https://github.com/asutoshpalai/de-jsfuck

It deobfuscates JSFuck into readable JavaScript
https://github.com/asutoshpalai/de-jsfuck

common-lisp javascript jsfuck

Last synced: 3 days ago
JSON representation

It deobfuscates JSFuck into readable JavaScript

• Host: GitHub
• URL: https://github.com/asutoshpalai/de-jsfuck
• Owner: asutoshpalai
• License: gpl-3.0
• Created: 2017-03-25T18:37:08.000Z (about 8 years ago)
• Default Branch: master
• Last Pushed: 2018-02-27T04:25:52.000Z (over 7 years ago)
• Last Synced: 2025-03-24T01:01:43.250Z (3 months ago)
• Topics: common-lisp, javascript, jsfuck
• Language: Common Lisp
• Homepage:
• Size: 27.3 KB
• Stars: 40
• Watchers: 1
• Forks: 6
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# de-jsfuck

It deobfuscates JSFuck into readable JavaScript.

## Quick use guide

_If you have already setup SBCL with Quicklisp, the you can skip installing Roswell_

- Install and setup [Roswell](https://github.com/roswell/roswell#installation-dependency--usage)

- Run

      $ ./run.sh ''

## Background details

I had to get past some changing JSFuck code which injected some global variables and

get the values of those variables. My target was to reverse a JSFuck code with only

specific part varying every time. So, I embarked upon the strategy of pattern matching.

In the end, I was able to decode almost all of the JSFuck code.

The important observations on which the code is based are

- All codes began with a specific pattern which fetched `Function` of JS which

is used to generate functions from strings.

- All of them ended with () which called the generated function.

- The code between them had segments enclosed within () of [], sometimes

continuous, separated by +. They turned out to generate characters of the

string being concatenated with +.

Note: _I have added only those characters which I encountered during my inspection. The

token list is not complete. If you find `