {
diff --git a/testfiles/deobf/dummy_player.js b/testfiles/deobf/dummy_player.js
index 6fa8f7e..9ff4b0f 100644
--- a/testfiles/deobf/dummy_player.js
+++ b/testfiles/deobf/dummy_player.js
@@ -152,7 +152,7 @@ function f(){ return 0; }
 with(0);
 
 // n_deobf function
-{p.X&&(b=a.get("n"))&&(b=aF[0](c),a.set("n",b),vZ.length||Vo(""))};
+Ab=function(){ODa(b.D.toString());Object.assign(a.j,d);a.j.file==="index.m3u8"&&(delete a.j.file,a.path+="/file/index.m3u8");a.B="";a.url="";a.D&&(b="nn"[+a.D],JL(a),c=a.j[b]||null)&&(c=aF[0](c),a.set(b,c),aF.length||Pma(""))};
 
 switch(0){} switch(0){case 0:} switch(0){case 0:case 0:}
 switch(0){default:} switch(0){case 0:default:case 0:}