JavaScript Reverse Engineering Expert

Senior JavaScript reverse engineering expert, proficient in browser automation, code analysis and deobfuscation.

Core Capabilities

Reverse Engineering: obfuscated code analysis, VM cracking, Webpack unpacking, AST transformation
Browser Automation: Puppeteer/CDP, anti-detection, fingerprint spoofing
Encryption Identification: AES/RSA/MD5/SHA identification, parameter extraction, algorithm restoration
Anti-crawler Bypass: Canvas/WebGL fingerprinting, WebDriver hiding, behavior simulation
Debugging Analysis: CDP debugging, breakpoint analysis, dynamic tracing, Hook injection
Hook Injection: function interception, network monitoring, property hijacking, event tracing, anti-debugging bypass
Anti-detection Disguise: Stealth script injection, fingerprint spoofing, platform presets, WebDriver hiding
DOM Inspection: element query, structure analysis, clickable element positioning
Page Control: navigation, click, input, screenshot, performance monitoring

Working Principle

All commands invoke the tool by executing

node dist/skill.js <command> [args]

Features

Intelligent code collection - supports summary/priority/incremental modes to prevent Token overflow
AI-powered deobfuscation - supports 20+ obfuscation types, automatically restores code
Code semantic understanding - AI-assisted analysis of business logic and encryption algorithms
AI code summarization - single-file/batch/project-level summarization, automatically detects encryption/API/obfuscation features
Encryption algorithm detection - automatically identifies AES/RSA/MD5/SHA and custom algorithms
Browser automation - automatically detects and launches Chrome/Edge, supports any drive letter
Anti-detection disguise - 16 anti-detection features, 5 platform presets, Canvas/WebGL/AudioContext fingerprint spoofing
CDP debugger - complete breakpoint management, execution control, variable viewing
Script management - script list, source code acquisition, pattern search, content search
Runtime analysis - expression evaluation, scope variables, dynamic tracing
Statistics and cache - complete cache mechanism and statistical information
High performance - intelligent compression, incremental collection, on-demand loading

Tool Details

Code Collection

Tool	Description	Features
collect_code	Intelligent code collection	Automatically collects page inline scripts, external scripts, dynamically loaded scripts, intelligent summary mode (prevents Token overflow), priority mode (keyword priority), incremental mode (on-demand acquisition)
search_in_scripts	Keyword search	Regular expression search, context line count control, maximum match limit, highlighted matching results

Code Analysis

Tool	Description	Features
deobfuscate	AI-powered code deobfuscation	Supports 20+ obfuscation types, variable name restoration, control flow flattening restoration, string decryption, dead code elimination
understand	AI-assisted code semantic understanding	Business logic analysis, encryption algorithm identification, API call analysis, data flow tracing
summarize	AI-generated code summary	Single-file AI summary generation, batch file concurrent summary, project-level summary analysis, encryption/API/obfuscation feature detection, security risk assessment, complexity assessment and suggestions
detect_crypto	Detect and analyze encryption algorithms	Standard algorithm identification (AES/RSA/MD5/SHA), custom algorithm detection, parameter extraction, key location

Browser Control

Tool	Description	Features
browser_launch	Launch browser	Automatically detects Chrome/Edge, supports any drive letter (C-Z), multi-browser selection, CDP remote debugging connection, anti-detection script injection
browser_status	Get browser status	Connection status, current page information, CDP session status
browser_close	Close browser	Gracefully disconnect, clean up CDP sessions, process management

Debugging Analysis

Tool	Description	Features
debugger_control	Debugger control and status management	Enable/disable debugger, get debugger status, initialize advanced features, Watch expression management, XHR breakpoint management, event breakpoint management
breakpoint_manager	Breakpoint management	Set breakpoints by URL, set breakpoints by script ID, support conditional breakpoints, view breakpoint list, delete and clear breakpoints
execution_control	Execution control	Pause execution, resume execution, Step Into, Step Over, Step Out
runtime_evaluator	Runtime expression evaluation	Evaluate expressions in the current context, access global variables, access local variables, execute arbitrary JavaScript code
variable_inspector	Variable viewing and scope analysis	View current scope variables, view call frame variables, expand object properties, variable type identification
script_manager	Script management and source code acquisition	List all loaded scripts, get script source code, find scripts by URL pattern, search script content, support inline and external scripts

Anti-detection Disguise

Tool	Description	Features
stealth_inject	Inject anti-detection scripts	5 platform presets, Chrome 131+ UA string, hide navigator.webdriver, simulate window.chrome object, Canvas/WebGL/AudioContext fingerprint noise, navigator property consistency, Permissions/Battery/MediaDevices/Notifications/NetworkInformation API simulation, document.hasFocus() override, 16 independent controllable features
stealth_presets	Platform preset management	windows-chrome (Win10+Chrome131), mac-chrome (macOS+Chrome131), mac-safari (macOS+Safari18.2), linux-chrome (Linux+Chrome131), windows-edge (Win10+Edge131)

Data Management

Tool	Description	Features
stats	Get statistical information	Cache statistics (number of files, size, hit rate), compression statistics (compression rate, space saved), collection statistics (number of URLs, number of files)
clear	Clear all data	Clear file cache, clear compression cache, reset collection status

Command Reference

Code Collection and Search

bash

# 收集代码
collect <url>
collect <url> --smart-mode=summary
collect <url> --smart-mode=priority --priorities=encrypt,sign
collect <url> --compress --max-total-size=5000000

# 搜索脚本
search <keyword>
search "X-Bogus" --context=10
search "function.*encrypt" --regex --max-matches=50

Code Analysis

bash

# AI反混淆
deobfuscate <code>

# 代码理解
understand <code>
understand <code> --focus=security

# AI摘要
summarize code <code>
summarize collected
summarize collected --batch

# 加密检测
detect-crypto <code>

Browser Control

bash

browser launch          # 自动检测并启动
browser status          # 查看状态
browser close           # 关闭浏览器

Debugger

bash

# 调试器控制
debugger enable
debugger disable
debugger status
debugger init-advanced  # 初始化Watch/XHR/Event/Blackbox

# 断点管理
breakpoint set-url https://example.com/app.js 100
breakpoint set-url https://example.com/app.js 100 0 'x > 10'  # 条件断点
breakpoint set-script <scriptId> <line>
breakpoint list
breakpoint remove <id>
breakpoint clear

# 执行控制
debug-step pause
debug-step resume
debug-step into         # 单步进入
debug-step over         # 单步跳过
debug-step out          # 单步跳出

# 表达式求值
debug-eval window.location.href
debug-eval document.cookie
debug-eval JSON.stringify(userData)

# 变量查看
debug-vars
debug-vars <callFrameId>

Script Management

bash

script list             # 列出所有已加载脚本
script get <scriptId>   # 获取脚本源码
script find *app.js     # 按URL模式查找
script search encrypt   # 搜索脚本内容

Hook Injection

bash

# 快速生成
hook generate function encryptData
hook generate fetch */api/*
hook generate xhr *sign*
hook generate property window.navigator
hook generate cookie
hook generate websocket
hook generate eval
hook generate timer

# 管理
hook list
hook remove <id>
hook enable <id>
hook disable <id>
hook clear
hook anti-debug         # 反调试绕过
hook export json
hook-data               # 查看捕获数据
hook-data <hookId>
hook-types              # 列出Hook类型

Watch Expressions

bash

watch add "window.location.href" "当前URL"
watch add "userData.token"
watch list
watch evaluate          # 求值所有监视表达式
watch remove <id>
watch export
watch import <json>
watch clear

XHR Breakpoints

bash

xhr-breakpoint set */api/*
xhr-breakpoint set *sign*
xhr-breakpoint list
xhr-breakpoint remove <id>
xhr-breakpoint clear

Event Breakpoints

bash

event-breakpoint set click
event-breakpoint set-mouse       # 所有鼠标事件
event-breakpoint set-keyboard    # 所有键盘事件
event-breakpoint set-timer       # 定时器事件
event-breakpoint set-websocket   # WebSocket事件
event-breakpoint list
event-breakpoint remove <id>
event-breakpoint clear

Script Blackboxing

bash

blackbox set *jquery*.js
blackbox set *node_modules/*
blackbox set-common     # 黑盒化常用库
blackbox list
blackbox remove <pattern>
blackbox clear

Anti-detection Disguise

bash

stealth inject                          # 默认注入
stealth inject-preset windows-chrome    # 平台预设
stealth inject-preset mac-safari
stealth inject-preset mac-chrome
stealth inject-preset linux-chrome
stealth inject-preset windows-edge
stealth set-ua windows                  # 设置User-Agent
stealth presets                         # 列出预设
stealth status                          # 注入状态
stealth features                        # 列出所有功能

Anti-detection features (16 items):

Feature	Description
hideWebdriver	Hide `navigator.webdriver` property
mockChrome	Simulate `window.chrome` object
canvasNoise	Canvas session-level random seed fingerprint noise
webglVendor	Override WebGL vendor and renderer
audioNoise	AudioContext fingerprint noise
navigatorProps	Consistent platform/vendor/core count/memory
permissionsAPI	Fix Permissions API detection
batteryAPI	Simulate Battery API
mediaDevices	Simulate media devices
notifications	Simulate Notifications API
networkInfo	Simulate Network Information API
hasFocus	Override `document.hasFocus()`

DOM Inspector

bash

dom query #login-button
dom query-all .product-item 20
dom structure 3 true            # 深度3，包含文本
dom clickable 登录               # 按文本查找可点击元素
dom style #header
dom wait .loading-spinner 5000  # 等待元素出现

Page Controller

bash

page navigate https://example.com
page reload
page back
page forward
page click #submit-button
page type #username admin
page select #country US
page hover .menu-item
page scroll 0 500
page wait-selector .result
page wait-nav
page eval document.title
page url
page title
page content
page screenshot output.png
page metrics

Tool Commands

bash

stats                   # 收集和缓存统计
stats --type=cache
clear                   # 清除所有数据

Reverse Engineering Workflow

Core Concept

The essence of reverse engineering: understand requirements → locate targets → analyze implementation → reproduce logic

Core technique: deduce the process from the result

See encrypted parameters → deduce the generation function
See obfuscated code → deduce the original logic
See network requests → deduce the call chain

Standard Process

1. Launch browser and collect
   browser launch
   collect https://target.com

2. Quick reconnaissance
   search "encrypt"
   search "sign"
   search "token"
   detect-crypto <suspicious_code>

3. Locate target function
   script list
   script find *app*.js
   script search "X-Bogus"

4. Dynamic analysis
   debugger enable
   breakpoint set-url https://target.com/app.js 1234
   xhr-breakpoint set */api/sign*
   debug-step pause → into → over
   debug-vars
   debug-eval <expression>

5. Hook monitoring
   hook generate function encryptData
   hook generate fetch */api/*
   hook-data

6. Deobfuscation and understanding
   deobfuscate <obfuscated_code>
   understand <clean_code> --focus=security

7. Reproduce logic
   Reproduce encryption/signature logic based on analysis results

Best Practices

Use intelligent summary mode to avoid excessive data size
Prioritize collecting key code (encrypt, crypto, sign)
Use incremental mode to obtain on demand
Deduce the process from the result to avoid blind debugging
Use breakpoints and variable viewing for dynamic analysis
Use dom commands to locate page elements to avoid blind clicks
Use page commands for page interaction and automation operations

Environmental Requirements

Node.js >= 18.0.0
Browser: Chrome or Edge (automatic detection)
Dependencies: puppeteer, openai or anthropic (for AI features)

Configuration

Environment variables are configured in the

.env

file:

Variable	Description
`OPENAI_API_KEY`	OpenAI API key (optional)
`ANTHROPIC_API_KEY`	Anthropic API key (optional)
`DEFAULT_LLM_PROVIDER`	Default LLM provider (openai/anthropic)
`REMOTE_DEBUGGING_PORT`	Remote debugging port (default 9222)

Troubleshooting

Browser launch failed

Check if Chrome/Edge is installed
Check if port 9222 is occupied
Try using external browser mode

AI analysis failed

Check if the API key is configured correctly
Check network connection
Check if API quota is sufficient

DOM query failed

Ensure the browser is launched
Ensure the page is fully loaded
Check if the selector is correct

jshook-reverse

NPX Install

Tags

SKILL.md Content (Chinese)

JavaScript Reverse Engineering Expert

Core Capabilities

Working Principle

Features

Tool Details

Code Collection

Code Analysis

Browser Control

Debugging Analysis

Anti-detection Disguise

Data Management

Command Reference

Code Collection and Search

Code Analysis

Browser Control

Debugger

Script Management

Hook Injection

Watch Expressions

XHR Breakpoints

Event Breakpoints

Script Blackboxing

Anti-detection Disguise

DOM Inspector

Page Controller

Tool Commands

Reverse Engineering Workflow

Core Concept

Standard Process

Best Practices

Environmental Requirements

Configuration

Troubleshooting

Browser launch failed

AI analysis failed

DOM query failed