JSUnFuck

()+
[]!

JSFuck decoder. Executes (not really) the input in a controlled environment and extracts the generated JavaScript source code.

How it works

JSFuck executes the generated payload using one of two mechanisms:

1. eval

• Used when Eval Source and Run In Parent Scope are enabled
• Payload is executed via eval(code)

2. Array.prototype.at.constructor

• Used when Run In Parent Scope is unchecked
• Resolved indirectly via:

[]["at"]["constructor"](payload)()

This bypasses simple hooks on eval and global Function.

JSUnFuck intercepts both execution paths:

• eval is temporarily replaced to capture the code passed to it
• Array.prototype.at.constructor is temporarily replaced to intercept indirect function constructor calls

Instead of executing the payload, the tool extracts the generated JavaScript source and prints it to the output.

If no execution path is triggered, the input is treated as a pure JSFuck expression and evaluated as a value.

Just show me the code → unfuck.js | test.html

Security

This tool is conditionally safe.

Safe

• When the input is pure JSFuck generated by jsfuck.com
• The tool intercepts execution before any meaningful code runs

Unsafe

• If arbitrary JavaScript code is inserted instead of real JSFuck
• In that case, the code may execute before interception

Links

• View JSFuck on GitHub
• Follow @aemkei (Martin Kleppe)

JSFuck Basics

• false => ![]
• true => !![]
• undefined => [][[]]
• NaN => +[![]]
• 0 => +[]
• 1 => +!+[]
• 2 => !+[]+!+[]
• 10 => [+!+[]]+[+[]]
• Array => []
• Number => +[]
• String => []+[]
• Boolean => ![]
• Function => []["filter"]
• eval => []["filter"]["constructor"]( CODE )()
• window => []["filter"]["constructor"]("return this")()

See the full reference list here.