Image for post
Image for post

Preview release of shift-refactor

Transform, manipulate, and deobfuscate JavaScript with shift-refactor

Jarrod Overson
Aug 9, 2019 · 3 min read

For the last few weeks I have live streamed several reverse engineering and deobfuscation sessions. In these sessions I’ve been using an up-til-now unpublished library.

Today I am publishing a preview version of shift-refactor that you can install via npm:

$ npm install shift-refactor

What does shift-refactor do?

refactor.rename(`IdentifierExpression[name=”oldName”]`, "newName")

I built shift-refactor to help with reverse engineering JavaScript. Reverse engineering means walking through source and identifying its purpose all while navigating traps, pitfalls, and dead ends. What this means in practice is a lot of backtracking and, by hand, that means a lot of CTRL-Z-ing. Codifying reverse engineering operations means that you have a breadcrumb trail to share, fork, and comment.

Who is shift-refactor for?

How can I use it?

$ npm install shift-refactor shift-parser

Parse the target JavaScript and pass it as an argument to create a new RefactorSession. A RefactorSession is a way to store transformations for an AST. All transformations happen off a RefactorSession instance and you generate new source anytime via .print().

const { RefactorSession } = require('shift-refactor');
const { parseScript } = require('shift-parser');
const fs = require('fs');const fileContents = fs.readFileSync('./source.js', 'utf8');const tree = parseScript(fileContents);const refactor = new RefactorSession(tree);refactor.rename('IdentifierExpression[name="oldName"]', 'newName');refactor.insertBefore(
`ExpressionStatement[expression.type="CallExpression"]`,
node => `console.log("Calling ${node.expression.callee.name}()")`
);
console.log(refactor.print());

The above code will turn

oldName();
otherFunction();

Into

console.log("Calling newName()");
newName();
console.log("Calling otherFunction()");
otherFunction();

The README has many more examples, check them out!

I don’t expect many changes between the preview and release. shift-refactor will sit in preview for a few more weeks while I tune the API. This library is a cleaned up version of code that I’ve been using separately for months. The livestream helps me test the API on real world scenarios. Now that it is released you can play around with the concepts yourself!

Jarrod Overson

Written by

I write about JavaScript, Reverse Engineering, Security, and Credential Stuffing. Also a speaker, O'Reilly Author, creator of Plato, Director at Shape Security.

Jarrod Overson

Written by

I write about JavaScript, Reverse Engineering, Security, and Credential Stuffing. Also a speaker, O'Reilly Author, creator of Plato, Director at Shape Security.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store