This projects aims to combine the best features of other javascript deobfuscators and unpackers into one tool, while improving on them in the following ways:
- 🚀 Performance - Especially for large files
- 🛡️ Safety - Considers variable references and scope
- 🔬 Auto-detection - Finds code patterns without needing a config
- ✍🏻 Readability - Removes obfuscator/bundler artifacts
- ⌨️ TypeScript - All code is written in TypeScript
- 🧪 Tests - To make sure nothing breaks
npm install -g webcrackOnline version: webcrack.netlify.app
Usage: webcrack [options] <file>
Deobfuscate, unminify and unpack bundled javascript
Arguments:
file input file
Options:
-V, --version output the version number
-o, --output <path> output directory (default: "webcrack-out")
-f, --force overwrite output directory
-h, --help display help for command
import { webcrack } from 'webcrack';
console.log((await webcrack('const a = 1+1;')).code);Can be used to deobfuscate code obfuscated with the following options:
- String Array
- Rotate
- Shuffle
- Index Shift
- Calls Transform
- Variable/Function Wrapper Type
- None/Base64/RC4 Encoding
- Split Strings
- Other Transformations
- Compact
- Simplify
- Numbers To Expressions
- Control Flow Flattening
- Dead Code Injection
- Disable Console Output
- Self Defending
- Debug Protection
- Domain Lock
console['\x6c\x6f\x67']('\x61'); // console.log('a')
x && y && z(); // if (x && y) z();
x || y || z(); // if (!(x || y)) z();
!0; // true
!1; // false
![]; // false
!![]; // true
return a(), b(), c(); // a(); b(); return c();
if ((a(), b())) c(); // a(); if (b()) c();
void 0; // undefined
'red' === color; // color === 'red'Convert react components to JSX.
React.createElement(
'div',
null,
React.createElement('span', null, 'Hello ', name)
);->
<div>
<span>Hello {name}</span>
</div>Currently supported bundlers: webpack v4, v5, browserify
- Each module of a bundle gets extracted into a separate file
- The require/runtime code gets transformed
- Modules may get converted to ESM
- You can modify the unpacked modules and bundle them again¹:
npx webpack-cli ./webcrack-out
¹: only for webpack bundles, may require a custom config
Useful for reverse-engineering and tracking changes across multiple versions of a bundle.
The values are matchers. If they match a node in the AST, the module's path is changed to the corresponding key.
Example:
import { webcrack } from 'webcrack';
import { readFileSync } from 'fs';
const result = await webcrack(readFileSync('webpack-bundle.js', 'utf8'), {
mappings: m => ({
'utils/color.js': m.regExpLiteral('^#([0-9a-f]{3}){1,2}$'),
'node_modules/lodash/index.js': m.memberExpression(
m.identifier('lodash'),
m.identifier('map')
),
}),
});
result.save('output-dir');See @codemod/matchers for more information about matchers.