Skip to content

j4k0xb/asarfix

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

asarfix

Fixes/Decrypts asar archives protected by asarmor and asarbreak.

npx asarfix app.asar -o out.asar
npx asar extract out.asar out

Decryption

Asarmor uses AES-128-CBC to encrypt .js files in the asar archive. The encryption key is stored in one of these binaries:

  • electron-forge: resources/app.asar.unpacked/.vite/build/main.node
  • electron-builder: resources/app.asar.unpacked/dist/main.node
npx asarfix app.asar -o out.asar -b <path to main.node>

The key may also be available in plaintext: node_modules/asarmor/src/encryption/key.txt.

Bypass Debugging Protection

https://github.com/sleeyax/asarmor/blob/2c91d08ba0a00d379d26e7dfb89aa0f1d3b8e05c/src/encryption/main.cpp#L172-L173

It checks process.argv, but this can be bypassed in one of these ways:

  • Set the NODE_OPTIONS=--inspect environment variable (only works with node, not electron)
  • Open main.node in a hex editor and replace the --inspect string with anything else of the same length
  • Modify Fuses

About

Fixes/Decrypts asar archives protected by asarmor and asarbreak.

www.npmjs.com/package/asarfix

Topics

electron asar asarmor asarbreak

Resources

Readme

License

GPL-3.0 license
Activity

Stars

15 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Languages