Skip to content

Instantly share code, notes, and snippets.

@Xaekai

Xaekai/README.md

Created July 13, 2016 03:49
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Xaekai/375577fba927ab83c680b6f77d5f5f92 to your computer and use it in GitHub Desktop.
Save Xaekai/375577fba927ab83c680b6f77d5f5f92 to your computer and use it in GitHub Desktop.
Download ZIP
Deobfuscate free version of JavascriptObfuscator.com
Raw
README.md

Simple Javascript deobfuscator

Aims to deobfuscate the result of JavascriptObfuscator free version.

Run

To tun the script, you should have had node.js installed first. Requires node.js and following npm modules:

  • esprima
  • estraverse
  • escodegen

Simply run the following commands:

npm install esprima estraverse escodegen
node deobfuscator.js obfuscated-file.js

About the files

Raw
deobfuscated.js
var _0x6dc0 = [
'GET',
'/my/url',
'open',
'onload',
'status',
'responseText',
'parse',
'onerror',
'send',
'the-element',
'getElementById',
'opacity',
'style',
'requestAnimationFrame',
'classList',
'toggle',
' ',
'split',
'className',
'indexOf',
'splice',
'push',
'join'
];
(function () {
var _0xbafbx1 = new XMLHttpRequest();
_0xbafbx1.open('GET', '/my/url', true);
_0xbafbx1.onload = function () {
if (_0xbafbx1.status >= 200 && _0xbafbx1.status < 400) {
var _0xbafbx2 = JSON.parse(_0xbafbx1.responseText);
} else {
}
};
_0xbafbx1.onerror = function () {
};
_0xbafbx1.send();
var _0xbafbx3 = document.getElementById('the-element');
function _0xbafbx4(_0xbafbx3) {
_0xbafbx3.style.opacity = 0;
var _0xbafbx5 = +new Date();
var _0xbafbx6 = function () {
_0xbafbx3.style.opacity = +_0xbafbx3.style.opacity + (new Date() - _0xbafbx5) / 400;
_0xbafbx5 = +new Date();
if (+_0xbafbx3.style.opacity < 1) {
window.requestAnimationFrame && requestAnimationFrame(_0xbafbx6) || setTimeout(_0xbafbx6, 16);
}
;
};
_0xbafbx6();
}
_0xbafbx4(_0xbafbx3);
if (_0xbafbx3.classList) {
_0xbafbx3.classList.toggle(className);
} else {
var _0xbafbx7 = _0xbafbx3.className.split(' ');
var _0xbafbx8 = _0xbafbx7.indexOf(className);
if (_0xbafbx8 >= 0) {
_0xbafbx7.splice(_0xbafbx8, 1);
} else {
_0xbafbx7.push(className);
}
;
_0xbafbx3.className = _0xbafbx7.join(' ');
}
;
}());
Raw
deobfuscator.js
/**
* Author: ChiChou
*
* Deobfuscate code generated by free version of
* JavascriptObfuscator (https://javascriptobfuscator.com/Javascript-Obfuscator.aspx)
*
* Usage: node deobfuscator.js file.js>output.js
*
*/
var esprima = require('esprima');
var estraverse = require('estraverse');
var escodegen = require('escodegen');
function shouldSwitchScope(node) {
return node.type.match(/^Function(Express|Declarat)ion$/);
}
function main(fileName) {
var code = require('fs').readFileSync(fileName).toString();
var ast = esprima.parse(code);
var strings = {};
var scopeDepth = 0; // initial: global
// pass 1: extract all strings
estraverse.traverse(ast, {
enter: function(node) {
if (shouldSwitchScope(node)) {
scopeDepth++;
}
if (scopeDepth == 0 &&
node.type === esprima.Syntax.VariableDeclarator &&
node.init &&
node.init.type === esprima.Syntax.ArrayExpression &&
node.init.elements.every(function(e) {return e.type === esprima.Syntax.Literal})) {
strings[node.id.name] = node.init.elements.map(function(e) {
return e.value;
});
this.skip();
}
},
leave: function(node) {
if (shouldSwitchScope(node)) {
scopeDepth--;
}
}
});
// pass 2: restore code
ast = estraverse.replace(ast, {
enter: function(node) {
},
leave: function(node) {
// restore strings
if (node.type === esprima.Syntax.MemberExpression &&
node.computed &&
strings.hasOwnProperty(node.object.name) &&
