May 18, 2012

Revelo: The Javascript Deobfuscator!

Analysing highly obfuscated the likes of exploit packs, obfuscated scriptwares et al. can be very difficult some times. In times like these, the aptly named Revelo can help. Revelo is Latin for “reveal”. The purpose of this tool is to assist the user in analyzing obfuscated JavaScript code, particularly those that redirect the browser to malicious URLs.

Revelo is not as full fledged as MalZilla. But I guess, doing what the now defunct MalZilla does is it’s purpose any way. Revelo automates some of the manual changes that are needed to de-obfuscate the script code. It is not a script debugger, just more like a set of tools to de-obfuscate scripts. Revelo by writing the JavaScript with some user-based modifcations to an HTML file, opening the file inside of the tool, and extracting the de-obfuscated elements using the Internet Explorer engine. All this is done, while allowing the  user to make choices based on his/her understanding of the obfuscated script.

Revelo in action:
Click Here

Revelo 0.3
Features of Revelo:

    Analyze a script quickly by loading a file or pasting in JavaScript code
    Includes several methods to de-obfuscate JavaScript
    Includes a built-in browser proxy which displays the URL of outgoing requests
    Displays the Document Object Model (DOM) elements
    Includes a packet sniffer which logs incoming and outgoing requests
    Includes a software firewall to prevent the program from accessing Internet content accidentally
    Ability to act as a web proxy to catch and block redirects
    Beautifies JavaScript code to make it more readable
    Ability to clear the browser cookies
    Ability to spoof the user-agent string

While this tool does have some protections built into it, it may execute malicious code that could harm your computer. So use it in a virtual machine. It has been tested to run on Windows XP systems. Features such as built-in firewall to protect a user from accidental redirects can also help. Revelo has a built-in packet sniffer and proxy so that the resulting HTTP request can be captured without actually visiting the site. It can also reveal the actual de-obfuscated code and has a built-in JavaScript beautifier. Revelo can help you the key elements of the JavaScript or even walk the DOM tree! It contains the free and the light on system Enigma Virtual Box among other activex controls.

From the looks of it, Revelo runs into a few problems on the Windows 7 operating system. But, if you use it as prescribed in a Windows XP VM (like we did), you wont face any problems.

Download Revelo:

Revelo v0.3 – Revelo –


If you like my blog, Please Donate Me

No comments: