 Hello, I'm BDS Davens and in this video I'm going to show you my modified version of SpiderMonkey. SpiderMonkey is a JavaScript engine developed by Mozilla and I made several changes to it, so let's take a look. And in this demo I want to show you the modifications that I made over the years to SpiderMonkey to help with reverse engineering obfuscated JavaScript code. So now you have two versions of my SpiderMonkey. You have the ASCII version and the file version. And they are mainly the same. Let's start with Java ASCII. So this is SpiderMonkey. And now I've patched some functions and added new functions, like for example I've patched the eval function. For example, if I say eval 1 plus 2, here you get result like usually number 3, value 3. But then here you also get a printout that tells you what value, what argument was passed to eval. You can see here the hexadecimal dump of that argument and here the ASCII and then the size here. So of course we know that 1 plus 2 was passed because we passed that in clear readable text, but when it's obfuscated it can be a different thing. Like for example here, let me show you some small obfuscated code. This here, this is an eval of this string and this is actually print hello world in reverse. So when we execute this, we see here the result hello world and here in the hex ASCII dump you can see the argument that was passed with print hello world. So here this is the unobfuscated code and here you have obfuscated code. It's reversed the string and when the string is reversed by these expressions, then you get this result. So by default the SpiderMonkey version javascript ASCII will do an hexadecimal ASCII dump. You can change that output by saying document output x for example and then you will have an hexadecimal dump like this. You can also dump the raw value of the binary data like this and then here you get the ASCII here. So these are the three options to output to the console. You can also output to file and that is why there is also a SpiderMonkey javascript ASCII file version because that one will output to file by default. So you would do that then for example with F like this and then when you do any val then it is written to disk like my previous versions of SpiderMonkey. You can also remove the delimiters. So let's return to a hexadecimal ASCII dump like this. And then here you have those delimiters, here the lines. You can choose to remove these by saying uppercase a like this. And uppercase a just outputs the hex ASCII dump without any rules or size. You can do the same of course for hexadecimal and dump like this. So these are the new options in SpiderMonkey. So now you have console output and if you want to use SpiderMonkey like it used to be that it always writes to disk then you use the js.file version. This version will by default always write to file. But if you prefer this new version like I do that outputs to screen then you use js.js-hasky. Now just to be complete the eval function I patched this so that you can get this ASCII or hexadecimal dump output. I also introduced in this version of SpiderMonkey two other methods and they can help you also with the obfuscating javascript code. And these functions are document write. That is one that I implemented like this. So let's remove the eval. Here we have a syntax error. Yeah, I have to remove that parenthesis like that. I see it's so document write. Of course like eval it is directed by this output variable like this here. And then you also have window navigate. That's another one that I implemented like this. Here we do it interactively but you can also pipe data into SpiderMonkey via the command line. So let's do that. I have here in demo.js or javascript and I can say for example now type demo.js and pipe this into SpiderMonkey like this. You can also do that with zip files and pipe the content of zip files into SpiderMonkey. For example if your sample is in a password protected zip file and for that I use my zipdump tool. So I will dump the content here. So this is a zipdump that extracts the content of the first file. And now I can again pipe this into SpiderMonkey like this. If you want to change the output format here you can also do that with SpiderMonkey. So you run the command and you say that you want to execute a statement. So in the statement that we are going to execute is document output for example hexadecimal. That's a statement that we execute and then we execute the script that is passed via standard in like this.