xbsReverseSkill  by lwjjike

AI toolkit for web and JavaScript reverse engineering

Created 3 months ago
297 stars

Top 89.2% on SourcePulse

GitHubView on GitHub
Project Summary

Summary

This repository, lwjjike/xbsReverseSkill, offers a specialized toolkit for web and JavaScript reverse engineering. It addresses complex challenges in deobfuscation, algorithmic analysis, and browser environment simulation, providing engineers and researchers with targeted skills to dissect obfuscated code, understand intricate protocols, and bypass anti-analysis techniques. The primary benefit is enabling deeper analysis of protected web applications and services.

How It Works

The project comprises distinct skill modules. ast-deobfuscation employs Babel AST for layered, fall-back deobfuscation, targeting common obfuscation patterns like identifier mangling, string encryption, and control flow flattening, with specialized modes for various obfuscation families. web-reverse-algorithm focuses on pure computation and protocol analysis, aiding in reverse engineering complex signatures, mixed encryption, JSVMP/VMP, Wasm, and challenge-response mechanisms, aiming to produce reusable solvers or SDKs. The web-js-env-patcher (superseding the deprecated web-reverse-env) provides modular browser environment simulation and runtime patching, addressing anti-detection, fingerprint alignment, and risk control measures by reconstructing critical browser APIs like navigator, document, and crypto.

Quick Start & Requirements

Installation involves copying skill directories (ast-deobfuscation, web-reverse-algorithm, web-js-env-patcher) into the .codex/skills or .claude/skills directories for their respective CLIs. Claude CLI setup requires Node.js and Git, global installation of @anthropic-ai/claude-code, and configuring the CLAUDE_CODE_GIT_BASH_PATH environment variable. Usage is via the claude command. For third-party interfaces, ANTHROPIC_AUTH_TOKEN and ANTHROPIC_BASE_URL environment variables must be set. Users are advised to disable certain skills when using web-js-env-patcher to prevent conflicts.

Highlighted Details

  • ast-deobfuscation includes specialized pipeline scripts for popular obfuscation families like reese84, Tencent, and Geetest.
  • web-reverse-algorithm is designed to facilitate the creation of automated solvers, SDKs, or services from reverse engineering findings.
  • web-js-env-patcher offers modular construction of browser environments, covering a wide array of APIs and anti-detection features.
  • The project is tightly integrated with specific command-line interfaces (Codex, Claude CLI), requiring their prior setup.

Maintenance & Community

No specific details regarding project maintainers, community channels (e.g., Discord, Slack), roadmaps, or sponsorship were found in the provided README.

Licensing & Compatibility

The README does not specify a software license. Consequently, compatibility for commercial use or linking with closed-source projects remains undetermined.

Limitations & Caveats

The web-reverse-env module is explicitly marked as deprecated. The web-js-env-patcher skill requires careful management, with instructions to disable other skills to avoid conflicts. The project's reliance on external CLIs and specific environment variable configurations may present setup challenges for some users.

Health Check
Last Commit

4 days ago

Responsiveness

Inactive

Pull Requests (30d)
0
Issues (30d)
0
Star History
70 stars in the last 30 days

Explore Similar Projects

Feedback? Help us improve.