Skip to content
/ humanify Public

Deobfuscate Javascript code using ChatGPT

License

Notifications You must be signed in to change notification settings

jehna/humanify

Repository files navigation

HumanifyJS

Deobfuscate Javascript code using LLMs ("AI")

This tool uses large language modeles (like ChatGPT & llama) and other tools to deobfuscate, unminify, transpile, decompile and unpack Javascript code. Note that LLMs don't perform any structural changes – they only provide hints to rename variables and functions. The heavy lifting is done by Babel on AST level to ensure code stays 1-1 equivalent.

Version 2 is out! 🎉

v2 highlights compared to v1:

  • Python not required anymore!
  • A lot of tests, the codebase is actually maintanable now
  • Renewed CLI tool humanify installable via npm

➡️ Check out the introduction blog post for in-depth explanation!

Example

Given the following minified code:

function a(e,t){var n=[];var r=e.length;var i=0;for(;i<r;i+=t){if(i+t<r){n.push(e.substring(i,i+t))}else{n.push(e.substring(i,r))}}return n}

The tool will output a human-readable version:

function splitString(inputString, chunkSize) {
  var chunks = [];
  var stringLength = inputString.length;
  var startIndex = 0;
  for (; startIndex < stringLength; startIndex += chunkSize) {
    if (startIndex + chunkSize < stringLength) {
      chunks.push(inputString.substring(startIndex, startIndex + chunkSize));
    } else {
      chunks.push(inputString.substring(startIndex, stringLength));
    }
  }
  return chunks;
}

🚨 NOTE: 🚨

Large files may take some time to process and use a lot of tokens if you use ChatGPT. For a rough estimate, the tool takes about 2 tokens per character to process a file:

echo "$((2 * $(wc -c < yourscript.min.js)))"

So for refrence: a minified bootstrap.min.js would take about $0.5 to un-minify using ChatGPT.

Using humanify local is of course free, but may take more time, be less accurate and not possible with your existing hardware.

Getting started

Installation

Prerequisites:

  • Node.js >=20

The preferred whay to install the tool is via npm:

npm install -g humanifyjs

This installs the tool to your machine globally. After the installation is done, you should be able to run the tool via:

humanify

If you want to try it out before installing, you can run it using npx:

npx humanifyjs

This will download the tool and run it locally. Note that all examples here expect the tool to be installed globally, but they should work by replacing humanify with npx humanifyjs as well.

Usage

Next you'll need to decide whether to use openai, gemini or local mode. In a nutshell:

  • openai or gemini mode
    • Runs on someone else's computer that's specifically optimized for this kind of things
    • Costs money depending on the length of your code
    • Is more accurate
  • local mode
    • Runs locally
    • Is free
    • Is less accurate
    • Runs as fast as your GPU does (it also runs on CPU, but may be very slow)

See instructions below for each option:

OpenAI mode

You'll need a ChatGPT API key. You can get one by signing up at https://openai.com/.

There are several ways to provide the API key to the tool:

humanify openai --apiKey="your-token" obfuscated-file.js

Alternatively you can also use an environment variable OPENAI_API_KEY. Use humanify --help to see all available options.

Gemini mode

You'll need a Google AI Studio key. You can get one by signing up at https://aistudio.google.com/.

You need to provice the API key to the tool:

humanify gemini --apiKey="your-token" obfuscated-file.js

Alternatively you can also use an environment variable GEMINI_API_KEY. Use humanify --help to see all available options.

Local mode

The local mode uses a pre-trained language model to deobfuscate the code. The model is not included in the repository due to its size, but you can download it using the following command:

humanify download 2b

This downloads the 2b model to your local machine. This is only needed to do once. You can also choose to download other models depending on your local resources. List the available models using humanify download.

After downloading the model, you can run the tool with:

humanify local obfuscated-file.js

This uses your local GPU to deobfuscate the code. If you don't have a GPU, the tool will automatically fall back to CPU mode. Note that using a GPU speeds up the process significantly.

Humanify has native support for Apple's M-series chips, and can fully utilize the GPU capabilities of your Mac.

Features

The main features of the tool are:

  • Uses ChatGPT functions/local models to get smart suggestions to rename variable and function names
  • Uses custom and off-the-shelf Babel plugins to perform AST-level unmanging
  • Uses Webcrack to unbundle Webpack bundles

Contributing

If you'd like to contribute, please fork the repository and use a feature branch. Pull requests are warmly welcome.

Licensing

The code in this project is licensed under MIT license.

About

Deobfuscate Javascript code using ChatGPT

Resources

License

Stars

Watchers

Forks