javascriptdeobfuscation

How to un-obfuscate JavaScript starting with const and a bunch of vars

Hi i found this extension and would like to see the contents of the script itself to check what is actually does. I tried putting the script through all sort of javascript de/un-obfuscators and none worked.

Please tell me one that works or send me the de-obfuscated JS.

CODE HERE

Solution

  • The point of obfuscating something is so it cant be reversed. It has stripped all names and minified intentionally to make it as hard as possible.

    You can reverse it partially but it won't be very readable.

    For example if you obfuscate this

    function hi(first, second) {
  const third = first + second
  return third
}
hi(1, 2);

    You will get something like this.

    function hi(_0x850806,_0x3f2655){const _0x2231a6=_0x850806+_0x3f2655;return _0x2231a6;}hi(0x1,0x2);

    As this only uses primitive functionality it can easily be reversed to 

    function hi(_0x850806, _0x3f2655) {
  const _0x2231a6 = _0x850806 + _0x3f2655;
  return _0x2231a6;
}
hi(0x1, 0x2);

    However, if you use some more complex functions (eg Array.includes). Like this

    function hi(first, arr) {
  if (arr.includes(first)) {
    console.log('true')
  } else {
    console.log('false')
  }
}

const res = hi(1, [1, 2, 3]);

    This can be obfuscated to

    const _0x41ab=['includes','log','true'];(function(_0x4972c4,_0x6d8a76){const _0x4e2cf3=function(_0x383eb3){while(--_0x383eb3){_0x4972c4['push'](_0x4972c4['shift']());}};_0x4e2cf3(++_0x6d8a76);}(_0x41ab,0x1d7));const _0x4ad9=function(_0x4972c4,_0x6d8a76){_0x4972c4=_0x4972c4-0x0;let _0x4e2cf3=_0x41ab[_0x4972c4];return _0x4e2cf3;};function hi(_0x5b3f5d,_0x577a76){if(_0x577a76[_0x4ad9('0x0')](_0x5b3f5d)){console['log'](_0x4ad9('0x2'));}else{console[_0x4ad9('0x1')]('false');}}const res=hi(0x1,[0x1,0x2,0x3]);

    After tidying it up you get this.

    const _0x41ab = ['includes', 'log', 'true'];
(function(_0x4972c4, _0x6d8a76) {
  const _0x4e2cf3 = function(_0x383eb3) {
    while (--_0x383eb3) {
      _0x4972c4['push'](_0x4972c4['shift']());
    }
  };
  _0x4e2cf3(++_0x6d8a76);
}(_0x41ab, 0x1d7));
const _0x4ad9 = function(_0x4972c4, _0x6d8a76) {
  _0x4972c4 = _0x4972c4 - 0x0;
  let _0x4e2cf3 = _0x41ab[_0x4972c4];
  return _0x4e2cf3;
};

function hi(_0x5b3f5d, _0x577a76) {
  if (_0x577a76[_0x4ad9('0x0')](_0x5b3f5d)) {
    console['log'](_0x4ad9('0x2'));
  } else {
    console[_0x4ad9('0x1')]('false');
  }
}
const res = hi(0x1, [0x1, 0x2, 0x3]);

    As you can see, this snippet will give the same output as the non-obfuscated code, however, is much harder to read.

    Now imagine applying this to a big project and you see why it is almost impossible.