node.property.type === esprima.Syntax.Literal
) {
var val = strings[node.object.name][node.property.value];
return {
type: esprima.Syntax.Literal,
value: val,
raw: val
}
}
if (node.type === esprima.Syntax.MemberExpression &&
node.property.type === esprima.Syntax.Literal &&
typeof node.property.value === 'string'
) {
return {
type: esprima.Syntax.MemberExpression,
computed: false,
object: node.object,
property: {
type: esprima.Syntax.Identifier,
name: node.property.value
}
}
}
}
});
console.log(escodegen.generate(ast));
}
main(process.argv[2]);
Raw
obfuscated.js
var _0x6dc0=["\x47\x45\x54","\x2F\x6D\x79\x2F\x75\x72\x6C","\x6F\x70\x65\x6E","\x6F\x6E\x6C\x6F\x61\x64","\x73\x74\x61\x74\x75\x73","\x72\x65\x73\x70\x6F\x6E\x73\x65\x54\x65\x78\x74","\x70\x61\x72\x73\x65","\x6F\x6E\x65\x72\x72\x6F\x72","\x73\x65\x6E\x64","\x74\x68\x65\x2D\x65\x6C\x65\x6D\x65\x6E\x74","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x6F\x70\x61\x63\x69\x74\x79","\x73\x74\x79\x6C\x65","\x72\x65\x71\x75\x65\x73\x74\x41\x6E\x69\x6D\x61\x74\x69\x6F\x6E\x46\x72\x61\x6D\x65","\x63\x6C\x61\x73\x73\x4C\x69\x73\x74","\x74\x6F\x67\x67\x6C\x65","\x20","\x73\x70\x6C\x69\x74","\x63\x6C\x61\x73\x73\x4E\x61\x6D\x65","\x69\x6E\x64\x65\x78\x4F\x66","\x73\x70\x6C\x69\x63\x65","\x70\x75\x73\x68","\x6A\x6F\x69\x6E"];(function(){var _0xbafbx1= new XMLHttpRequest();_0xbafbx1[_0x6dc0[2]](_0x6dc0[0],_0x6dc0[1],true);_0xbafbx1[_0x6dc0[3]]=function(){if(_0xbafbx1[_0x6dc0[4]]>=200&&_0xbafbx1[_0x6dc0[4]]<400){var _0xbafbx2=JSON[_0x6dc0[6]](_0xbafbx1[_0x6dc0[5]])}else {}};_0xbafbx1[_0x6dc0[7]]=function(){};_0xbafbx1[_0x6dc0[8]]();var _0xbafbx3=document[_0x6dc0[10]](_0x6dc0[9]);function _0xbafbx4(_0xbafbx3){_0xbafbx3[_0x6dc0[12]][_0x6dc0[11]]=0;var _0xbafbx5=+ new Date();var _0xbafbx6=function(){_0xbafbx3[_0x6dc0[12]][_0x6dc0[11]]=+_0xbafbx3[_0x6dc0[12]][_0x6dc0[11]]+( new Date()-_0xbafbx5)/400;_0xbafbx5=+ new Date();if(+_0xbafbx3[_0x6dc0[12]][_0x6dc0[11]]<1){(window[_0x6dc0[13]]&&requestAnimationFrame(_0xbafbx6))||setTimeout(_0xbafbx6,16)};};_0xbafbx6();}_0xbafbx4(_0xbafbx3);if(_0xbafbx3[_0x6dc0[14]]){_0xbafbx3[_0x6dc0[14]][_0x6dc0[15]](className)}else {var _0xbafbx7=_0xbafbx3[_0x6dc0[18]][_0x6dc0[17]](_0x6dc0[16]);var _0xbafbx8=_0xbafbx7[_0x6dc0[19]](className);if(_0xbafbx8>=0){_0xbafbx7[_0x6dc0[20]](_0xbafbx8,1)}else {_0xbafbx7[_0x6dc0[21]](className)};_0xbafbx3[_0x6dc0[18]]=_0xbafbx7[_0x6dc0[22]](_0x6dc0[16]);};})();
Raw
origin.js
(function() {
var request = new XMLHttpRequest();
request.open('GET', '/my/url', true);
request.onload = function() {
if (request.status >= 200 && request.status < 400) {
// Success!
var data = JSON.parse(request.responseText);
} else {
// We reached our target server, but it returned an error
}
};
request.onerror = function() {
// There was a connection error of some sort
};
request.send();
var el = document.getElementById('the-element');
function fadeIn(el) {
el.style.opacity = 0;
var last = +new Date();
var tick = function() {
el.style.opacity = +el.style.opacity + (new Date() - last) / 400;
last = +new Date();
if (+el.style.opacity < 1) {
(window.requestAnimationFrame && requestAnimationFrame(tick)) || setTimeout(tick, 16)
}
};
tick();
}
fadeIn(el);
if (el.classList) {
el.classList.toggle(className);
} else {
var classes = el.className.split(' ');
var existingIndex = classes.indexOf(className);
if (existingIndex >= 0)
classes.splice(existingIndex, 1);
else
classes.push(className);
el.className = classes.join(' ');
}
})()
@blackdzcuto
Copy link

blackdzcuto commented Nov 11, 2023 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment