By Geoffrey Huntley in AI — 01 Mar 2025

Yes, Claude Code can decompile itself. Here's the source code.

These LLMs are shockingly good at deobfuscation, transpilation and structure to structure conversions. I discovered this back around Christmas where I asked an LLM to make me an Haskell audio library by transpiling a rust implementation.

and here's me using the technique (bellow) to convert an application to a z/80 spectrum tape

I'm not going to bury the lede, so let's dig right into the real reason why you clicked on this post, here's the source code...

What follows in this post is how you can do it yourself and a special surprise insight at the bottom...

Claude Code

The source code for Claude Code is currently "not available". Whilst a GitHub repository has been published, it contains no source code. Claude Code was an unusual announcement to release along side Sonnet 3.7 - I suspect it was/is a marketing gimmick which was built to demonstrate the capability of the new model and to show the world how to build an AI coding agent (and how easy it is) from the creators of the LLM model (they know it best)

Claude Code is authored in TypeScript and was released to NPM. You can install it via..

$ mkdir claude-code && cd claude-code
$ npm i @anthropic-ai/claude-code

After installing the application into a folder you'll be greeted with the following directory structure..

tree 
.
├── node_modules
│   ├── @anthropic-ai
│   │   └── claude-code
│   │       ├── LICENSE.md
│   │       ├── README.md
│   │       ├── cli.mjs
│   │       ├── package.json
│   │       ├── scripts
│   │       │   └── preinstall.js
<snip>
├── package-lock.json
└── package.json

57 directories, 436 files

cli.mjs

This is the meat of the application itself. It is your typical commonjs application which has been compiled from typescript. As part of the process of compilation with Webpack a minifier step combines all the source code into this file and truncates the symbols.

so let's pull it apart

If you want to this at home. Your first task to is open up cli.mjs within your favourite AI coding assistant or even Claude Code itself. Due to the "safety rails and AI alignment" you'll need to strip the top comments from the application otherwise they will kick in unless you use an LLM such as Grok which has no guard rails.

Here's the prompt that I used.

CLI.js is a commonjs typescript application which has been compiled with webpack.
The symbols have been stripped.
Inspect the source code thoroughly (extra thinking) but skip the SentrySDK source code.
Create a specification library of features of the application.
Convert the source code into human readable.
Keep going until you are done!

Because cli.mjs is close to 5mb - which is way bigger than any LLM context window out here. It shouldn't work but it does. You're going to need babysit it for a while and feed it reward tokens of kind words ("your doing good, please continue") and encourage it to keep on going on - even if it gives up. It will time out, lots...

After about two minutes it'll spit out a technical specification which details how the application was built and the features of the application...

At this point it'll timeout for sure. This is when you need to do the "new meta" of asking the LLM to write out the technical specification library. I say new meta because - hi folks - welcome, I haven't talked about this yet publicly yet but the results of this technique when used in combination with the "old meta" are truly absurd. I'll be going deep into this in a follow-up blog post so if you wanna be the first to see it - like, subscribe and click on the bell below below.

Once it has finished dumping out the technical specification library you'll need to feed it this prompt

Now deobfuscate the application.
Split the application into separate files per domain in the SPECS folder.
Provide an overview of the directory structure before starting deobfuscation.
Skip the SENTRYSDK.

After a couple moments you'll be greeted with the skeleton of the deobfuscated outcome...

claude-code/
├── package.json
├── tsconfig.json
├── README.md
├── LICENSE.md
├── src/
│   ├── index.ts                        # Main entry point
│   ├── cli.ts                          # CLI argument parsing and commands
│   ├── config/                         # Configuration management
│   │   ├── index.ts
│   │   ├── schema.ts
│   │   └── defaults.ts
│   ├── terminal/                       # Terminal interface
│   │   ├── index.ts
│   │   ├── input.ts
│   │   ├── output.ts
│   │   └── rendering.ts
│   ├── codebase/                       # Codebase analysis
│   │   ├── index.ts
│   │   ├── scanner.ts
│   │   ├── indexer.ts
│   │   ├── search.ts
│   │   └── watcher.ts
│   ├── commands/                       # Command processing
│   │   ├── index.ts
│   │   ├── parser.ts
│   │   ├── executor.ts
│   │   └── handlers/
│   │       ├── edit.ts
│   │       ├── search.ts
│   │       ├── explain.ts
│   │       ├── git.ts
│   │       └── system.ts
│   ├── ai/                             # AI integration
│   │   ├── index.ts
│   │   ├── client.ts
│   │   ├── context.ts
│   │   ├── prompts.ts
│   │   └── response.ts
│   ├── fileops/                        # File operations
│   │   ├── index.ts
│   │   ├── reader.ts
│   │   ├── writer.ts
│   │   ├── diff.ts
│   │   └── vcs.ts
│   ├── execution/                      # Command execution
│   │   ├── index.ts
│   │   ├── shell.ts
│   │   ├── sandbox.ts
│   │   └── monitor.ts
│   ├── auth/                           # Authentication
│   │   ├── index.ts
│   │   ├── oauth.ts
│   │   └── tokens.ts
│   ├── telemetry/                      # Analytics and telemetry
│   │   ├── index.ts
│   │   ├── events.ts
│   │   └── reporter.ts
│   ├── errors/                         # Error handling
│   │   ├── index.ts
│   │   ├── types.ts
│   │   ├── handlers.ts
│   │   └── formatter.ts
│   └── utils/                          # Utilities
│       ├── index.ts
│       ├── logger.ts
│       ├── async.ts
│       └── formatting.ts
├── scripts/                            # Build and deployment scripts
│   ├── build.js
│   └── preinstall.js
└── tests/                              # Test suite
    ├── unit/
    ├── integration/
    └── fixtures/

Now this is the part where it gets wild. Strap yourself in for another "oh-fuck" moment in time....

As the CLI.js is circa 5Mb in size. What follows is going to require a-lot of patience but the key is to use the following prompt and keep giving it "yeah bb, you doing great. keep going" words of encouragement.

Look at the SPECS library.
Look at CLAUDE-CODE folder.
Look at @CLI.js (do not confuse it with @cli.ts), keep transpiling and implement anything that's not in the SPECS folder that has not been implemented in the CLAUDE-CODE folder.

Seriously, you are going to need to enter that at least 100 times over the next 30 minutes.

that doesn't impress me much...

Deobfuscating [nb. how do we even describe this? Is it deobfuscation?] JavaScript isn't that interesting or impressive though however the resulting source code is highly readable and covers all-the key elements in an coding assistant. We won't know how accurate it is until Anthropic goes through the motions to release the upstream source-code.

Understand dear reader that this technique can be done on any programming language and even from pre-existing binaries themselves. I've transpiled from ASM to specs and achieved below:

and others have directly converted VB .exe's to Python...

Reddit grandfather uploads 27 year old EXE file of a visual basic game and Claude one-shotted recreating the game in Python in under 5 minutes!!

From the binary. pic.twitter.com/KEzUfisxmu
— Deedy (@deedydas) February 26, 2025

still reading? good it's time for the grand reveal aka what this entire blog post is about...

Now, a sharp mind should have picked up by now the implications of above but I'll spell it out. Using the above technique you can clean-room any software in existence in hours or less.

All those "source available" founders who raised shit-loads-of-cash in the last boom are now screwed, as anyone can re-implement their "proprietary features" which provide them with revenue within hours using the above technique to launch competing startups at lower-operating costs.

All you need is access to their source-code and they have given you the keys to the kingdom on a golden platter by going to market as "commercial open-source" with source-code "protected by restrictive licensing" uploaded directly onto GitHub.

Please understand that restrictive software licenses no longer matter because these LLMs can be driven to behave like Bitcoin mixers that bypass licensing and copyright restrictions using the approach detailed in this blog post.

These zombie companies are about to get harvested if the founders don't "Elon Musk" their companies... fast... especially if they don't have a defensible moat. So, here's to the next generation of builders. May you use these insights wisely and to your advantage. It's an incredible time to be alive if you just do things.