Shellcode & RE / jsDecode

jsDecode

jsDecode is a small utility for analyzing encoded JavaScript blocks.

It works by hooking eval, document.write, and document.writeln — common functions used by encoded scripts to rewrite themselves on the fly.

At each stage, the hooked output is displayed in the top log window, where you can choose to load and execute it again if required. The lower textarea is for JavaScript commands only — you must remove the <script> block tags for it to work.

VM only. This tool was designed and tested with IE7 (also works with IE6). Because the decoder uses IE and executes possibly malicious scripts directly, only use this in a VM. Malicious scripts can easily detect its presence and bypass it if they want to.

This is just a quick shortcut, nothing fancy. See the included samples and the help link for more.