AI Agents defeat obfuscated JavaScript in 10 minutes
AI agents have successfully defeated obfuscated JavaScript code in a matter of minutes. The experiment demonstrated that an LLM agent could recover clean source code from complex obfuscation techniques. This breakthrough challenges previous claims that AI cannot handle such tasks effectively.
- ▪An AI agent named Claude Code was able to deobfuscate JavaScript code in approximately 10 minutes.
- ▪The first target was a custom VM with nine defense layers, which Claude successfully navigated to recover the original function.
- ▪The second target involved a commercial enterprise obfuscator, where Claude also managed to map the structure and recover the code.
Opening excerpt (first ~120 words) tap to expand
try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 525098) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } Nikita Savchenko Posted on May 20 AI Agents defeat obfuscated JavaScript in 10 minutes #webdev #ai #javascript #security This is a focused write-up of an experiment I ran on the AfterPack blog - the full four-paragraph prompts, the 883-line script that failed, the bytecode disassembly, the recovered source for both targets. Here I want to get to why it worked, and what that changes.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV.to (Top).