Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update nobab #1863

Closed
8 tasks done
Yuki2718 opened this issue Dec 8, 2021 · 3 comments
Closed
8 tasks done

Update nobab #1863

Yuki2718 opened this issue Dec 8, 2021 · 3 comments
Labels
fixed issue has been addressed

Comments

@Yuki2718
Copy link

Yuki2718 commented Dec 8, 2021

Prerequisites

I tried to reproduce the issue when...

  • uBO is the only extension
  • uBO with default lists/settings
  • using a new, unmodified browser profile

Description

Bab 4.2b chooses random image baits and script baits on each page load and redirecting to neutered resource works fine for image baits. If a redirect resource which sets a constant nH7eXzOsG to any value actually used by these baits (e.g. 312) is added, we can defeat all bab 4.2b with these generic filters and a few redirect rules1:

#@##banner_ad
||ads.twitter.com/favicon.ico|$image,redirect-rule=32x32.png
||advertising.yahoo.com/favicon.ico|$image,redirect-rule=32x32.png
||as.inbox.com/banner_ad.gif|$image,redirect-rule=1x1.gif
||doubleclickbygoogle.com/favicon.ico|$image,redirect-rule=32x32.png
||google.com/adsense/start/images/favicon.ico|$image,redirect-rule=32x32.png
||gstatic.com/adx/doubleclick.ico|$image,redirect-rule=32x32.png

A specific URL where the issue occurs

https://ost.jpoplibs.us/single-v-a-koko-kara-koko-kara.html

Steps to Reproduce

  1. Add jpoplibs.us#@#+js(nosiif, visibility, 1000), the rules mentioned above, and ost.jpoplibs.us##+js(set, nH7eXzOsG, 312)
  2. See bab is defused. 312 can be other values such as 936 but can not be random 3 digits number.

Expected behavior

NA

Actual behavior

Redirecting to noopjs doesn't defuse bab.

uBlock Origin version

1.39.2

Browser name and version

94.0.2

Operating System and version

Windows 10


/design/relaunch/gfx/elitepartner_|$script,3p,redirect-rule=nobab.js
/shared/bannerpages/darttagsbanner.aspx?h=$script,3p,redirect-rule=nobab.js
||crunchyroll.adclixx.net/vast?fg=$script,redirect-rule=nobab.js
||crunchyroll.adnetasia.com/vast?fg=$script,redirect-rule=nobab.js
||crunchyroll.adtrackers.net/vast?fg=$script,redirect-rule=nobab.js
||crunchyroll.bannertrack.net/vast?fg=$script,redirect-rule=nobab.js
||ox-d.adclixx.net/auid=$script,redirect-rule=nobab.js
||ox-d.adnetasia.com/auid=$script,redirect-rule=nobab.js
||ox-d.adtrackers.net/auid=$script,redirect-rule=nobab.js
||ox-d.bannertrack.net/auid=$script,redirect-rule=nobab.js
||serve.adclixx.net/promoload?d=$script,redirect-rule=nobab.js
||serve.adnetasia.com/promoload?d=$script,redirect-rule=nobab.js
||serve.adtrackers.net/promoload?d=$script,redirect-rule=nobab.js
||serve.bannertrack.net/promoload?d=$script,redirect-rule=nobab.js
||torrentz.adnetasia.com/mgid/ad.js|$script,redirect-rule=nobab.js
||torrentz.adtrackers.net/mgid/ad.js|$script,redirect-rule=nobab.js
||torrentz.bannertrack.net/mgid/ad.js|$script,redirect-rule=nobab.js
||yahoo.adnetasia.com/serv?s=$script,redirect-rule=nobab.js
||yahoo.adtrackers.net/serv?s=$script,redirect-rule=nobab.js
||yahoo.bannertrack.net/serv?s=$script,redirect-rule=nobab.js
@uBlock-user
Copy link
Contributor

uBlock-user commented Dec 8, 2021

Just need to update nobab.js scriptlet to set nH7eXzOsG to a value and you can add those filters.

@Yuki2718 Yuki2718 changed the title Add a redirect resource to defuse bab 4.2b Update nobab Dec 8, 2021
Yuki2718 referenced this issue in uBlockOrigin/uAssets Dec 8, 2021
gorhill added a commit to gorhill/uBlock that referenced this issue Dec 8, 2021
Related issue:
- uBlockOrigin/uBlock-issues#1863

As discussed internally with uBO filters team.
gorhill added a commit to gorhill/uBlock that referenced this issue Dec 8, 2021
Related issue:
- uBlockOrigin/uBlock-issues#1863

As per internal discussion with team, best to have a simpler
scriplet, and which is hard-coded to work only on a specific
set of domains -- only those seen used by BAB.
@gorhill gorhill closed this as completed Dec 10, 2021
@uBlock-user uBlock-user added the fixed issue has been addressed label Dec 19, 2021
@Yuki2718
Copy link
Author

Yuki2718 commented Feb 16, 2022

On https://cubehosting.me/en/ if you disable cubehosting.me##+js(nosiif, visibility, 1000), nH7eXzOsG is 0 despite redirecting to nobab2 is logged, causing bab to appear.
@gorhill Fails by the regex check, removing the check and it works

Now everything works fine, strange...

@Yuki2718
Copy link
Author

Yuki2718 commented Feb 18, 2022

Have Just got another instance of nH7eXzOsG set to 0 and causing bab in checking AdguardTeam/AdguardFilters#110880 (the final page https://app.trangchu.news/2021/08/18/amazing-android-game-packs-bonsai-blast-abduction-world-attack-and-robot-defense/ but direct visit doesn't work).

bab

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
fixed issue has been addressed
Projects
None yet
Development

No branches or pull requests

3 participants