AI Agents defeat obfuscated JavaScript in 10 minutes

This is a focused write-up of an experiment I ran on the AfterPack blog - the full four-paragraph prompts, the 883-line script that failed, the bytecode disassembly, the recovered source for both targets. Here I want to get to why it worked, and what that changes.

An LLM agent that can run the obfuscated code defeats it in minutes - recovered clean source from two JS obfuscators, on the vendors' own published demo files, in 10 and 20 minutes. One of those was a commercial enterprise product whose own marketing has argued AI can't do this; that argument is accurate about a chatbot, not about an agent that writes and runs scripts.

So I gave Claude Code two obfuscated files and one prompt each, and let it actually execute things.

Target one: a custom VM with nine defense layers

The first target: 1,587 lines, 68 KB of obfuscated output (~194× the 13-line calculatePrice(quantity, unitPrice) input - the function an open-source obfuscator publishes on its landing page to show off VM mode), recovered to source in ~10 minutes. Inside: nine composable defense layers wrapped around a ~1,500-line custom stack-based VM interpreter.