Has anyone used an LLM to deobfuscate compiled Javascript?

lelanthran · 2026-04-16T10:15:03 1776334503

> Has anyone used an LLM to deobfuscate compiled Javascript?

Seems like a waste of money; wouldn't it be better to extract the AST deterministically, write it out and only then ask an LLM to change those auto-generated symbol names with meaningful names?

heeen2 · 2026-04-16T08:31:43 1776328303

yes, but it requires some nudging if you don't want to waste tokens. it will happily grep and sed through massive javascript bundles but if you tell it to first create tooling like babel scripts to format, it will be much quicker.

echelon · 2026-04-17T03:22:49 1776396169

> but if you tell it to first create tooling like babel scripts to format, it will be much quicker.

Can you expand on this? Is that existing tooling for deminification?

heeen2 · 2026-04-24T09:05:23 1777021523

for me it was custom scripts looking for data in minified bundles and refactoring for easier protocol reverse engineering, e.g. https://github.com/echtzeit-solutions/monsgeek-akko-linux/bl...

saagarjha · 2026-04-16T07:51:19 1776325879

I've used it for hobby efforts on Electron/React Native (Hermes bytecode) apps and it seems to work reasonably well

bitexploder · 2026-04-16T02:42:10 1776307330

Yep. They are good at it.