Bytecode

A reverse engineering tool for analyzing JavaScript bytecode files (.jsc) compiled with the SpiderMonkey engine. Features bytecode disassembly and optional LLM-powered JavaScript reconstruction.

In Cocos apps the encryption key sits in the rodata section of the library and the original source code can be recovered. Ironically, when a Cocos app omits encryption it was harder to reverse because the JavaScript ships as bytecode and no disassembler existed.

github.com/zboralski/spidermonkey-dumper

Works with SpiderMonkey 33.1.1 and Cocos2d-JS v3.17.

Here is an example where you can see an uncloaking check in the disassembly:

00031  getprop      "country"
00036  string       "VN"
0003B  ne
0003C  ifeq         loc_00056 (+26)                         ; if (!=)

And here is the LLM decompilation:

// SplashScene.checkGame/<
SplashScene.prototype.checkGame$ = function () {
    if (this.country !== "VN") return cc.game.loadGame();
    var success = true;
    this.checkUpdate(success);
    return !success;
};

SpiderMonkey Dumper