[Anti-adblock] #2317

jspenguin2017 opened this issue May 18, 2018 · 37 comments

URL(s) where the issue occurs

Describe the issue





  Browser/version: Chrome 68
  uBlock Origin version: 1.16.6


All default

Contributor Author

jspenguin2017 commented May 18, 2018

Eh... Are you sure that's going to last?
But alright, let's call it fixed for now...

I am open for long lasting suggestions.

Contributor Author

Do you have good toolkits to deobfuscate it? Mine is falling short these days.

No, which is why I added that fix 😉 .

okiehsch commented May 18, 2018

What is your main "objection" LaodIrmb or entMNbx or both?

Contributor Author

My toolkit can only get this far...

var a = ['type', 'innerHTML', 'getElementsByTagName', 'head', 'createElement', 'push', 'childNodes', 'parentNode', 'insertBefore', 'appendChild', 'is_firefox', 'is_safari', 'is_opera', 'iframe', 'setAttribute', 'style', 'display: none !important;', 'lastElementChild', 'setTimeout', 'display', 'block', 'className', 'getComputedStyle', 'none', 'abp-', 'chrome:', 'abp', 'height', 'replace', '', '', '', 'iabc', '', '1440', 'false', 'reload', 'reverse', 'cxadb_cb', 'adp', 'pb-f-page-outbrain', ' {height: 300px !important;}', 'is_explorer', 'class', 'jpg', 'src', 'parentElement', 'parentElemen', 'removeChild', 'test', 'substr', 'userAgent', 'opera', 'join', 'MSIE', 'indexOf', 'rv:11.0', 'Edge', 'Safari', 'toLowerCase', 'Opera Mini', 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz', 'floor', 'random', 'charAt', 'length', 'call', 'setTime', 'getTime', 'expires=', 'toUTCString', ';domain=.', ';path=/', 'cookie', 'split', 'substring', 'setItem', 'true', '__aabcd', 'navigator', 'cookieEnabled', 'addEventListener', 'beforeunload', 'removeItem', 'self', 'top'];
(function(h, i) {
    (function(k) {
        for (; --k;) h.push(h.shift())
})(a, 307);
var b = function(h) {
        h -= 0;
        var j = a[h];
        return j
    c = 0,
    d = 18,
    e = !1,
    f = !1;
(function(h) {
    (/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino/i [b('0x0')](h) || /1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i [b('0x0')](h[b('0x1')](0, 4))) && (f = !0)
})(navigator[b('0x2')] || navigator.vendor || window[b('0x3')]);
(function() {
    var h = function(ca) {
            return ca[b('0x4')]('')
        i = ['i', 'f', 'r', 'a', 'm', 'e'],
        k = ['u', 'n', 'd', 'e', 'f', 'i', 'n', 'e', 'd'],
        l = -1 < navigator[b('0x2')].indexOf(h(['C', 'h', 'r', 'o', 'm', 'e'])),
        m = -1 < navigator[b('0x2')].indexOf(b('0x5'));
    m || (m = -1 < navigator[b('0x2')][b('0x6')](b('0x7'))), m || (m = -1 < navigator[b('0x2')][b('0x6')](b('0x8')));
    var n = typeof InstallTrigger !== h(k),
        o = -1 < navigator.userAgent[b('0x6')](b('0x9')),
        p = -1 < navigator[b('0x2')][b('0xa')]()[b('0x6')]('op');
    l && o && (o = !1), l && p && (l = !1);
    var q = -1 < navigator[b('0x2')].indexOf(b('0xb')),
        r = {
            is_chrome: l,
            is_explorer: m,
            is_firefox: n,
            is_safari: o,
            is_opera: p,
            isOperaMini: q,
            ab: {
                iu: !1
        s = function(ca) {
            var da = 10;
            (ca == void 0 || null == ca) && (ca = 4, da = 36);
            for (var ea = '', fa = b('0xc'), ga = 0; ga < Math[b('0xd')](Math[b('0xe')]() * da) + ca; ga++) ea += fa[b('0xf')](Math[b('0xd')](Math[b('0xe')]() * fa[b('0x10')]));
            return ea
        t = function(ca) {
            return ca && {}.toString[b('0x11')](ca) === ['[', 'o', 'b', 'j', 'e', 'c', 't', ' ', 'F', 'u', 'n', 'c', 't', 'i', 'o', 'n', ']'][b('0x4')]('')
        u = function(ca, da, ea, fa) {
            if (ca && 0 != ca[b('0x10')]) {
                var ga = new Date;
                ga[b('0x12')](ga[b('0x13')]() + 1e3 * (60 * fa));
                var ha = b('0x14') + ga[b('0x15')](),
                    ia = ca + '=' + da + '; ' + ha + b('0x16') + ea + b('0x17');
                document.cookie = ia
        v = function(ca) {
            for (var ga, da = ca + '=', ea = document[b('0x18')][b('0x19')](';'), fa = 0; fa < ea[b('0x10')]; fa++) {
                for (ga = ea[fa];
                    ' ' == ga[b('0xf')](0);) ga = ga[b('0x1a')](1);
                if (0 == ga[b('0x6')](da)) try {
                    return ga[b('0x1a')](da.length, ga[b('0x10')])
                } catch (ha) {
                    return null
            return ''
        w = function(ca, da) {
            typeof Storage !== h(k) && localStorage[b('0x1b')](ca, da)
        x = function(ca) {
            if (ca) {
                if (!ca[b('0xa')]) return ca;
                if (ca[b('0xa')]() == b('0x1c') || '1' == ca[b('0xa')]()) return !0
            return !1
        y = b('0x1d'),
        z = !1;
    x('true') && (z = !0);
    var A = !1;
    x(b('0x1c')) && (A = window[b('0x1e')][b('0x1f')]), z && (window[b('0x20')](b('0x21'), function() {
    }), localStorage.removeItem(y));
    var B = function(ca) {
            return !isNaN(parseFloat(ca)) && isFinite(ca)
        C = function(ca) {
            return null == ca || void 0 == ca || 0 >= ca[b('0x10')] ? '' : ca[Math[b('0xd')](Math[b('0xe')]() * ca[b('0x10')])]
        E = function(ca) {
            var ea = H(['s', 't', 'y', 'l', 'e'][b('0x4')](''));
            return ea[b('0x25')] = ['t', 'e', 'x', 't', '/', 'c', 's', 's'][b('0x4')](''), ea[b('0x26')] = ca, I(document[b('0x27')](b('0x28'))[0], ea), ea
        G = [],
        H = function(ca) {
            var da = document[b('0x29')](ca);
            return G[b('0x2a')](da), da
        I = function(ca, da) {
            if (ca && da)
                if (ca[b('0x2b')] && 0 < ca[b('0x2b')][b('0x10')]) {
                    var ea = ca[b('0x2b')][Math.floor(Math[b('0xe')]() * (ca.childNodes[b('0x10')] - 1) + 1 - 1)];
                    ea[b('0x2c')][b('0x2d')](da, ea)
                } else ca[b('0x2e')](da)
        J = function(ca, da) {
            var ea = null;
            try {
                if (ea = setTimeout, r[b('0x2f')]);
                else if (!r[b('0x30')] && !r.is_chrome && !r[b('0x31')]) setTimeout.arguments;
                else if (r[b('0x30')]) {
                    var ga = H(b('0x32'));
                    ga[b('0x33')](b('0x34'), b('0x35')), document[b('0x36')][b('0x36')] ? document.lastElementChild.lastElementChild[b('0x2e')](ga) : document.lastElementChild[b('0x2e')](ga), ea = ga.contentWindow[b('0x37')]
                return ea(ca, da)
            } catch (ha) {
                e = !0
            return null
        K = function(ca, da) {
            if (resulte = !1, c++, null != ca && void 0 != ca)
                if (!1 != da && null == ca[b('0x2c')]) resulte = !0;
                else {
                    var ea = ca[b('0x2c')][b('0x34')][b('0x38')];
                    if (n && (ca[b('0x2c')][b('0x34')][b('0x38')] = b('0x39')), void 0 == ca.className || '' == ca[b('0x3a')]) resulte = !0;
                    else if (1 < c && void 0 != ca[b('0x34')] && ca[b('0x34')][b('0x38')] == V.s.n) resulte = !0;
                    else if (void 0 != ca[b('0x34')] && '' != && 1e3 < parseFloat(ca[b('0x34')].orphans)) resulte = !0;
                    else if (void 0 != window[b('0x3b')] && null != window[b('0x3b')]) {
                        var fa = window.getComputedStyle(ca, null),
                            ga = fa[V.s.o];
                        void 0 != ga && '' != ga && 4321 != parseFloat(ga) && 1e3 < parseFloat(ga) && (resulte = !0), r[b('0x31')] && fa.display == b('0x3c') ? resulte = !0 : fa[b('0x38')] == b('0x3c') && (resulte = !0);
                        var ha = fa[V.s.mb];
                        if (1 < ca.className[b('0x19')](' ')[b('0x10')] && void 0 != ha && (-1 < ha[b('0x6')](V.s.h) || -1 < ha.indexOf(b('0x3d'))) || n && (-1 < ha[b('0x6')](b('0x3e')) || f && -1 < ha[b('0x6')](b('0x3f')))) resulte = !0;
                        else if (n && 3 < c) {
                            var ia = parseInt(window[b('0x3b')](ca.parentNode, null)[b('0x40')][b('0x41')]('px', ''));
                            155 > ia && (resulte = !0)
                        '0px' == window[b('0x3b')](ca[b('0x2c')], null)[b('0x40')] && (resulte = !0)
                    n && (ca[b('0x2c')][b('0x34')][b('0x38')] = ea)
            return resulte
        L = null,
        M = !1,
        N = [],
        O = null,
        Q = ['n', 'o', 'n', 'e'],
        U = ['/', '/', 'a', 'd', '.', 'd', 'o', 'u', 'b', 'l', 'e', 'c', 'l', 'i', 'c', 'k', '.', 'n', 'e', 't', '/', 'f', 'a', 'v', 'i', 'c', 'o', 'n', '.', 'i', 'c', 'o', '?', 'a', 'd', '=', '3', '0', '0', 'x', '2', '5', '0', '&', 'a', 'd', '_', 'b', 'o', 'x', '_', '=', '1', '&', 'a', 'd', 'n', 'e', 't', '=', '1', '&', 's', 'h', 'o', 'w', 'a', 'd', '=', '1', '&', 's', 'i', 'z', 'e', '=', '2', '5', '0', 'x', '2', '5', '0'].join(''),
        V = {
            adp: {
                pe: [h(['d', 'i', 'v'])],
                ph: [h(Q)],
                c: ['AdCommercial', 'AdHeader'],
                ce: [h(i)],
                ae: [h(i)],
                l: [b('0x42'), '', b('0x43')],
                lf: [b('0x44')],
                ic: [U]
            s: {
                n: [h(Q)],
                o: [h(['o', 'r', 'p', 'h', 'a', 'n', 's'])],
                mb: [h(['M', 'o', 'z', 'B', 'i', 'n', 'd', 'i', 'n', 'g'])],
                h: [h(['h', 'i', 'd', 'e'])]
        W = function(ca) {
            var da = function() {
                A && u(b('0x45'), '', b('0x46'), 0), A && u(b('0x45'), '', '', 0)
            if (!ca) z && w(y, b('0x48')), da(), A && u(b('0x45'), b('0x48'), b('0x46'), parseInt(b('0x47')));
            else if (z && w(y, b('0x1c')), A) {
                var ea = !1;
                'true' != v(b('0x45')) && (ea = !0), da(), u(b('0x45'), b('0x1c'), b('0x46'), parseInt(b('0x47'))), x(b('0x48')) && ea && location[b('0x49')](!0)
            var fa = function(oa) {
                    return oa[b('0x4')]('')
                ga = fa(['d', 'a'][b('0x4a')]()),
                ha = fa(['o', 'c']),
                ia = fa(['b', 'l', ha, 'k']),
                ja = fa(['n', 'u', 'r'].reverse()),
                ka = fa([ga, ia, ja]),
                la = {};
            la[ka] = ca;
            var ma = b('0x4b');
            if (ma && ma[b('0x10')] && 0 < ma[b('0x10')]) try {
                var na = function() {
                    t(window[ma]) && window[ma](la)
                J(na, 10)
            } catch (oa) {}
    if (null == L) {
        var X = H(C(V[b('0x4c')].pe));
        X[b('0x34')][b('0x38')] = C(V[b('0x4c')].ph), L = H(C(V.adp.ce));
        var Y = [b('0x4d')];
        '' != Y && (Y = ' ' + Y[b('0x4')](' '));
        var Z = C(V[b('0x4c')].c) + Y;
        O = E('.' + Z + b('0x4e')), L[b('0x3a')] = Z, X[b('0x2e')](L), J(function() {
            try {
                var ca = H('html'),
                    da = H(b('0x28'));
                var ea = H('body');
            } catch (fa) {}
        }, 250), document[b('0x28')].appendChild(X)
    var $ = function() {
            if (!f && V[b('0x4c')].l && 0 < V[b('0x4c')].l[b('0x10')] && !r[b('0x4f')]) {
                var ca, da, ea, fa, ga;
                for (var ca in V[b('0x4c')].lf)
                    if (B(ca)) {
                        var da = H(i[b('0x4')](''));
                        da[b('0x33')](b('0x50'), s());
                        var ea = V.adp.lf[ca];
                        da[b('0x33')](b('0x52'), ea), X.appendChild(da), N.push(da)
        _ = function() {
            try {
                for (var ca in N)
                    if (B(ca) && K(N[ca])) return !0
            } catch (da) {}
            return !1
        ba = function() {
            if (0 < d) {
                if (3 == d && $(), 14 == d) {
                    var ca = H(['i', 'm', 'g'][b('0x4')](''));
                    ca.src = C(V[b('0x4c')].ic), ca.addEventListener(['e', 'r', 'r', 'o', 'r'][b('0x4')](''), function() {
                        M = !0
                    }), L[b('0x53')][b('0x2e')](ca)
                if (M || e || K(L) || 1 == d && _()) return void W(!0);
                d--, J(ba, 250)
            } else W(!1)

