Skip to content

Instantly share code, notes, and snippets.

@Xaekai Xaekai/README.md forked from ChiChou/README.md
Created Jul 13, 2016

Embed
What would you like to do?
Deobfuscate free version of JavascriptObfuscator.com

Simple Javascript deobfuscator

Aims to deobfuscate the result of JavascriptObfuscator free version.

Run

To tun the script, you should have had node.js installed first. Requires node.js and following npm modules:

  • esprima
  • estraverse
  • escodegen

Simply run the following commands:

npm install esprima estraverse escodegen
node deobfuscator.js obfuscated-file.js

About the files

var _0x6dc0 = [
'GET',
'/my/url',
'open',
'onload',
'status',
'responseText',
'parse',
'onerror',
'send',
'the-element',
'getElementById',
'opacity',
'style',
'requestAnimationFrame',
'classList',
'toggle',
' ',
'split',
'className',
'indexOf',
'splice',
'push',
'join'
];
(function () {
var _0xbafbx1 = new XMLHttpRequest();
_0xbafbx1.open('GET', '/my/url', true);
_0xbafbx1.onload = function () {
if (_0xbafbx1.status >= 200 && _0xbafbx1.status < 400) {
var _0xbafbx2 = JSON.parse(_0xbafbx1.responseText);
} else {
}
};
_0xbafbx1.onerror = function () {
};
_0xbafbx1.send();
var _0xbafbx3 = document.getElementById('the-element');
function _0xbafbx4(_0xbafbx3) {
_0xbafbx3.style.opacity = 0;
var _0xbafbx5 = +new Date();
var _0xbafbx6 = function () {
_0xbafbx3.style.opacity = +_0xbafbx3.style.opacity + (new Date() - _0xbafbx5) / 400;
_0xbafbx5 = +new Date();
if (+_0xbafbx3.style.opacity < 1) {
window.requestAnimationFrame && requestAnimationFrame(_0xbafbx6) || setTimeout(_0xbafbx6, 16);
}
;
};
_0xbafbx6();
}
_0xbafbx4(_0xbafbx3);
if (_0xbafbx3.classList) {
_0xbafbx3.classList.toggle(className);
} else {
var _0xbafbx7 = _0xbafbx3.className.split(' ');
var _0xbafbx8 = _0xbafbx7.indexOf(className);
if (_0xbafbx8 >= 0) {
_0xbafbx7.splice(_0xbafbx8, 1);
} else {
_0xbafbx7.push(className);
}
;
_0xbafbx3.className = _0xbafbx7.join(' ');
}
;
}());
/**
* Author: ChiChou
*
* Deobfuscate code generated by free version of
* JavascriptObfuscator (https://javascriptobfuscator.com/Javascript-Obfuscator.aspx)
*
* Usage: node deobfuscator.js file.js>output.js
*
*/
var esprima = require('esprima');
var estraverse = require('estraverse');
var escodegen = require('escodegen');
function shouldSwitchScope(node) {
return node.type.match(/^Function(Express|Declarat)ion$/);
}
function main(fileName) {
var code = require('fs').readFileSync(fileName).toString();
var ast = esprima.parse(code);
var strings = {};
var scopeDepth = 0; // initial: global
// pass 1: extract all strings
estraverse.traverse(ast, {
enter: function(node) {
if (shouldSwitchScope(node)) {
scopeDepth++;
}
if (scopeDepth == 0 &&
node.type === esprima.Syntax.VariableDeclarator &&
node.init &&
node.init.type === esprima.Syntax.ArrayExpression &&
node.init.elements.every(function(e) {return e.type === esprima.Syntax.Literal})) {
strings[node.id.name] = node.init.elements.map(function(e) {
return e.value;
});
this.skip();
}
},
leave: function(node) {
if (shouldSwitchScope(node)) {
scopeDepth--;
}
}
});
// pass 2: restore code
ast = estraverse.replace(ast, {
enter: function(node) {
},
leave: function(node) {
// restore strings
if (node.type === esprima.Syntax.MemberExpression &&
node.computed &&
strings.hasOwnProperty(node.object.name) &&
node.property.type === esprima.Syntax.Literal
) {
