JSFuck Decoder
Decode JSFuck-style JavaScript expressions into readable code — runs entirely in your browser.
Input
Decoded Output
What Is the JSFuck Decoder?
Ever opened a JavaScript file and found nothing but `+!+[]+(![]+[])[+[]]` stretching across the screen? That's JSFuck — a technique that encodes any JavaScript using just six characters: `[`, `]`, `(`, `)`, `!`, and `+`. The JSFuck Decoder translates that back into readable code. MDN JavaScript documents the underlying language features JSFuck exploits — type coercion, array indexing, and boolean conversion. The ECMAScript specification defines exactly why expressions like `+!+[]` evaluate to `1`. For deeper analysis of decoded output, try AST Explorer to visualize the parse tree, or use Chrome DevTools to safely inspect behavior. Babel can help further normalize the decoded result. Everything here runs in your browser — your code never touches a server.
This tool runs entirely in your browser. Nothing is sent to a server. For obfuscating code, use JavaScript Obfuscator. For formatting only, use JavaScript Formatter. For validation, use JavaScript Validator.
How to Decode JSFuck
Paste or Upload
Paste JSFuck or mixed obfuscated JavaScript into the editor. The tool applies decoding and formatting for easier inspection.
View Decoded Output
The output shows best-effort decoding and normalization. Extremely nested payloads may still need manual analysis.
Copy or Download
Use Copy or Download to get the result. For running code, use JavaScript Console.
JSFuck Decoder Example
Here is an example of decoding JSFuck-style symbols and escapes.
Example: Symbol-heavy obfuscated expression
JSFuck input:
Decoded output:
When the JSFuck Decoder Helps
This is useful for malware triage, CTF challenges, and reverse-engineering scripts that use JSFuck notation. Decode first, then inspect behavior in a safer workflow.
Frequently Asked Questions
Is my data private when using this tool?
Yes, completely. Decoding runs entirely in your browser — no data is sent to any server. Your code stays on your machine.
Does this decode every JSFuck payload?
It handles the majority of symbol-heavy patterns and standard JSFuck encodings. Extremely deep or layered payloads may still need manual deconstruction or Chrome DevTools.
What is JSFuck and why is it used?
JSFuck is a JavaScript encoding technique that uses only 6 characters: `[`, `]`, `(`, `)`, `!`, and `+`. It's used in CTF challenges, malware obfuscation, and as a JavaScript curiosity. The output is still valid JavaScript.
JSFuck Decoder vs general JavaScript Deobfuscator — what's the difference?
JSFuck Decoder is optimized specifically for symbol-based, six-character-style encodings. The general deobfuscator handles a broader range of obfuscation patterns including variable renaming and control flow flattening.
Is it legal to decode or deobfuscate JavaScript?
For your own code, security research, or CTF challenges — yes. For third-party code, always check the license and terms of service first.