# HumanifyJS
> Deobfuscate Javascript code using LLMs ("AI")

This tool uses large language modeles (like ChatGPT & llama) and other tools to
deobfuscate, unminify, transpile, decompile and unpack Javascript code. Note
that LLMs don't perform any structural changes – they only provide hints to
rename variables and functions. The heavy lifting is done by Babel on AST level
to ensure code stays 1-1 equivalent.

### Version 2 is out! 🎉

v2 highlights compared to v1:
* Python not required anymore!
* A lot of tests, the codebase is actually maintanable now
* Renewed CLI tool `humanify` installable via npm

### ➡️ Check out the [introduction blog post][blogpost] for in-depth explanation!

[blogpost]: https://thejunkland.com/blog/using-llms-to-reverse-javascript-minification

## Example

Given the following minified code:

```javascript
function a(e,t){var n=[];var r=e.length;var i=0;for(;i<r;i+=t){if(i+t<r){n.push(e.substring(i,i+t))}else{n.push(e.substring(i,r))}}return n}
```

The tool will output a human-readable version:

```javascript
function splitString(inputString, chunkSize) {
  var chunks = [];
  var stringLength = inputString.length;
  var startIndex = 0;
  for (; startIndex < stringLength; startIndex += chunkSize) {
    if (startIndex + chunkSize < stringLength) {
      chunks.push(inputString.substring(startIndex, startIndex + chunkSize));
    } else {
      chunks.push(inputString.substring(startIndex, stringLength));
    }
  }
  return chunks;
}
```

🚨 **NOTE:** 🚨

Large files may take some time to process and use a lot of tokens if you use
ChatGPT. For a rough estimate, the tool takes about 2 tokens per character to
process a file:

```shell
echo "$((2 * $(wc -c < yourscript.min.js)))"
```

So for refrence: a minified `bootstrap.min.js` would take about $0.5 to
un-minify using ChatGPT.

Using `humanify local` is of course free, but may take more time, be less
accurate and not possible with your existing hardware.

## Getting started

### Installation

Prerequisites:
* Node.js >=20

The preferred whay to install the tool is via npm:

```shell
npm install -g humanifyjs
```

This installs the tool to your machine globally. After the installation is done,
you should be able to run the tool via:

```shell
humanify
```

If you want to try it out before installing, you can run it using `npx`:

```
npx humanifyjs
```

This will download the tool and run it locally. Note that all examples here
expect the tool to be installed globally, but they should work by replacing
`humanify` with `npx humanifyjs` as well.

### Usage

Next you'll need to decide whether to use `openai`, `gemini` or `local` mode. In a
nutshell:

* `openai` or `gemini` mode
  * Runs on someone else's computer that's specifically optimized for this kind
    of things
  * Costs money depending on the length of your code
  * Is more accurate
* `local` mode
  * Runs locally
  * Is free
  * Is less accurate
  * Runs as fast as your GPU does (it also runs on CPU, but may be very slow)

See instructions below for each option:

### OpenAI mode

You'll need a ChatGPT API key. You can get one by signing up at
https://openai.com/.

There are several ways to provide the API key to the tool:
```shell
humanify openai --apiKey="your-token" obfuscated-file.js
```

Alternatively you can also use an environment variable `OPENAI_API_KEY`. Use
`humanify --help` to see all available options.

### Gemini mode

You'll need a Google AI Studio key. You can get one by signing up at
https://aistudio.google.com/.

You need to provice the API key to the tool:

```shell
humanify gemini --apiKey="your-token" obfuscated-file.js
```

Alternatively you can also use an environment variable `GEMINI_API_KEY`. Use
`humanify --help` to see all available options.

### Local mode

The local mode uses a pre-trained language model to deobfuscate the code. The
model is not included in the repository due to its size, but you can download it
using the following command:

```shell
humanify download 2b
```

This downloads the `2b` model to your local machine. This is only needed to do
once. You can also choose to download other models depending on your local
resources. List the available models using `humanify download`.

After downloading the model, you can run the tool with:

```shell
humanify local obfuscated-file.js
```

This uses your local GPU to deobfuscate the code. If you don't have a GPU, the
tool will automatically fall back to CPU mode. Note that using a GPU speeds up
the process significantly.

Humanify has native support for Apple's M-series chips, and can fully utilize
the GPU capabilities of your Mac.

## Features

The main features of the tool are:
* Uses ChatGPT functions/local models to get smart suggestions to rename
  variable and function names
* Uses custom and off-the-shelf Babel plugins to perform AST-level unmanging
* Uses Webcrack to unbundle Webpack bundles

## Contributing

If you'd like to contribute, please fork the repository and use a feature
branch. Pull requests are warmly welcome.

## Licensing

The code in this project is licensed under MIT license.