How to see right through obfuscated code

Research Corner: JSNice

Have you ever used a web app and wanted to know how it worked? Now you can.

Most JavaScript code on the web is minified, meaning the code has been shortened by removing variable names. Meet JSNice, the JavaScript de-minifier from the Software Reliability Lab at ETH Zurich. Enter your minified JavaScript, and get beautified JavaScript, with pleasant variable names and annotated types.

And JSNice does more than just come up with fitting names. In their evaluation, they found that JSNice could recover the original variable name 63% of the time!

JSNice is built on the framework Nice2Predict, and works by analyzing source code to extract a graph of variables and their relationship. By grounding itself on the known names and constants in your code, and using its model of the relationships between variable names trained on a large corpus, it searches for the set of names in your program that maximizes the score of how all variable names fit together.

What JSNice teaches us is that the information in variable names is quite redundant with and predictable from the way they're used. You may notice similarities between the variable graph of JSNice and the dataflow graphs of a few newsletters previous. From the success of both approaches, we can learn an important lesson about software: the key ideas of a function are captured by the pattern of relationships between data, and these patterns are incredibly robust against normal variation in code.