Module `refinery.lib.scripts.js.deobfuscation`

JavaScript AST deobfuscation transforms.

Expand source code Browse git

"""
JavaScript AST deobfuscation transforms.
"""
from __future__ import annotations

from refinery.lib.scripts.js.deobfuscation.antidbg import JsRemoveReDoS
from refinery.lib.scripts.js.deobfuscation.cff import JsControlFlowUnflattening
from refinery.lib.scripts.js.deobfuscation.constants import JsConstantInlining
from refinery.lib.scripts.js.deobfuscation.deadcode import JsDeadCodeElimination
from refinery.lib.scripts.js.deobfuscation.objectfold import JsObjectFold
from refinery.lib.scripts.js.deobfuscation.simplify import JsSimplifications
from refinery.lib.scripts.js.deobfuscation.stringarray import JsStringArrayResolver
from refinery.lib.scripts.js.deobfuscation.wrappers import JsCallWrapperInliner
from refinery.lib.scripts.js.model import JsScript
from refinery.lib.scripts.pipeline import DeobfuscationPipeline, TransformerGroup


_pipeline = DeobfuscationPipeline(
    groups=[
        TransformerGroup(
            'normalize',
            JsSimplifications,
            JsDeadCodeElimination,
        ),
        TransformerGroup(
            'fold',
            JsCallWrapperInliner,
            JsObjectFold,
            JsControlFlowUnflattening,
            JsConstantInlining,
        ),
        TransformerGroup(
            'resolve',
            JsStringArrayResolver,
        ),
        TransformerGroup(
            'cleanup',
            JsRemoveReDoS,
        ),
    ],
    dependencies={
        'fold': {'normalize'},
        'resolve': {'fold'},
        'cleanup': {'fold'},
    },
    invalidators={
        'normalize': {'fold', 'resolve'},
        'fold': {'normalize', 'resolve'},
        'resolve': {'normalize', 'fold'},
        'cleanup': set(),
    },
)


def deobfuscate(ast: JsScript, max_steps: int = 0) -> int:
    """
    Apply all available deobfuscators to the input.
    """
    return _pipeline.run(ast, max_steps=max_steps)

Sub-modules

refinery.lib.scripts.js.deobfuscation.antidbg: Remove the self-defending ReDoS anti-tamper pattern injected by javascript-obfuscator …
refinery.lib.scripts.js.deobfuscation.cff: Recover sequential code from control-flow-flattened dispatchers. The obfuscator replaces a sequence of statements with a dispatcher loop: …
refinery.lib.scripts.js.deobfuscation.constants: Inline constant variable references in JavaScript.
refinery.lib.scripts.js.deobfuscation.deadcode: Eliminate dead code branches guarded by constant conditions …
refinery.lib.scripts.js.deobfuscation.helpers: Shared utilities for JavaScript deobfuscation transforms.
refinery.lib.scripts.js.deobfuscation.objectfold: Inline properties of locally-defined constant object literals …
refinery.lib.scripts.js.deobfuscation.simplify: JavaScript syntax normalization transforms.
refinery.lib.scripts.js.deobfuscation.stringarray: Resolve the string-array rotation pattern produced by popular JavaScript obfuscators …
refinery.lib.scripts.js.deobfuscation.wrappers: Inline trivial function call wrappers …

Functions

def deobfuscate(ast, max_steps=0)

Apply all available deobfuscators to the input.

Expand source code Browse git

def deobfuscate(ast: JsScript, max_steps: int = 0) -> int:
    """
    Apply all available deobfuscators to the input.
    """
    return _pipeline.run(ast, max_steps=max_steps)