Deobfuscate Javascript code using LLMs ("AI")
This tool uses large language modeles (like ChatGPT & llama) and other tools to deobfuscate, unminify, transpile, decompile and unpack Javascript code. Note that LLMs don't perform any structural changes β they only provide hints to rename variables and functions. The heavy lifting is done by Babel on AST level to ensure code stays 1-1 equivalent.
v2 highlights compared to v1:
humanify
installable via npmGiven the following minified code:
function a(e,t){var n=[];var r=e.length;var i=0;for(;i<r;i+=t){if(i+t<r){n.push(e.substring(i,i+t))}else{n.push(e.substring(i,r))}}return n}
The tool will output a human-readable version:
function splitString(inputString, chunkSize) {
var chunks = [];
var stringLength = inputString.length;
var startIndex = 0;
for (; startIndex < stringLength; startIndex += chunkSize) {
if (startIndex + chunkSize < stringLength) {
chunks.push(inputString.substring(startIndex, startIndex + chunkSize));
} else {
chunks.push(inputString.substring(startIndex, stringLength));
}
}
return chunks;
}
π¨ NOTE: π¨
Large files may take some time to process and use a lot of tokens if you use ChatGPT. For a rough estimate, the tool takes about 2 tokens per character to process a file:
echo "$((2 * $(wc -c < yourscript.min.js)))"
So for refrence: a minified bootstrap.min.js
would take about $0.5 to
un-minify using ChatGPT.
Using humanify local
is of course free, but may take more time, be less
accurate and not possible with your existing hardware.
Prerequisites:
The preferred whay to install the tool is via npm:
npm install -g humanifyjs
This installs the tool to your machine globally. After the installation is done, you should be able to run the tool via:
humanify
If you want to try it out before installing, you can run it using npx
:
npx humanifyjs
This will download the tool and run it locally. Note that all examples here
expect the tool to be installed globally, but they should work by replacing
humanify
with npx humanifyjs
as well.
Next you'll need to decide whether to use openai
, gemini
or local
mode. In a
nutshell:
openai
or gemini
mode
local
mode
See instructions below for each option:
You'll need a ChatGPT API key. You can get one by signing up at https://openai.com/.
There are several ways to provide the API key to the tool:
humanify openai --apiKey="your-token" obfuscated-file.js
Alternatively you can also use an environment variable OPENAI_API_KEY
. Use
humanify --help
to see all available options.
You'll need a Google AI Studio key. You can get one by signing up at https://aistudio.google.com/.
You need to provice the API key to the tool:
humanify gemini --apiKey="your-token" obfuscated-file.js
Alternatively you can also use an environment variable GEMINI_API_KEY
. Use
humanify --help
to see all available options.
The local mode uses a pre-trained language model to deobfuscate the code. The model is not included in the repository due to its size, but you can download it using the following command:
humanify download 2b
This downloads the 2b
model to your local machine. This is only needed to do
once. You can also choose to download other models depending on your local
resources. List the available models using humanify download
.
After downloading the model, you can run the tool with:
humanify local obfuscated-file.js
This uses your local GPU to deobfuscate the code. If you don't have a GPU, the tool will automatically fall back to CPU mode. Note that using a GPU speeds up the process significantly.
Humanify has native support for Apple's M-series chips, and can fully utilize the GPU capabilities of your Mac.
The main features of the tool are:
If you'd like to contribute, please fork the repository and use a feature branch. Pull requests are warmly welcome.
The code in this project is licensed under MIT license.