Hello, during my academic research I came accros one website which has very disturbing levels of fingerprinting. How? It manages to detect that I come from same device despite me hooking, randomizing and changing more then 850 >0.0 entropy values. Including using VPN connection or proxies. I found the script that is responsible for that but the issue is that its heavily heavily obfuscated. I believe this vendor is abusing some zero day in Chromium to access some extremely high entropy values and I want to find out what this is and report it. The only thing I know about this script is that they save their collector variables inside object that has key "sigs". They append 124 attributes to this key which are objects representing some values. I was wondering is it possible somewhere in v8 to hook object creation and sniff for all objects that get added to this key value and dump them somewhere? In theory it sounds very possible, but in practice could it be done? Pseudo code of them doing this fingerprinting is something like this.
obj1 = {}
obj1['sigs '] = [1,2,3] //some important values
var obj2 = {}
obj2['sigs '] = [14,23,322222] //some important values
var obj3 = {}
obj3['sigs '] = [1,2,3,5,3,32,2,1,32] //some important values