-
-
Notifications
You must be signed in to change notification settings - Fork 0
playground
The playground runs disrobe in your browser. The analysis passes are compiled to WebAssembly (the disrobe-wasm crate) and execute entirely client-side: you drop in a file, it is analyzed in the page, and nothing is uploaded. There is no server, no telemetry, and no account.
The playground exposes the read-only analysis surface, the operations that are safe to run on an untrusted file without writing to disk or executing the sample:
| Input | Operations |
|---|---|
Python .pyc
|
Disassemble and decompile to source. |
Python pickle (.pkl, .pt) |
Static disasm, symbolic trace, safety grading (scan for a REDUCE against a code-execution sink), and polyglot detection. Never unpickles. |
WebAssembly .wasm
|
Module summary and obfuscator detection. |
| Lua chunk | Dialect detection and decompile. |
| PyArmor-wrapped source | Version detection and protection-mode classification. |
| Any binary | String extraction, IOC scan (defanged), and a behavior summary. |
Everything is the same code the CLI runs, compiled to a different target. A pickle graded overtly_malicious in the playground grades the same way under disrobe pickle safety on the command line.
The playground inherits disrobe's static, deterministic posture. The pickle suite is symbolic: it walks the opcode stream and reconstructs the object graph without importing a module or calling __reduce__. The Python and WASM paths parse and lower bytecode without running it. The one thing the browser build deliberately omits is any code-execution path (the PyArmor dynamic hook and the BCC native lift), so there is nothing in the page that can run the sample.
Because the build is deterministic, a given file produces the same result on every load, which is what makes the playground usable as a quick triage step rather than a toy. For the full pass set, the chain runner, and the writeable emits, use the CLI or the library.
This wiki is generated from docs/src in the disrobe repository by scripts/wiki_sync.py. Edit the docs there, not the wiki pages here.
Getting started
Architecture
- Overview
- The five-rung IR ladder
- Passes and the capability model
- The chain runner
- The .dr envelope
- LLM sidecar and provenance
Reverse-engineering toolkit
Language and format guides
- Python
- JavaScript / TypeScript
- WebAssembly
- JVM and Android
- .NET / CIL
- Native (PE / ELF / Mach-O)
- Go
- Lua
- PHP
- Ruby
- BEAM (Erlang / Elixir)
- Swift / Objective-C
- ActionScript 3 / Flash
- Mobile (Hermes / Flutter)
- Python pickle
- Shell / PowerShell
- Containers and archives
Reference
- CLI overview
- Global flags
- Command reference
- Project configuration
- Batch directory processing
- Run reports
- Analysis-depth commands
- Diff and guard tooling
- The daemon: HTTP, gRPC, LSP, MCP
- Use it as a library
- Python bindings
- The browser playground
- Forensics and malware-safety posture
- Threat model
Integrations
Project