- Published on
是的,Claude Code 可以反编译自身
Yes, Claude Code can decompile itself. Here's the source code.
是的,Claude Code 可以反编译自身。以下是源代码。
01 Mar 2025
These LLMs are shockingly good at deobfuscation, transpilation and structure to structure conversions. I discovered this back around Christmas where I asked an LLM to make me an Haskell audio library by transpiling a rust implementation.
这些LLMs在去混淆、转译和结构到结构转换方面表现出色。我是在圣诞节前后发现这一点的,当时我让一个LLM通过转译一个 Rust 实现来为我制作一个 Haskell 音频库。
[
An “oh fuck” moment in time
一个“哦,糟糕”的时刻
Over the Christmas break I’ve been critically looking at my own software development loop, learning a new programming language and re-learning a language I haven’t professionally used in over seven years. It’s now 2025. Software assistants are now a core staple of my day-to-day life as a staff
在圣诞假期期间,我认真审视了自己的软件开发循环,学习了一门新的编程语言,并重新学习了一门我已经七年没有专业使用的语言。现在是 2025 年。软件助手现在是我日常生活中的核心组成部分,作为一名员工
Geoffrey HuntleyGeoffrey Huntley
](https://ghuntley.com/oh-fuck/)
and here's me using the technique (bellow) to convert an application to a z/80 spectrum tape
这是我使用该技术(如下)将应用程序转换为 z/80 谱带
[
Can a LLM convert C, to ASM to specs and then to a working Z/80 Speccy tape? Yes.
LLM 能否将 C 转换为 ASM,再转换为规格,然后转换为可用的 Z/80 Speccy 磁带?可以。
Damien Guard nerd sniped me and and other folks wanted more proof that it is now cheap, easy and possible to cheaply rewrite software or clone existing “source available” businesses (see bottom of the post). So, let’s get cracking by creating a toy application by sending this prompt to the
Damien Guard 吸引了我和其他人,他们想要更多的证据证明现在可以廉价、轻松地重写软件或克隆现有的“源代码可用”业务(见文章底部)。所以,让我们通过发送这个提示来创建一个玩具应用程序
Geoffrey HuntleyGeoffrey Huntley
I'm not going to bury the lede, so let's dig right into the real reason why you clicked on this post, here's the source code...
我不会埋藏重点,所以让我们直接深入你点击这篇文章的真正原因,这里是源代码...
[
GitHub - ghuntley/claude-code-source-code-transpilation: This is a cleanroom transpilation of the official Claude Code npm package.
GitHub - ghuntley/claude-code-source-code-transpilation: 这是官方 Claude Code npm 包的一个洁净室转译。
This is a cleanroom transpilation of the official Claude Code npm package. - ghuntley/claude-code-source-code-transpilation
这是官方 Claude Code npm 包的一个洁净室转译。- ghuntley/claude-code-source-code-transpilation
GitHubghuntley
](https://github.com/ghuntley/claude-code-source-code-transpilation?ref=ghuntley.com)
What follows in this post is how you can do it yourself and a special surprise insight at the bottom...
本文接下来将介绍如何自己动手,以及在底部的一个特别惊喜见解...
Claude Code
The source code for Claude Code is currently "not available". Whilst a GitHub repository has been published, it contains no source code. Claude Code was an unusual announcement to release along side Sonnet 3.7 - I suspect it was/is a marketing gimmick which was built to demonstrate the capability of the new model and to show the world how to build an AI coding agent (and how easy it is) from the creators of the LLM model (they know it best)
Claude Code 的源代码目前“不可用”。虽然已经发布了一个 GitHub 仓库,但其中不包含源代码。Claude Code 是一个不寻常的发布公告,与 Sonnet 3.7 一同发布——我怀疑它是/曾是一个营销噱头,旨在展示新模型的能力,并向世界展示如何从 LLM 模型的创造者那里构建一个 AI 编码代理(以及它有多简单)(他们对此最了解)。
[
GitHub - anthropics/claude-code: Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and handling git workflows - all through natural language commands.
GitHub - anthropics/claude-code: Claude Code 是一个代理编码工具,驻留在您的终端中,理解您的代码库,并通过执行常规任务、解释复杂代码和处理 git 工作流来帮助您更快地编码——这一切都通过自然语言命令实现。
Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and handling git workflo…
Claude Code 是一个代理编码工具,存在于您的终端中,理解您的代码库,并通过执行常规任务、解释复杂代码和处理 git 工作流来帮助您更快地编码。
GitHubanthropics
](https://github.com/anthropics/claude-code?ref=ghuntley.com)
Claude Code is authored in TypeScript and was released to NPM. You can install it via..
Claude Code 是用 TypeScript 编写的,并已发布到 NPM。您可以通过以下方式安装它..
$ mkdir claude-code && cd claude-code
$ npm i @anthropic-ai/claude-code
After installing the application into a folder you'll be greeted with the following directory structure..
将应用程序安装到文件夹后,您将看到以下目录结构..
tree
.
├── node_modules
│ ├── @anthropic-ai
│ │ └── claude-code
│ │ ├── LICENSE.md
│ │ ├── README.md
│ │ ├── cli.mjs
│ │ ├── package.json
│ │ ├── scripts
│ │ │ └── preinstall.js
<snip>
├── package-lock.json
└── package.json
57 directories, 436 files
cli.mjs
This is the meat of the application itself. It is your typical commonjs application which has been compiled from typescript. As part of the process of compilation with Webpack a minifier step combines all the source code into this file and truncates the symbols.
这是应用程序本身的核心部分。它是一个典型的 commonjs 应用程序,由 typescript 编译而成。作为使用 Webpack 编译过程的一部分,压缩步骤将所有源代码合并到此文件中并截断符号。
so let's pull it apart
所以让我们把它拆开
If you want to this at home. Your first task to is open up cli.mjs within your favourite AI coding assistant or even Claude Code itself. Due to the "safety rails and AI alignment" you'll need to strip the top comments from the application otherwise they will kick in unless you use an LLM such as Grok which has no guard rails.
如果你想在家中进行此操作。你的第一个任务是在你喜欢的 AI 编码助手中打开 cli.mjs ,甚至是 Claude Code 本身。由于“安全护栏和 AI 对齐”,你需要去掉应用程序顶部的注释,否则它们会生效,除非你使用没有护栏的LLM,例如 Grok。
Here's the prompt that I used.
这是我使用的提示。
CLI.js is a commonjs typescript application which has been compiled with webpack.
CLI.js 是一个用 webpack 编译的 commonjs typescript 应用程序。
The symbols have been stripped.
符号已被剥离。
Inspect the source code thoroughly (extra thinking) but skip the SentrySDK source code.
彻底检查源代码(额外思考),但跳过 SentrySDK 源代码。
Create a specification library of features of the application.
创建一个应用程序功能的规范库。
Convert the source code into human readable.
将源代码转换成人类可读。
Keep going until you are done!
继续前进,直到完成!
Because cli.mjs is close to 5mb - which is way bigger than any LLM context window out here. It shouldn't work but it does. You're going to need babysit it for a while and feed it reward tokens of kind words ("your doing good, please continue") and encourage it to keep on going on - even if it gives up. It will time out, lots...
因为 cli.mjs 接近 5mb - 这远远大于任何LLM上下文窗口。它不应该起作用,但确实有效。你需要暂时照看它,并用善意的话语奖励它(“你做得很好,请继续”),鼓励它继续前进——即使它放弃。它会超时,很多次……
After about two minutes it'll spit out a technical specification which details how the application was built and the features of the application...
大约两分钟后,它将输出一份技术规范,详细说明应用程序的构建方式和应用程序的功能...
At this point it'll timeout for sure. This is when you need to do the "new meta" of asking the LLM to write out the technical specification library. I say new meta because - hi folks - welcome, I haven't talked about this yet publicly yet but the results of this technique when used in combination with the "old meta" are truly absurd. I'll be going deep into this in a follow-up blog post so if you wanna be the first to see it - like, subscribe and click on the bell below below.
在这一点上,它肯定会超时。这时你需要做“新元”的事情,要求LLM写出技术规范库。我说新元是因为——大家好——欢迎,我还没有公开谈论过这个,但这种技术与“旧元”结合使用的结果确实荒谬。我将在后续的博客文章中深入探讨这一点,所以如果你想第一个看到它——请点赞、订阅并点击下面的铃铛。
Sign up for Geoffrey Huntley
注册 Geoffrey Huntley
I work remotely from a van that is slowly working its way around Australia. Follow me for the intersection of remote work, camping & #vanlife.
我在一辆慢慢环游澳大利亚的房车中远程工作。关注我,了解远程工作、露营和#vanlife 的交集。
Subscribe 订阅
No spam. Unsubscribe anytime.
无垃圾邮件。随时取消订阅。
Once it has finished dumping out the technical specification library you'll need to feed it this prompt
一旦完成技术规范库的导出,您需要向其输入此提示
Now deobfuscate the application.
现在对应用程序进行去混淆。
Split the application into separate files per domain in the SPECS folder.
将应用程序按域拆分为单独的文件,放在 SPECS 文件夹中。
Provide an overview of the directory structure before starting deobfuscation.
在开始去混淆之前提供目录结构的概述。
Skip the SENTRYSDK. 跳过 SENTRYSDK。
After a couple moments you'll be greeted with the skeleton of the deobfuscated outcome...
片刻之后,您将看到反混淆结果的框架...
claude-code/
├── package.json
├── tsconfig.json
├── README.md
├── LICENSE.md
├── src/
│ ├── index.ts # Main entry point
│ ├── cli.ts # CLI argument parsing and commands
│ ├── config/ # Configuration management
│ │ ├── index.ts
│ │ ├── schema.ts
│ │ └── defaults.ts
│ ├── terminal/ # Terminal interface
│ │ ├── index.ts
│ │ ├── input.ts
│ │ ├── output.ts
│ │ └── rendering.ts
│ ├── codebase/ # Codebase analysis
│ │ ├── index.ts
│ │ ├── scanner.ts
│ │ ├── indexer.ts
│ │ ├── search.ts
│ │ └── watcher.ts
│ ├── commands/ # Command processing
│ │ ├── index.ts
│ │ ├── parser.ts
│ │ ├── executor.ts
│ │ └── handlers/
│ │ ├── edit.ts
│ │ ├── search.ts
│ │ ├── explain.ts
│ │ ├── git.ts
│ │ └── system.ts
│ ├── ai/ # AI integration
│ │ ├── index.ts
│ │ ├── client.ts
│ │ ├── context.ts
│ │ ├── prompts.ts
│ │ └── response.ts
│ ├── fileops/ # File operations
│ │ ├── index.ts
│ │ ├── reader.ts
│ │ ├── writer.ts
│ │ ├── diff.ts
│ │ └── vcs.ts
│ ├── execution/ # Command execution
│ │ ├── index.ts
│ │ ├── shell.ts
│ │ ├── sandbox.ts
│ │ └── monitor.ts
│ ├── auth/ # Authentication
│ │ ├── index.ts
│ │ ├── oauth.ts
│ │ └── tokens.ts
│ ├── telemetry/ # Analytics and telemetry
│ │ ├── index.ts
│ │ ├── events.ts
│ │ └── reporter.ts
│ ├── errors/ # Error handling
│ │ ├── index.ts
│ │ ├── types.ts
│ │ ├── handlers.ts
│ │ └── formatter.ts
│ └── utils/ # Utilities
│ ├── index.ts
│ ├── logger.ts
│ ├── async.ts
│ └── formatting.ts
├── scripts/ # Build and deployment scripts
│ ├── build.js
│ └── preinstall.js
└── tests/ # Test suite
├── unit/
├── integration/
└── fixtures/
Now this is the part where it gets wild. Strap yourself in for another "oh-fuck" moment in time....
现在到了事情变得疯狂的部分。准备好迎接另一个“哦,糟糕”的时刻……
As the CLI.js is circa 5Mb in size. What follows is going to require a-lot of patience but the key is to use the following prompt and keep giving it "yeah bb, you doing great. keep going" words of encouragement.
由于 CLI.js 的大小约为 5Mb。接下来需要大量的耐心,但关键是使用以下提示,并不断给予“yeah bb, you doing great. keep going”这样的鼓励。
Look at the SPECS library.
查看 SPECS 库。
Look at CLAUDE-CODE folder.
查看 CLAUDE-CODE 文件夹。
Look at @CLI.js (do not confuse it with @cli.ts), keep transpiling and implement anything that's not in the SPECS folder that has not been implemented in the CLAUDE-CODE folder.
查看 @CLI.js(不要与 @cli.ts 混淆),继续转译并实现 SPECS 文件夹中未实现且 CLAUDE-CODE 文件夹中未实现的任何内容。
Seriously, you are going to need to enter that at least 100 times over the next 30 minutes.
说真的,在接下来的 30 分钟内,你至少需要输入 100 次。
that doesn't impress me much...
这并没有让我印象深刻……
Deobfuscating [nb. how do we even describe this? Is it deobfuscation?] JavaScript isn't that interesting or impressive though however the resulting source code is highly readable and covers all-the key elements in an coding assistant. We won't know how accurate it is until Anthropic goes through the motions to release the upstream source-code.
反混淆[注:我们该如何描述这个?是反混淆吗?] JavaScript 并不是那么有趣或令人印象深刻,不过生成的源代码非常易读,并涵盖了编码助手中的所有关键元素。我们不会知道它的准确性,直到 Anthropic 完成发布上游源代码的过程。
Understand dear reader that this technique can be done on any programming language and even from pre-existing binaries themselves. I've transpiled from ASM to specs and achieved below:
请理解,亲爱的读者,这种技术可以在任何编程语言上实现,甚至可以从现有的二进制文件中实现。我已经从 ASM 转译到规格,并实现了以下内容:
[
Can a LLM convert C, to ASM to specs and then to a working Z/80 Speccy tape? Yes.
LLM 能否将 C 转换为 ASM,再转换为规格,然后转换为可用的 Z/80 Speccy 磁带?可以。
Damien Guard nerd sniped me and and other folks wanted more proof that it is now cheap, easy and possible to cheaply rewrite software or clone existing “source available” businesses (see bottom of the post). So, let’s get cracking by creating a toy application by sending this prompt to the
Damien Guard 吸引了我和其他人,他们想要更多的证据证明现在可以廉价、轻松地重写软件或克隆现有的“源代码可用”业务(见文章底部)。所以,让我们通过发送这个提示来创建一个玩具应用程序
Geoffrey HuntleyGeoffrey Huntley
and others have directly converted VB .exe's to Python...
其他人已经直接将 VB .exe 转换为 Python...
still reading? good it's time for the grand reveal aka what this entire blog post is about...
还在阅读吗?很好,现在是揭晓的时刻,也就是这整篇博客文章的主题……
Now, a sharp mind should have picked up by now the implications of above but I'll spell it out. Using the above technique you can clean-room any software in existence in hours or less.
现在,敏锐的头脑应该已经意识到上述内容的含义,但我会详细说明。使用上述技术,您可以在数小时内或更短时间内对任何现有软件进行清洁室设计。
All those "source available" founders who raised shit-loads-of-cash in the last boom are now screwed, as anyone can re-implement their "proprietary features" which provide them with revenue within hours using the above technique to launch competing startups at lower-operating costs.
所有那些在上一次繁荣中筹集了大量资金的“源代码可用”创始人现在都陷入困境,因为任何人都可以在几小时内重新实现他们的“专有功能”,这些功能为他们提供收入,并使用上述技术以更低的运营成本推出竞争性初创公司。
All you need is access to their source-code and they have given you the keys to the kingdom on a golden platter by going to market as "commercial open-source" with source-code "protected by restrictive licensing" uploaded directly onto GitHub.
你所需要的只是访问他们的源代码,他们通过以“商业开源”的方式进入市场,将“受限制许可保护”的源代码直接上传到 GitHub 上,实际上是把王国的钥匙放在金盘子上交给了你。
[
CockroachDB scurries off to proprietary software land
CockroachDB 迅速转向专有软件领域
As VC-owned fauxpen source biz yells ‘show me the money,’ more may follow to the peril of the community
当风险投资拥有的伪开源企业大喊“给我钱”时,更多企业可能会跟随,这对社区构成威胁
The RegisterSteven J. Vaughan-Nichols
](https://www.theregister.com/2024/08/23/cockroachdb_opinion/?ref=ghuntley.com)
Please understand that restrictive software licenses no longer matter because these LLMs can be driven to behave like Bitcoin mixers that bypass licensing and copyright restrictions using the approach detailed in this blog post.
请理解,限制性软件许可证不再重要,因为这些LLMs可以被驱动得像比特币混合器一样,使用本文中详细介绍的方法绕过许可和版权限制。
These zombie companies are about to get harvested if the founders don't "Elon Musk" their companies... fast... especially if they don't have a defensible moat. So, here's to the next generation of builders. May you use these insights wisely and to your advantage. It's an incredible time to be alive if you just do things.
如果创始人不快速“埃隆·马斯克”他们的公司,尤其是如果他们没有可防御的护城河,这些僵尸公司就要被收割了。所以,向下一代建设者致敬。愿你明智地利用这些见解并将其转化为你的优势。如果你只是去做事情,这是一个令人难以置信的时代。
[
The future belongs to people who can just do things
未来属于能够实干的人
There, I said it. I seriously can’t see a path forward where the majority of software engineers are doing artisanal hand-crafted commits by as soon as the end of 2026. If you are a software engineer and were considering taking a gap year/holiday this year it would be an
在那里,我说了。我真的看不到到 2026 年底,大多数软件工程师还在进行手工精心制作的提交的前景。如果你是一名软件工程师,并且考虑今年休假/度假,这将是一个
Geoffrey HuntleyGeoffrey Huntley
](https://ghuntley.com/dothings)
if you aren't losing sleep right now and doing 80+hr weeks of coding right now whyyyyyyyy. there's so much opportunity available right now...
如果你现在没有失眠并且每周编程超过 80 小时,为什么呢。现在有这么多机会……
ps. socials for this blog post are below
ps. 此博客文章的社交媒体信息如下
If you enjoyed reading, give 'em a share please:
如果您喜欢阅读,请分享一下: