Automating Javascript Deobfuscation

Presented at LayerOne 2017, May 28, 2017, 4 p.m. (60 minutes)

Most Javascript deobfuscation seems to be reliant on mocking functions like eval() and making objects like `WScript` available, running the (potentially malicious!) javascript, either in a browser tab or nodejs, and printing out what was passed to mocked functions. This talk covers what a more “right” approach might be, which is to say that most current Javascript can be meaningfully deobfuscated with a few optimizations often used by compilers to reduce code size. I’ll also walk through a example implementation of those same techniques to deobfuscate some malicious Javascript from the wild plains of The Internet.


  • Iximeow
    Computer guy. Software engineer. Reverse engineer. Ivory tower academic. Nerd on the internet. Iximeow has been called all of these things, and more. 4/5 people agree – Iximeow really likes weird computer things.


Similar Presentations: