xbsReverseSkill: A Comprehensive Toolkit for Web / JS Reverse Engineering

Introduction

xbsReverseSkill is a skill repository focused on Web/JS reverse analysis. It provides three core capability modules that can be used with tools such as Codex and Claude CLI to solve deobfuscation, algorithm/protocol analysis, and browser environment repair problems.

1. AST Deobfuscation

Implemented with Babel AST, this module offers layered, reversible deobfuscation targeting common obfuscation patterns:

Basic obfuscation: identifiers like _0x, string tables, self‑executing decode wrappers, dispatcher objects, fake branches, etc.

Control‑flow obfuscation: flattening using while/for + switch and dispatch chains such as if (literal === opcode).

Site‑specific adaptations: custom pattern recognition and pipeline scripts for families such as reese84, DingXiang, Geetest 4, Tonghuashun, NetEase Yidun, Xiaohongshu, OB variants.

2. Web‑Reverse‑Algorithm

This module concentrates on pure algorithm and protocol analysis in Web/JS reverse engineering, covering:

Complex header/cookie signatures, mixed encryption, JSVMP/VMP, Wasm, PoW, response decryption, captcha parameter reconstruction, challenge/verify flow analysis.

Link backtracking from final request/output to the full chain of writer, builder, entry, and source.

Result encapsulation as solvers, SDKs, scripts, or services.

3. Web‑Reverse‑Env

Designed for scenarios with missing browser environment, anti‑detection, or risk‑control evasion, this module offers modular environment construction and repair:

Core abilities: Proxy‑based environment injection, prototype‑chain fixing, native toString protection, descriptor protection.

Environment coverage: modular reconstruction of navigator, document, storage, canvas, WebGL, crypto, performance, WebRTC and other core browser objects.

Problem solving: fills missing browser objects, defeats detection, aligns fingerprints, and repairs high‑strength risk‑control environments.

Usage Example

claude

/ast-deobfuscation 反混淆 ob.js