Seems that navigator and _0x are good candidates.

Contributor Author

The code feels like https:/javascript-obfuscator/javascript-obfuscator , I'm making a deobfuscator specifically targeted at it, but so far no luck, it's pretty difficult to fingerprint their template functions.

okiehsch commented May 18, 2018

How about, InstallTrigger, _0x)

Contributor Author

Yea, that looks better.

okiehsch added a commit that referenced this issue May 18, 2018
I agree :).

Contributor Author

Doesn't quite work anymore, new rule: ||*

mapx- added a commit that referenced this issue May 24, 2018
@jspenguin2017 that is no anti-adblock message, it is their "paywall", I get it every few articles even if I disable uBlock.

mapx- commented May 24, 2018

@okiehsch I get exactly the first anti adb message in this thread

okiehsch commented May 24, 2018

I do not get that message, I tried with Chrome and Firefox, the only way to reproduce is to disable the filter, InstallTrigger, _0x)

The filter jspenguin proposed disables the "paywall" part, so I guess that is what he meant when he said "Doesn't quite work anymore".

okiehsch commented May 24, 2018

@mapx- fixes the adb-message on your end, do you get the "paywall" message of my screenshot if you click a number of different articles?

Hrxn commented May 24, 2018

Best solution: Just ignore completely, nothing of value is lost.

Sorry, I could not resist, please don't hate me.

Copy link

After few articles I get an overlay instead, if I hide it I see "subscribe to read the full article"

mapx- commented May 24, 2018

The question is ..should we block the paywall ?

Contributor Author

Really? When I tested it, the "paywall" goes away if I disable my adblocker -- so it is not a paywall.

Copy link

It always goes away, even if you do not disable your adblocker, for a few articles then it comes back.
You can see in my screenshot that uBO is disabled.

Copy link

Is there a point to even ponder whether we should remove that overlay? On my side when I remove it I am left with a not very useful page: article is truncated and there is a "Subscribe to read the full article".

Copy link

If I add, WpPwapi1)
I never get that overlay and can read every article without any "Subscribe to read the full article" message.

Contributor Author

Well, either remove the "paywall" entirely or unbreak it entirely, removing just half of it is confusing.

Copy link

We are not removing half of it, it is broken because of EasyPrivacy, so adding


to uBO-unbreak and, WpPwapi1)

to uBO-annoyances if we decide to circumvent it.

okiehsch added a commit that referenced this issue May 25, 2018
Copy link

In my opinion it is a badly implemented "quasi" paywall, there is no difference if you use an adblocker or not on my end, so it should not be fixed in a default list, if at all.

Contributor Author

It's your call, I'm OK with either way, just make sure it's not confusing.

Copy link

either remove the "paywall" entirely or unbreak it entirely, removing just half of it is confusing.

has been fixed with 7ff9033 and for the rest, that's gorhills decision.

Copy link

A paywall-circumvention list is not part of uBO's stock lists, that would be the only place to put a filter which primary purpose is to cirumvent a paywall. Also, I think it's best to not have such list in uBO's stock lists.

Copy link

Reportedly there is an issue with

I can't reproduce on my side (using a US VPN), using default lists.

Copy link

The issue is OS related.

Some script:inject filters do not work with MacOS, see #682 and NanoAdblocker/NanoFilters#45 (comment) for example.

I can reproduce the bugzilla issue, if I add, InstallTrigger, _0x)

To get the antiadblock message I also have to add
Example link:

ghajini commented Jan 10, 2020

Whats the latest filter to circumvent paywall(to be used as custom filter ) ? like this

Screenshot_2020-01-10-20-14-35-403_org mozilla firefox

mapx- commented Jan 10, 2020


low-tech solution, clear cookies or stop the page from loading as soon as you click on the link. That's what I do on my phone often.

Copy link

Technically, you will have to do that after browsing every 3-4 links and that will turn into quite an annoyance if you're an active reader, that's why I didn't suggest that before.

Copy link

Copy link

There's an addon for this called "Bypass Paywalls Clean"
Might be worth checking out, since it seems unlikely for uBlock to add this.

Copy link

