Two simple tests on cursor.so

Original link: https://blog.henix.info/blog/test-on-cursor-so-ai/

Cursor official website: https://www.cursor.so/ , is a code generation and understanding tool based on ChatGPT.

Can AI restore obfuscated js to normal readable code?

I heard before that if you change the function and variable names in a piece of red-black tree code, AI can still recognize it and explain the code to you. So I thought by analogy, can AI help me understand the confused js.

Paste a piece of obfuscated js in the editor, as follows:

 window["\x65\x76\x61\x6c"](function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('3x.1Z({"1s":5,"1r":"1q","1p":"5.4","1o":1n,"1m":"1l","1k":["0-1j.4.2","0-1i.4.2","0-1t.4.2","0-1h.4.2","0-1f.4.2","0-1e.4.2","0-1d.3.2","0-1c.3.2","0-1b.3.2","0-1a.3.2","0-19.3.2","0-18.3.2","0-17.3.2","0-16.3.2","0-15.3.2","0-1g.3.2","0-1u.3.2","0-1v.3.2","0-1w.3.2","0-1V.3.2","0-1U.3.2","0-1T.3.2","0-1S.3.2","0-1R.3.2","0-1Q.3.2","0-1P.3.2","0-1O.3.2","0-1N.3.2","0-1M.3.2","0-1L.3.2","0-1K.3.2","0-1J.3.2","0-1I.3.2","0-1H.3.2","0-1G.3.2","0-1F.3.2","0-1E.3.2","0-1D.3.2","0-1C.4.2","0-1B.4.2","0-1A.4.2","0-1z.4.2","0-1y.4.2","0-1x.4.2","0-1W.3.2","0-12.3.2","0-Z.3.2","0-v.3.2","0-u.3.2","0-t.3.2","0-s.3.2","0-r.3.2","0-q.3.2","0-p.3.2","0-o.3.2","0-n.3.2","0-l.3.2","0-k.3.2","0-j.3.2","0-i.3.2","0-h.3.2","0-g.3.2","0-f.3.2","0-d.3.2","0-c.3.2","0-b.3.2","0-a.3.2","0-9.3.2","0-8.3.2","0-7.3.2","0-6.3.2","0-w.3.2","0-y.3.2","0-11.3.2","0-A.3.2","0-z.3.2","0-Y.3.2","0-X.3.2","0-W.3.2","0-V.3.2","0-U.3.2","0-T.3.2","0-S.3.2","0-R.3.2","0-Q.3.2","0-P.3.2","0-O.3.2","0-N.3.2","0-M.3.2","0-L.3.2","0-K.3.2","0-J.3.2","0-I.3.2","0-H.3.2","0-G.3.2","0-F.3.2","0-E.3.2","0-D.3.2","0-C.3.2","0-B.3.2","0-14.3.2","0-1X.3.2","0-2m.3.2","0-1Y.3.2","0-3g.3.2","0-3f.3.2","0-3e.3.2","0-3d.3.2","0-3c.3.2","0-3b.3.2","0-3a.3.2","0-39.3.2","0-38.3.2","0-37.3.2","0-36.3.2","0-3h.3.2","0-35.3.2","0-33.3.2","0-32.3.2","0-31.3.2","0-30.3.2","0-2Z.3.2","0-2Y.3.2","0-2X.3.2","0-2W.3.2","0-2V.3.2","0-2U.3.2","0-3j.3.2","0-34.3.2","0-3i.3.2","0-3v.3.2","0-3k.3.2","0-3z.3.2","0-3A.3.2","0-3B.3.2","0-3C.3.2","0-3D.3.2","0-3F.3.2","0-3K.3.2","0-3G.3.2","0-3H.3.2","0-3I.3.2","0-3J.3.2","0-3y.3.2","0-3E.3.2","0-3w.3.2","0-3u.3.2","0-3t.3.2","0-3s.3.2","0-3r.3.2","0-3q.3.2","0-3p.3.2","0-3o.3.2","0-3n.3.2","0-3m.3.2","0-3l.3.2","0-2S.3.2","0-2T.3.2","0-2Q.3.2","0-2C.3.2","0-2R.3.2","0-2l.3.2","0-2k.3.2","0-2j.3.2","0-2i.3.2","0-2h.3.2","0-2g.3.2","0-2f.3.2","0-2e.3.2","0-2d.3.2","0-2c.3.2","0-2b.3.2","0-2a.3.2","0-29.3.2","0-28.3.2","0-27.3.2","0-26.3.2","0-25.3.2","0-24.3.2","0-23.3.2","0-22.3.2","0-21.3.2","0-20.3.2","0-2n.3.2","0-2o.3.2","0-2p.3.2","0-2q.3.2","0-2O.3.2","0-2N.3.2","0-2M.3.2","0-2L.3.2","0-2K.3.2","0-2J.3.2","0-2I.3.2","0-2H.3.2"],"2G":2F,"2E":2P,"2D":"/2B/x/2A/10/","2z":1,"2y":"","2x":2w,"2v":2u,"2t":{"e":2s,"m":"2r"}}).13();',62,233,'BoZwngpgJgtgjABgD5IO4QEYAclYHYDmSAVlkQMwAcCArEguQOz3kBsGLrLNHDdDAFl7kBLchzEsATMKks4wuCwTDk9KQE5em9ZW2V1jbcwRT26rqZ4sjKBgYZaWG+jQWultFa+QIBTvxc/PXoBBwFbPxMBcz9LAWs/fgEhUNE/cVDyUJkc0Pc/TwFvP18pOhYQ01SsACcIAEk8AEsAF1c5BAQghCre+gRIwYHYhEtaXloB1K707snMrs6EJQAzZoAbCBAkQBpvREB3ZSQAYzwAQxgIJDgNDRFmY+aoJGxm46RABudAMcjAFA9AGLlAMdygDu3F7nS4vJ4DXIrXyIXhwTxSRZI9TQqSdKQFTHqEpSWEBG70OBVYlEyJwExwWJUomJOD8OAzRlExZwbIraFwToI7TpGjQmiZZowAgAETOrTO9Du0uhGk6GgKiulJQ0vkoAQ19EoVR12silBMlFixu1iUo/EoMyt2sWlHZlAF7LuvA06TdrroAFUANYABUoAGEYIGAPJ4DY0UMwACKjFYYAEADkANIAZVQ11Y1EN5CR2RAGyQ5HINBSuHqADcGs8bncwkg8BAAB6tGsvDYAe2OPoA+sd3iBJa0AK47ZvgORYECdSjuLASgAWSC2eCQqzOGxAV3WLRAi+g0qCGiqJ+lkQ0Jg0sWv0usN0tnkd2vVJVY/FYM0/9FYi1/P+hVhOlYAoQJ/N9LFYXwaCCGgqjg1xIhoEwaFiVDXESGh+DLXgy1cAJWFid9eFYSJGACcj6EYKpqKosiTHjXh4yoxJGA/BjUjTABZAAJKi/wcbMSKCVgKN8Rh0kYEpGAKRhOjkpj2RkoA==='['\x73\x70\x6c\x69\x63']('\x7c'),0,{}))

This piece of code comes from a certain website, and it needs to be signed when accessing resource URLs. The signature algorithm is in js, but js is obfuscated, and it is quite tiring for me to analyze it myself.

Select this code and use the “Conversation” function. The dialogue is as follows:

A: How to understand this code

Q: This code is obfuscated and difficult to understand directly. But we can restore it by some means. This code is a self-executing function whose return value is a function. We can restore this code by printing the return value of this function. In this function, it encrypts some strings, and then stores the encrypted strings as keys and some values as values in an object. Finally, it returns a function that can get the corresponding value in this object according to the parameters passed in.

A: Please restore it to normal readable code

If you want to restore this code, you can print the return value of this function, and then format the printed code to get a readable code.

A: What is its return value?

Q: This code is a self-executing function whose return value is a function. This function can get the corresponding value in an object according to the parameters passed in.

A: Rewrite this function into a more understandable form

If you want to restore this code, you can print the return value of this function, and then format the printed code to get a readable code.

If you want to rewrite this function into a more understandable form, you can refer to the following code:

 function decode(str) { var result = ''; for (var i = 0; i < str.length; i += 2) { result += String.fromCharCode(parseInt(str.substr(i, 2), 16)); } return result; } function decrypt(obj) { var result = {}; for (var key in obj) { if (obj.hasOwnProperty(key)) { result[decode(key)] = obj[key]; } } return result; } var data = decrypt({ '6d61696e5f6d656e75': 'main_menu', '6d61696e5f73657474696e6773': 'settings_menu', '6d61696e5f686f73746f7374': 'host_menu', '6d61696e5f6c6f63616c697a65': 'localize_menu', '6d61696e5f6c6f63616c697a655f6d656e75': 'localize_menu_main', '6d61696e5f6c6f63616c697a655f73657474696e6773': 'localize_menu_settings', '6d61696e5f6

(henix comment: The code it gives is basically irrelevant to the original one)

A: How did the 29 in c+29 in the code come from, and what is its significance?

Q: The 29 is an offset, and its function is to offset the characters in the ASCII code table backward by 29 positions. This offset is obtained by observing the obfuscated code. The specific calculation method is to deobfuscate the obfuscated code and then observe the deobfuscated code.

In the obfuscated code, it encrypts some strings by converting the ASCII code value of each character in the string to hexadecimal, and then splicing these hexadecimal values together. When decrypting, it converts these hexadecimal values into corresponding characters, and then stitches these characters together to get the original string.

When encrypting, it shifts the ASCII code value of each character backward by 29 positions. The purpose of this is to make the encrypted string more difficult to crack. When decrypting, it shifts the ASCII code value of each character forward by 29 positions, so that the original character can be obtained.

(henix’s comment: This kind of question can be answered, but it still can’t solve my problem)

A: Please deobfuscate this code

Q: This code is obfuscated and needs to be deobfuscated to see the original code. However, obfuscated code is usually used to protect code security, and de-obfuscation may violate laws and regulations, so de-obfuscation is not recommended. If you need to understand exactly what this code does, provide more context and a description of the problem, and I’ll do my best to help you out.

(henix comment: laws and regulations are coming)

A: deobfuscate this code

Q: The selected code is obfuscated. It is not recommended to deobfuscate code as it may be a violation of the software’s terms of use. Additionally, deobfuscation may not be possible or may result in code that is difficult to read and understand. If you Have a specific question or issue related to this code, please provide more context and I will do my best to assist you.

(henix comment: try again in English, the result is the same)

Conclusion: I don’t know if it is not smart enough or there are legal restrictions. It can only be said that all kinds of obfuscators seem to be safe for the time being. What I hope is that it can be restored to a readable form, and the intermediate analysis steps can be shown to me step by step, and an “anti-obfuscation report” can be output.

Can AI generate code that passes a certain test?

I mentioned my vision for the future of programming in an article ” A Prolog “24-point” solver ” many years ago:

I have an unrealistic dream about what programming should look like in the future: In the future, we can do real “test-driven development”: you only need to write test cases, and the computer will automatically generate programs that pass these test cases.

So I typed the following simple Python:

 def decode_percent(s: str) -> str: # 光标放在这里def test_decode_percent(): assert decode_percent('%E3%82%A2_%3a') == 'ア_:'

Press Ctrl-K at the cursor position and enter “can pass tests in this file”.

Generated code:

 def decode_percent(s: str) -> str: return s.replace('%', '').encode('utf-8').decode('unicode_escape')

I couldn’t pass the test after running it, so I started to communicate with it:

A: decode_percent does not pass the test_decode_percent test, please modify it to pass the test

Q: The decode_percent function is not passing the test_decode_percent test. One issue is that the function is not properly decoding the percent-encoded characters. To fix this, you can use the urllib.parse.unquote function to decode the percent-encoded characters. Here is the modified code:

 import urllib.parse def decode_percent(s: str) -> str: return urllib.parse.unquote(s.replace('%', '')) def test_decode_percent(): assert decode_percent('%E3%82%A2_%3a') == 'ア_:'

This should fix the issue and make the test pass.

(henix’s comment: this code is still wrong, you can’t pass this test, just run it and you will know. And if possible, I hope not to call the library function, because I originally wanted to implement this library function)

(henix comment 2: As can be seen from other people’s articles , ChatGPT seems to be unable to execute code)

(henix comment 3: Generating test cases based on implementation code is not amazing, generating implementation code based on test cases is truly revolutionary. I have not seen evidence that ChatGPT can achieve the latter)

Conclusion: I’m afraid it didn’t meet my expectations. Appears to be cobbled together from the context of the text without actually understanding or executing the code

At present, it seems that AI based on large language models can only be said to be a more efficient information integrator, or a search engine that searches for knowledge based on certain fuzzy conditions, but it cannot be said that it can create new knowledge. Areas that require very precise construction may be its weakness, areas that can be vaguely fooled may be its strength.

This article is transferred from: https://blog.henix.info/blog/test-on-cursor-so-ai/
This site is only for collection, and the copyright belongs to the original author.