JS-Deobfuscator

A high-performance JavaScript deobfuscator built on the OXC Rust AST library.

Features

• 3-Layer Architecture: ECMA → Runtime → Extensions
• V8 Sandbox: Safe execution for string decoding
• Convergence Loop: Iterates until no more transformations
• High Performance: Built on OXC's fast parser

Installation

Add to your Cargo.toml:

[dependencies]
js-deobfuscator = "0.1.1"

Quick Start

Simple API (Recommended)

use js_deobfuscator::{JSDeobfuscator, Extension};

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let source = std::fs::read_to_string("obfuscated.js")?;
    
    // Standard deobfuscation (ECMA + Runtime)
    let output = JSDeobfuscator::new()
        .deobfuscate(&source)?;
    
    // With string rotator extension
    let output = JSDeobfuscator::new()
        .ecma(true)
        .runtime(true)
        .extensions([Extension::StringRotator])
        .deobfuscate(&source)?;
    
    std::fs::write("clean.js", output)?;
    Ok(())
}

One-liner Functions

use js_deobfuscator::{deobfuscate, deobfuscate_full};

// Standard (ECMA + Runtime)
let output = deobfuscate("var a = 1 + 2;")?;

// Full (all extensions enabled)
let output = deobfuscate_full(&obfuscated_source)?;

With Result Details

use js_deobfuscator::{JSDeobfuscator, Extension};

let result = JSDeobfuscator::new()
    .ecma(true)
    .runtime(true)
    .extensions([Extension::StringRotator])
    .max_iterations(50)
    .deobfuscate_with_result(&source)?;

println!("Iterations: {}", result.iterations);
println!("Modifications: {}", result.modifications);
println!("Converged: {}", result.converged);
println!("{}", result.code);

Low-Level Engine API

For advanced use cases with full control:

use js_deobfuscator::{Engine, EngineConfig};
use oxc::allocator::Allocator;
use oxc::codegen::Codegen;
use oxc::parser::Parser;
use oxc::span::SourceType;

let allocator = Allocator::default();
let mut program = Parser::new(&allocator, &source, SourceType::mjs()).parse().program;

let config = EngineConfig::full().with_max_iterations(50);
let engine = Engine::with_config(config);
let result = engine.run(&allocator, &mut program)?;

let output = Codegen::new().build(&program).code;

Configuration

Layers

Extensions

Architecture

┌─────────────────────────────────────────────────────────────┐
│                    JS-Deobfuscator                          │
├─────────────────────────────────────────────────────────────┤
│  Layer 1: ECMA (ECMAScript standard)                        │
│  ├── Operators: +, -, *, /, %, **, &, |, ^, ~, <<, >>       │
│  ├── Unary: !, +, -, ~, typeof, void                        │
│  ├── Comparison: ===, !==, <, >, <=, >=                     │
│  ├── Logical: &&, ||, ??                                    │
│  ├── Ternary: cond ? a : b                                  │
│  ├── String: +, [], .length, .charAt, .slice, etc.          │
│  ├── Array: .length, .join, .indexOf, etc.                  │
│  └── Number: parseInt, parseFloat, isNaN, isFinite          │
├─────────────────────────────────────────────────────────────┤
│  Layer 2: Runtime (Browser/Node APIs)                       │
│  ├── Encoding: atob, btoa                                   │
│  └── Deprecated: escape, unescape                           │
├─────────────────────────────────────────────────────────────┤
│  Layer 3: Extensions (Obfuscator patterns)                  │
│  └── String Rotator: obfuscator.io style string arrays      │
└─────────────────────────────────────────────────────────────┘

Supported Transformations

Layer 1: ECMA

Layer 2: Runtime

Layer 3: Extensions

Examples

# Run examples
cargo run --example test_string_rotator -- input.js
cargo run --example full_pipeline
cargo run --example simple_deob

License

Apache-2.0 - see LICENSE