Skip to content

Instantly share code, notes, and snippets.

@stoyky
Created April 10, 2026 18:08
Show Gist options
  • Select an option

  • Save stoyky/86a8afd85b6b925fbab5f6e104cd452a to your computer and use it in GitHub Desktop.

Select an option

Save stoyky/86a8afd85b6b925fbab5f6e104cd452a to your computer and use it in GitHub Desktop.
Cleanly deobfuscate Adobe 0-day PDF JS payload
Extract base64 blob:
pdf-parser <file.pdf> -o 7 -w
Decode with Cyberchef:
Find_/_Replace({'option':'Regex','string':'#2'},'',true,false,true,false)
From_Base64('A-Za-z0-9+/=',true,false)
Find_/_Replace({'option':'Regex','string':'\u001f'},'?',true,false,true,false)
Now you can get a relatively clean deobfuscation using:
https://deobfuscate.relative.im
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment