Exploring six characters in JavaScript

Exploring the six characters in JavaScript is a strange and interesting language, and we can write crazy but still effective code. It tries to help us transform things to specific types based on how we treat them.

If we add a string, JavaScript will assume that we want to represent it in text format, so convert it into a string. If we add a positive or negative prefix, JavaScript assumes that we want to represent it as a numerical value. If possible, it will convert the string to a number. If we add a negative sign, JavaScript will convert the string into a Boolean value.

We can use [,], (,),! In Javascript. And + these six symbols write some magical code. If you are not on a mobile phone, you can open the browser console. You can paste any sample code to the console and the code value is true.

Let's start from the most basic point and remember some gold rules:

! The subsequent characters are converted to boolean values.

+ The subsequent characters are converted to numerical values.

[] The subsequent characters are converted into strings.

Let's look at the following example:

![] === false+[] === 0[]+[] === ""

Another thing you should know is that it can retrieve specific letters from strings using square brackets, like this:

"hello"[0] === "h"

Remember to add strings to indicate multiple numbers together and then convert the entire expression into a number:

+("1" + "1") === 11

We continue to combine some things to get the letter.

![] === false![]+[] === "false"+!![] === 1------------------------(![]+[])[+!![]] === "a"  // same as "false"[1]

The opposite is true!

We can use true and false to obtain letters like a, e, f, l, r, s, t, u. Can we get letters from other places?

We can get undefined through some special formulas such as [] [], and use the golden rule we mentioned above to get the other letters d, I, and n.

`[][[]] + [] === "undefined"`

So far, with all the letters we have obtained, we can spell fill, filter, and find. Of course there are some other words that we can also spell, but the most important thing about these words is that they are all array methods. This means they are part of the array object and can directly call the array instance, such as [2, 1]. sort ().

Another important feature of understanding JavaScript is that the attributes of an object can be accessed through the dot symbol or square brackets. The preceding array method is the attribute of the array object. We can use square brackets instead of the dot symbol to call these methods.

Therefore, [2, 1] ["sort"] () is equivalent to [2, 1]. sort ().

Let's continue to look at what will happen when we try to use an array method. We can use letters that we have spelled so far but have not called.

[]["fill"]

This will get function fill () {[native code]}. We can use this method header as a string again using our golden rule:

[]["fill"]+[] === "function fill() { [native code] }"

So now we get other characters: c, o, v, (,), {, [,],}.

With the new c and o, we can now form the word constructor. A constructor is a method. All JS objects only return their own constructor.

For the object we have processed so far, we can get the constructor function represented by a string:

true["constructor"] + [] === "function Boolean() { [native code] }"  0["constructor"] + []    === "function Number() { [native code] }"  ""["constructor"] + []   === "function String() { [native code] }"[]["constructor"] + []   === "function Array() { [native code] }"({})["constructor"] + [] === "function Object() { [native code] }"

With these sub-statements, we can add the following characters to our library:

Now we can construct a function "toString" 'that we can use square brackets. We can call it like this:

(10)["toString"]() === "10"

With our golden rule, we can convert any string we want to convert, but how can we use the formula above?

Well, I will tell you that the toString method of the Number type has an argument called radix ("base. It can convert a value to a string by base number first, as shown in the following figure:

(12) ["toString"] (10) = "12" // decimal (12) ["toString"] (2) = "1100" // binary (12) ["toString"] (8) = "14" // octal (12) ["toString"] (16) === "c" // hexadecimal

But why is the base number only written to 16? The maximum value is 36, including all characters 0-9 and a-z, so now we can get any letter number we want:

(10)["toString"](36) === "a"(35)["toString"](36) === "z"

Great! But what about other symbols, such as punctuation marks and uppercase letters? We will explore it in depth.

It depends on the execution of your JS, it may or may not access specific predefined objects or data. If you run it in a browser, you can access some existing HTML wrapper methods.

For example, bold is a string method encapsulated in the <> label.

"test"["bold"]() === "test"

Here we get the <> and/characters.

You may have heard of the escape method, which converts a string to a URI-friendly format and can be interpreted by a simple browser. If we pass a space character, we get "% 20 ".

Here is a tool that can automatically convert each character. Tool address: http://www.jsfuck.com/Source Code address: https://raw.githubusercontent.com/aemkei/jsfuck/master/jsfuck.js

Why are these characters useful?

It is not a bad thing for Ebay. Not long ago, it allowed sellers to execute JS in pages to use only these characters, but it is a fairly rare attack vector. Some people say obfuscation, but in fact there are better ways to obfuscation.

Finally, I hope you will like this quest.

Resource:

Https://en.wikipedia.org/wiki/JSFuck

Https://esolangs.org/wiki/JSFuck

Http://patriciopalladino.com/blog/2012/08/09/non-alphanumeric-javascript.html

Https://raw.githubusercontent.com/aemkei/jsfuck/master/jsfuck.js