var val = strings[node.object.name][node.property.value];
return {
type: esprima.Syntax.Literal,
value: val,
raw: val
}
}
if (node.type === esprima.Syntax.MemberExpression &&
node.property.type === esprima.Syntax.Literal &&
typeof node.property.value === 'string'
) {
return {
type: esprima.Syntax.MemberExpression,
computed: false,
object: node.object,
property: {
type: esprima.Syntax.Identifier,
name: node.property.value
}
}
}
}
});
console.log(escodegen.generate(ast));
}
main(process.argv[2]);
var _0x6dc0=["\x47\x45\x54","\x2F\x6D\x79\x2F\x75\x72\x6C","\x6F\x70\x65\x6E","\x6F\x6E\x6C\x6F\x61\x64","\x73\x74\x61\x74\x75\x73","\x72\x65\x73\x70\x6F\x6E\x73\x65\x54\x65\x78\x74","\x70\x61\x72\x73\x65","\x6F\x6E\x65\x72\x72\x6F\x72","\x73\x65\x6E\x64","\x74\x68\x65\x2D\x65\x6C\x65\x6D\x65\x6E\x74","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x6F\x70\x61\x63\x69\x74\x79","\x73\x74\x79\x6C\x65","\x72\x65\x71\x75\x65\x73\x74\x41\x6E\x69\x6D\x61\x74\x69\x6F\x6E\x46\x72\x61\x6D\x65","\x63\x6C\x61\x73\x73\x4C\x69\x73\x74","\x74\x6F\x67\x67\x6C\x65","\x20","\x73\x70\x6C\x69\x74","\x63\x6C\x61\x73\x73\x4E\x61\x6D\x65","\x69\x6E\x64\x65\x78\x4F\x66","\x73\x70\x6C\x69\x63\x65","\x70\x75\x73\x68","\x6A\x6F\x69\x6E"];(function(){var _0xbafbx1= new XMLHttpRequest();_0xbafbx1[_0x6dc0[2]](_0x6dc0[0],_0x6dc0[1],true);_0xbafbx1[_0x6dc0[3]]=function(){if(_0xbafbx1[_0x6dc0[4]]>=200&&_0xbafbx1[_0x6dc0[4]]<400){var _0xbafbx2=JSON[_0x6dc0[6]](_0xbafbx1[_0x6dc0[5]])}else {}};_0xbafbx1[_0x6dc0[7]]=function(){};_0xbafbx1[_0x6dc0[8]]();var _0xbafbx3=document[_0x6dc0[10]](_0x6dc0[9]);function _0xbafbx4(_0xbafbx3){_0xbafbx3[_0x6dc0[12]][_0x6dc0[11]]=0;var _0xbafbx5=+ new Date();var _0xbafbx6=function(){_0xbafbx3[_0x6dc0[12]][_0x6dc0[11]]=+_0xbafbx3[_0x6dc0[12]][_0x6dc0[11]]+( new Date()-_0xbafbx5)/400;_0xbafbx5=+ new Date();if(+_0xbafbx3[_0x6dc0[12]][_0x6dc0[11]]<1){(window[_0x6dc0[13]]&&requestAnimationFrame(_0xbafbx6))||setTimeout(_0xbafbx6,16)};};_0xbafbx6();}_0xbafbx4(_0xbafbx3);if(_0xbafbx3[_0x6dc0[14]]){_0xbafbx3[_0x6dc0[14]][_0x6dc0[15]](className)}else {var _0xbafbx7=_0xbafbx3[_0x6dc0[18]][_0x6dc0[17]](_0x6dc0[16]);var _0xbafbx8=_0xbafbx7[_0x6dc0[19]](className);if(_0xbafbx8>=0){_0xbafbx7[_0x6dc0[20]](_0xbafbx8,1)}else {_0xbafbx7[_0x6dc0[21]](className)};_0xbafbx3[_0x6dc0[18]]=_0xbafbx7[_0x6dc0[22]](_0x6dc0[16]);};})();
(function() {
var request = new XMLHttpRequest();
request.open('GET', '/my/url', true);
request.onload = function() {
if (request.status >= 200 && request.status < 400) {
// Success!
var data = JSON.parse(request.responseText);
} else {
// We reached our target server, but it returned an error
}
};
request.onerror = function() {
// There was a connection error of some sort
};
request.send();
var el = document.getElementById('the-element');
function fadeIn(el) {
el.style.opacity = 0;
var last = +new Date();
var tick = function() {
el.style.opacity = +el.style.opacity + (new Date() - last) / 400;
last = +new Date();
if (+el.style.opacity < 1) {
(window.requestAnimationFrame && requestAnimationFrame(tick)) || setTimeout(tick, 16)
}
};
tick();
}
fadeIn(el);
if (el.classList) {
el.classList.toggle(className);
} else {
var classes = el.className.split(' ');
var existingIndex = classes.indexOf(className);
if (existingIndex >= 0)
classes.splice(existingIndex, 1);
else
classes.push(className);
el.className = classes.join(' ');
}
})()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.