CASCADE: LLM-Powered JavaScript Deobfuscator at Google Article Swipe
Shan Jiang
,
Pranoy Kovuri
,
Dayun Tao
,
Zhong Tan
·
YOU?
·
· 2025
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2507.17691
YOU?
·
· 2025
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2507.17691
Software obfuscation, particularly prevalent in JavaScript, hinders code comprehension and analysis, posing significant challenges to software testing, static analysis, and malware detection. This paper introduces CASCADE, a novel hybrid approach that integrates the advanced coding capabilities of Gemini with the deterministic transformation capabilities of a compiler Intermediate Representation (IR), specifically JavaScript IR (JSIR). By employing Gemini to identify critical prelude functions, the foundational components underlying the most prevalent obfuscation techniques, and leveraging JSIR for subsequent code transformations, CASCADE effectively recovers semantic elements like original strings and API names, and reveals original program behaviors. This method overcomes limitations of existing static and dynamic deobfuscation techniques, eliminating hundreds to thousands of hardcoded rules while achieving reliability and flexibility. CASCADE is already deployed in Google's production environment, demonstrating substantial improvements in JavaScript deobfuscation efficiency and reducing reverse engineering efforts.
Related Topics
Concepts
No concepts available.
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2507.17691
- https://arxiv.org/pdf/2507.17691
- OA Status
- green
- OpenAlex ID
- https://openalex.org/W4414886040
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W4414886040Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.2507.17691Digital Object Identifier
- Title
-
CASCADE: LLM-Powered JavaScript Deobfuscator at GoogleWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2025Year of publication
- Publication date
-
2025-07-23Full publication date if available
- Authors
-
Shan Jiang, Pranoy Kovuri, Dayun Tao, Zhong TanList of authors in order
- Landing page
-
https://arxiv.org/abs/2507.17691Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2507.17691Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2507.17691Direct OA link when available
- Cited by
-
0Total citation count in OpenAlex
Full payload
| id | https://openalex.org/W4414886040 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.2507.17691 |
| ids.doi | https://doi.org/10.48550/arxiv.2507.17691 |
| ids.openalex | https://openalex.org/W4414886040 |
| fwci | |
| type | preprint |
| title | CASCADE: LLM-Powered JavaScript Deobfuscator at Google |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T12479 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.930899977684021 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1710 |
| topics[0].subfield.display_name | Information Systems |
| topics[0].display_name | Web Application Security Vulnerabilities |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2507.17691 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | |
| locations[0].pdf_url | https://arxiv.org/pdf/2507.17691 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | text |
| locations[0].license_id | |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2507.17691 |
| locations[1].id | doi:10.48550/arxiv.2507.17691 |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400194 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | True |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | arXiv (Cornell University) |
| locations[1].source.host_organization | https://openalex.org/I205783295 |
| locations[1].source.host_organization_name | Cornell University |
| locations[1].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[1].license | cc-by |
| locations[1].pdf_url | |
| locations[1].version | |
| locations[1].raw_type | article |
| locations[1].license_id | https://openalex.org/licenses/cc-by |
| locations[1].is_accepted | False |
| locations[1].is_published | |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://doi.org/10.48550/arxiv.2507.17691 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5055870001 |
| authorships[0].author.orcid | https://orcid.org/0000-0002-4727-4856 |
| authorships[0].author.display_name | Shan Jiang |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Jiang, Shan |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5119874895 |
| authorships[1].author.orcid | |
| authorships[1].author.display_name | Pranoy Kovuri |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Kovuri, Pranoy |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5082624648 |
| authorships[2].author.orcid | https://orcid.org/0000-0002-8884-1589 |
| authorships[2].author.display_name | Dayun Tao |
| authorships[2].author_position | middle |
| authorships[2].raw_author_name | Tao, David |
| authorships[2].is_corresponding | False |
| authorships[3].author.id | https://openalex.org/A5089485623 |
| authorships[3].author.orcid | https://orcid.org/0000-0002-5028-0181 |
| authorships[3].author.display_name | Zhong Tan |
| authorships[3].author_position | last |
| authorships[3].raw_author_name | Tan, Zhixun |
| authorships[3].is_corresponding | False |
| has_content.pdf | False |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2507.17691 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2025-10-10T00:00:00 |
| display_name | CASCADE: LLM-Powered JavaScript Deobfuscator at Google |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T12479 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.930899977684021 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1710 |
| primary_topic.subfield.display_name | Information Systems |
| primary_topic.display_name | Web Application Security Vulnerabilities |
| cited_by_count | 0 |
| locations_count | 2 |
| best_oa_location.id | pmh:oai:arXiv.org:2507.17691 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2507.17691 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | text |
| best_oa_location.license_id | |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2507.17691 |
| primary_location.id | pmh:oai:arXiv.org:2507.17691 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | |
| primary_location.pdf_url | https://arxiv.org/pdf/2507.17691 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | text |
| primary_location.license_id | |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2507.17691 |
| publication_date | 2025-07-23 |
| publication_year | 2025 |
| referenced_works_count | 0 |
| abstract_inverted_index.a | 26, 44 |
| abstract_inverted_index.By | 53 |
| abstract_inverted_index.IR | 51 |
| abstract_inverted_index.in | 4, 120, 127 |
| abstract_inverted_index.is | 117 |
| abstract_inverted_index.of | 36, 43, 97, 108 |
| abstract_inverted_index.to | 14, 56, 106 |
| abstract_inverted_index.API | 86 |
| abstract_inverted_index.and | 9, 19, 70, 85, 88, 100, 114, 131 |
| abstract_inverted_index.for | 73 |
| abstract_inverted_index.the | 32, 39, 61, 65 |
| abstract_inverted_index.JSIR | 72 |
| abstract_inverted_index.This | 22, 93 |
| abstract_inverted_index.code | 7, 75 |
| abstract_inverted_index.like | 82 |
| abstract_inverted_index.most | 66 |
| abstract_inverted_index.that | 30 |
| abstract_inverted_index.with | 38 |
| abstract_inverted_index.(IR), | 48 |
| abstract_inverted_index.novel | 27 |
| abstract_inverted_index.paper | 23 |
| abstract_inverted_index.rules | 110 |
| abstract_inverted_index.while | 111 |
| abstract_inverted_index.Gemini | 37, 55 |
| abstract_inverted_index.coding | 34 |
| abstract_inverted_index.hybrid | 28 |
| abstract_inverted_index.method | 94 |
| abstract_inverted_index.names, | 87 |
| abstract_inverted_index.posing | 11 |
| abstract_inverted_index.static | 17, 99 |
| abstract_inverted_index.(JSIR). | 52 |
| abstract_inverted_index.CASCADE | 77, 116 |
| abstract_inverted_index.already | 118 |
| abstract_inverted_index.dynamic | 101 |
| abstract_inverted_index.hinders | 6 |
| abstract_inverted_index.malware | 20 |
| abstract_inverted_index.prelude | 59 |
| abstract_inverted_index.program | 91 |
| abstract_inverted_index.reveals | 89 |
| abstract_inverted_index.reverse | 133 |
| abstract_inverted_index.strings | 84 |
| abstract_inverted_index.CASCADE, | 25 |
| abstract_inverted_index.Google's | 121 |
| abstract_inverted_index.Software | 0 |
| abstract_inverted_index.advanced | 33 |
| abstract_inverted_index.approach | 29 |
| abstract_inverted_index.compiler | 45 |
| abstract_inverted_index.critical | 58 |
| abstract_inverted_index.deployed | 119 |
| abstract_inverted_index.efforts. | 135 |
| abstract_inverted_index.elements | 81 |
| abstract_inverted_index.existing | 98 |
| abstract_inverted_index.hundreds | 105 |
| abstract_inverted_index.identify | 57 |
| abstract_inverted_index.original | 83, 90 |
| abstract_inverted_index.recovers | 79 |
| abstract_inverted_index.reducing | 132 |
| abstract_inverted_index.semantic | 80 |
| abstract_inverted_index.software | 15 |
| abstract_inverted_index.testing, | 16 |
| abstract_inverted_index.achieving | 112 |
| abstract_inverted_index.analysis, | 10, 18 |
| abstract_inverted_index.employing | 54 |
| abstract_inverted_index.hardcoded | 109 |
| abstract_inverted_index.overcomes | 95 |
| abstract_inverted_index.prevalent | 3, 67 |
| abstract_inverted_index.thousands | 107 |
| abstract_inverted_index.JavaScript | 50, 128 |
| abstract_inverted_index.behaviors. | 92 |
| abstract_inverted_index.challenges | 13 |
| abstract_inverted_index.components | 63 |
| abstract_inverted_index.detection. | 21 |
| abstract_inverted_index.efficiency | 130 |
| abstract_inverted_index.functions, | 60 |
| abstract_inverted_index.integrates | 31 |
| abstract_inverted_index.introduces | 24 |
| abstract_inverted_index.leveraging | 71 |
| abstract_inverted_index.production | 122 |
| abstract_inverted_index.subsequent | 74 |
| abstract_inverted_index.underlying | 64 |
| abstract_inverted_index.JavaScript, | 5 |
| abstract_inverted_index.effectively | 78 |
| abstract_inverted_index.eliminating | 104 |
| abstract_inverted_index.engineering | 134 |
| abstract_inverted_index.limitations | 96 |
| abstract_inverted_index.obfuscation | 68 |
| abstract_inverted_index.reliability | 113 |
| abstract_inverted_index.significant | 12 |
| abstract_inverted_index.substantial | 125 |
| abstract_inverted_index.techniques, | 69, 103 |
| abstract_inverted_index.Intermediate | 46 |
| abstract_inverted_index.capabilities | 35, 42 |
| abstract_inverted_index.environment, | 123 |
| abstract_inverted_index.flexibility. | 115 |
| abstract_inverted_index.foundational | 62 |
| abstract_inverted_index.improvements | 126 |
| abstract_inverted_index.obfuscation, | 1 |
| abstract_inverted_index.particularly | 2 |
| abstract_inverted_index.specifically | 49 |
| abstract_inverted_index.comprehension | 8 |
| abstract_inverted_index.demonstrating | 124 |
| abstract_inverted_index.deobfuscation | 102, 129 |
| abstract_inverted_index.deterministic | 40 |
| abstract_inverted_index.Representation | 47 |
| abstract_inverted_index.transformation | 41 |
| abstract_inverted_index.transformations, | 76 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 4 |
| citation_normalized_percentile |