Restringer

Deobfuscate Javascript and reconstruct strings. Simplify cumbersome logic where possible while adhering to scope limitations.


Installation

Requires Node 17 or newer.

git clone [email protected]:PerimeterX/restringer.git
cd restringer
npm install

Usage

The restringer.js uses generic deobfuscation methods that reconstruct and restore obfuscated strings and simplifies redundant logic meant only to encumber. REstringer employs the Obfuscation Detector to identify specific types of obfuscation for which there’s a need to apply specific deobfuscation methods in order to circumvent anti-debugging mechanisms or other code traps preventing the script from being deobfuscated.

Command-Line Usage

Output deobfuscated result to STDOUT (nothing will print if deobfuscation failed)

node restringer.js script.js

Show debug information and save deobfuscated script to script.js-<obfuscation-type>-deob.js

export DEOBDEBUG=true && node restringer.js script.js

Log level can be adusted via the DEOBDEBUGLEVEL environment variable for more or less granular log output. The default level is an arbitrary 50, simply to leave space for other levels to be added when needed.

export DEOBDEBUG=true && DEOBDEBUGLEVEL=50 && node restringer.js script.js

Level 1 is most verbose, level 2 is a good value to use for debugging.

Use as a Module

const REstringer = require('restringer');

const restringer = new REstringer('"RE" + "stringer"');
if (restringer.deobfuscate()) {
    console.log(restringer.script);
} else {
    console.log('Nothing was deobfuscated :/');
}
// Output: 'REstringer';

Read More


TODO

  • Replace environment variables with proper program arguments.
  • Create binary tool that can be installed via npm install -g restringer

GitHub

View Github