Approaches To Decompile Electron JS Application

Muhammad Lutfi Rahmawan
4 min readSep 12, 2022

--

Hello, this is Muhammad Lutfi Rahmawan and this is my first article on Medium. Hence this is my first article, I apologize if there are any grammatical mistakes. In this article, I will share a piece of knowledge that I have in reversing executable application.

A few days ago, I participated in the national Capture The Flag (CTF) competition. There were several challenges given to participants in various categories such as cryptography, reverse engineering, web exploitation challenge, and miscellaneous. There was a challenge that entice me. The challenge was a desktop application categorized as miscellaneous, but to solve this challenge participants were required to have reverse engineering skill. The application was built using Electron JS.

Electron JS

Electron JS is a Javascript framework to help developers create their desktop application using web technologies that are rendered using a flavor of the Chromium browser engine, and a backend using the Node JS runtime environment.

The given application was a simple gambling game that asked the participants to reach a certain point to get a flag. Please remember that this is not a write-up for the challenge so we will ignore the way how to get the flag. We will focus on how to decompile the application using different approaches.

Home screen

Since I know that this app was built using Electron JS, I tried to research in Google how to retrieve the source code from the compiled Electron JS app given. After spending a lot of time I get some interesting information here.

The article stated that compiled Electron JS applications are generally packed using asar and that is a hint that I can unpack it to get the original source code from the application. This is the step to get the source code by .asar file of the application.

cd /Applications/[APP-NAME]/Contents/Resources
mkdir example-sourcecode
asar extract app.asar example-sourcecode

But how do we get .asar file extension in the given application? Where is it located in our computer?

Temporary File

The .asar file can be found easily in the temporary directory during the application is running. What we need to do first is enable ‘Toogle Developer Tools’ by clicking it on the ‘View’ menu bar or by pressing ‘CTRL+Shift+I’.

Trigger developer tools

After the developer tool is opened, go to the ‘Sources’ tab and we will be shown the file structure used by the application.

We will notice that there is ‘app.asar’ in directory C:/Users/WINDOW~1/AppData/Local/Temp/2ECXcaEbb24DsVsv1FgI0vhk95G/resources/app.asar

Get there and unpack the app.asar file using asar extract app.asar DESTINATION_PATH and finally we will get what we want.

Source code of the given application

Packed Inside Apllication

app.asar can also be found by de-archiving the executable file using 7z. Here are the steps:

Extract using 7z

After extracting the application we get several files as follows:

Files extracted

The first one is also packed using 7z archiver, so we need to extract again using 7z archiver to see the archived files inside. And these are what we get:

Extracted files from app-64.7z file

So we remember that app.asar is located in C:/Users/WINDOW~1/AppData/Local/Temp/2ECXcaEbb24DsVsv1FgI0vhk95G/resources/app.asar on previous method. By ignoring C:/Users/WINDOW~1/AppData/Local/Temp/2ECXcaEbb24DsVsv1FgI0vhk95G/ we will get the current path as the root path of the application project. Go to resources folder we will see app.asar where the actual source code are packed. Unpack ‘app.asar’ we will get the source code.

Location of app.asar

--

--