/View8

View8 - Decompiles serialized V8 objects back into high-level readable code.

Primary LanguagePython

View8

View8 is a static analysis tool designed to decompile serialized V8 bytecode objects (JSC files) into high-level readable code. To parse and disassemble these serialized objects, View8 utilizes a patched compiled V8 binary. As a result, View8 produces a textual output similar to JavaScript.

Requirements

  • Python 3.x
  • Disassembler binary. Available versions:
    • V8 Version 9.4.146.24 (Used in Node V16.x)
    • V8 Version 10.2.154.26 (Used in Node V18.x)
    • V8 Version 11.3.244.8 (Used in Node V20.x)

For compiled versions, visit the releases page.

Usage

Command-Line Arguments

  • input_file: The input file name.
  • output_file: The output file name.
  • --path, -p: Path to disassembler binary (optional).
  • --disassembled, -d: Indicate if the input file is already disassembled (optional).
  • --export_format, -e: Specify the export format(s). Options are v8_opcode, translated, and decompiled. Multiple options can be combined (optional, default: decompiled).

Basic Usage

To decompile a V8 bytecode file and export the decompiled code:

python view8.py input_file output_file

Disassembler Path

By default, view8 detects the V8 bytecode version of the input file (using VersionDetector.exe) and automatically searches for a compatible disassembler binary in the Bin folder. This can be changed by specifing a different disassembler binary, use the --path (or -p) option:

python view8.py input_file output_file --path /path/to/disassembler

Processing Disassembled Files

To skip the disassembling process and provide an already disassembled file as the input, use the --disassembled (or -d) flag:

python view8.py input_file output_file --disassembled

Export Formats

Specify the export format(s) using the --export_format (or -e) option. You can combine multiple formats:

  • v8_opcode
  • translated
  • decompiled

For example, to export both V8 opcodes and decompiled code side by side:

python view8.py input_file output_file -e v8_opcode decompiled

By default, the format used is decompiled.

VersionDetector.exe

The V8 bytecode version is stored as a hash at the beginning of the file. Below are the options available for VersionDetector.exe:

  • -h: Retrieves a version and returns its hash.
  • -d: Retrieves a hash (little-endian) and returns its corresponding version using brute force.
  • -f: Retrieves a file and returns its version.