This repository provides a specialized toolkit for advanced JavaScript reverse engineering, designed to tackle complex web obfuscation techniques and runtime analysis. It targets security researchers and developers who require deep insights into client-side code, offering capabilities for reconstructing request chains, deconstructing obfuscated code, and analyzing runtime behavior to bypass anti-analysis measures.

How It Works

The project employs a strategy of instrumenting real browser environments to capture execution data, which is then leveraged to construct verifiable "evidence" of request chains. It focuses on identifying the origins of dynamic data ("write boundaries"), deconstructing various obfuscation layers including JSVMP, AST, WASM, and Webpack runtimes, and aligning runtime behavior with expected outcomes through checkpoint validation. This approach aims to provide accurate, actionable analysis conclusions for reverse engineering tasks.

Quick Start & Requirements

Installation involves copying the jsr-reverse directory into the skill root directory for specific AI coding assistants (Codex, Claude Code). A detailed prompt example illustrates usage, requiring a real browser for instrumentation to collect input/output and intermediate state data for comparison with local algorithms. Specific requirements like cookie handling, environment simulation, and whether pure algorithm implementation is feasible must be defined per task.

Highlighted Details

• Request Chain Evidence: Establishes verifiable evidence around target requests, trigger actions, upstream dependencies, and state consumption, including risk control forks.
• Write Boundary Proof: Pinpoints the exact writers, builders, and sinks for dynamic fields, request headers, cookies, and message objects.
• Shell Recovery: Deconstructs complex obfuscation layers such as JSVMP, AST transformations, Web Workers, WASM modules, Webpack runtimes, and protocol encapsulations.
• Runtime Alignment & Checkpoint Validation: Identifies execution deviations caused by runtime factors and validates intermediate states against fixed samples to produce reliable conclusions.

Maintenance & Community

No specific details regarding maintainers, community channels (e.g., Discord, Slack), or project roadmaps are provided in the README.

Licensing & Compatibility

The README does not specify a software license, nor does it provide information regarding compatibility for commercial use or linking with closed-source projects.

Limitations & Caveats

The repository appears to be designed for integration within specific AI coding environments rather than as a standalone, easily deployable tool. Clear instructions for general installation, dependencies beyond AI assistant integration, and licensing information are absent, potentially posing adoption challenges for users outside its intended ecosystem.