Skip to content
It deobfuscates JSFuck into readable JavaScript
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
LICENSE
README.md
de-jsfuck.asd
de-jsfuck.lisp
jsfuck-map.lisp
package.lisp
run.sh

README.md

de-jsfuck

It deobfuscates JSFuck into readable JavaScript.

Quick use guide

If you have already setup SBCL with Quicklisp, the you can skip installing Roswell

  • Install and setup Roswell

  • Run

    $ ./run.sh '<File_Name_Containg_JsFuck_Code>'
    

Background details

I had to get past some changing JSFuck code which injected some global variables and get the values of those variables. My target was to reverse a JSFuck code with only specific part varying every time. So, I embarked upon the strategy of pattern matching. In the end, I was able to decode almost all of the JSFuck code.

The important observations on which the code is based are

  • All codes began with a specific pattern which fetched Function of JS which is used to generate functions from strings.

  • All of them ended with () which called the generated function.

  • The code between them had segments enclosed within () of [], sometimes continuous, separated by +. They turned out to generate characters of the string being concatenated with +.

Note: I have added only those characters which I encountered during my inspection. The token list is not complete. If you find <unknown: section in your output, you can evaluate them and add them to the mapping in jsfuck-map.lisp. A pull request on the same will also benifit a larger audience.

TODO

  • Check the missing characters and add support for them too.

Blog post

You can’t perform that action at this time.