0

I want to analyze a large and confusing JS code. The code is heavily obfuscated and even tools like JStillery cannot work with it.

I would like to somehow build one of the open JS-interpreters, run it outside the browser and debug in more traditional ways, if necessary, applying patches inside the interpreter.

Unfortunately, the code uses DOM and cannot be executed without a browser.

The question is: are there any known techniques to take any external engine (such as V7, V8, DukTape, JerryScript, MuJS, quad-wheel, QuickJS, tiny-js, ...) and run code inside them that contains calls to DOM and other browser parts?

Improve this question

1 Answer 1

Reset to default
0

There are pure-JavaScript implementations of the DOM, such as https://github.com/jsdom/jsdom. Not sure how useful that is for your use case, but it does address your primary question: it allows you to run JavaScript that assumes a browser environment outside the browser environment.

I believe jsdom is fairly accurate in its implementation; there are other implementations out there that are more mock-like. Either way, there are probably some remaining differences, so heavily obfuscated code may well include mechanisms to detect emulated environments...

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.