how to de-obfuscate js code


the how-to follows, but I recommend to read the article..

If .. you want to prepare for your interview at Google, Jeff Walden suggests a hard-core approach:
…SpiderMonkey, Mozilla’s C JavaScript engine, … includes a decompiler which translates from SpiderMonkey bytecode to JavaScript (most people only use it the other way around). You can see it at work any time you convert a function to a string. … SpiderMonkey … decompiles the bytecode back to a JavaScript string representing the function as exactly as possible, while … formatting the decompiled source to be reasonably readable.
How … to reformat obfuscated source?

First, you get a copy of SpiderMonkey:

cvs co mozilla/js/src
cd mozilla/js/src
make -f Makefile.ref clean && make -f Makefile.ref # work around broken dependency system
./Linux_All_DBG.OBJ/js # to run the interpreter

Next, you dump the JS code you want to reformat into a function, and you have SpiderMonkey pretty-print it:

echo “function container() {” > obfuscated.js
cat file-to-clean-up.js >> obfuscated.js
echo “} print(container.toString());” >> obfuscated.js
path/to/js -f obfuscated.js

SpiderMonkey will then print the container function’s string representation, adjusting indentation and such to create a readable, if still name-obfuscated, version.
A couple things to know about this: first, SpiderMonkey doesn’t pretty-print functions found in expression context:

(function() {
print(“this won’t get cleaned up”);
call_method(function() {
print(“this will probably be crunched to one line”);
print(“not pretty-printed”);

These examples are converted (once stripped of the containing function) to:
(function () {print(“this won’t get cleaned up”);}());
call_method(function () {print(“this will probably be crunched to one line”);print(“not pretty-printed”);});

Lascia un commento