Home Esplora Aiuto
Accedi
yosoyhendrix
/
AhMyth-Android-RAT
1
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Albero (Tree): 9000392778
Rami (Branch) Tag
AhMyth-Android-...
/
app
/
node_modules
/
js-beautify
/
js
/
lib
/
unpackers
/
javascriptobfuscator_unpacker.js

javascriptobfuscator_unpacker.js 3.3 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103 
  1. //
    2. 

  2. // simple unpacker/deobfuscator for scripts messed up with javascriptobfuscator.com
    3. 

  3. // written by Einar Lielmanis <einar@jsbeautifier.org>
    4. 

  4. //
    5. 

  5. // usage:
    6. 

  6. //
    7. 

  7. // if (JavascriptObfuscator.detect(some_string)) {
    8. 

  8. //     var unpacked = JavascriptObfuscator.unpack(some_string);
    9. 

  9. // }
    10. 

  10. //
    11. 

  11. //
    12. 

  12. 

  13. var JavascriptObfuscator = {
    14. 

  14.     detect: function (str) {
    15. 

  15.         return /^var _0x[a-f0-9]+ ?\= ?\[/.test(str);
    16. 

  16.     },
    17. 

  17. 

  18.     unpack: function (str) {
    19. 

  19.         if (JavascriptObfuscator.detect(str)) {
    20. 

  20.             var matches = /var (_0x[a-f\d]+) ?\= ?\[(.*?)\];/.exec(str);
    21. 

  21.             if (matches) {
    22. 

  22.                 var var_name = matches[1];
    23. 

  23.                 var strings = JavascriptObfuscator._smart_split(matches[2]);
    24. 

  24.                 str = str.substring(matches[0].length);
    25. 

  25.                 for (var k in strings) {
    26. 

  26.                     str = str.replace(new RegExp(var_name + '\\[' + k + '\\]', 'g'),
    27. 

  27.                         JavascriptObfuscator._fix_quotes(JavascriptObfuscator._unescape(strings[k])));
    28. 

  28.                 }
    29. 

  29.             }
    30. 

  30.         }
    31. 

  31.         return str;
    32. 

  32.     },
    33. 

  33. 

  34.     _fix_quotes: function(str) {
    35. 

  35.         var matches = /^"(.*)"$/.exec(str);
    36. 

  36.         if (matches) {
    37. 

  37.             str = matches[1];
    38. 

  38.             str = "'" + str.replace(/'/g, "\\'") + "'";
    39. 

  39.         }
    40. 

  40.         return str;
    41. 

  41.     },
    42. 

  42. 

  43.     _smart_split: function(str) {
    44. 

  44.         var strings = [];
    45. 

  45.         var pos = 0;
    46. 

  46.         while (pos < str.length) {
    47. 

  47.             if (str.charAt(pos) == '"') {
    48. 

  48.                 // new word
    49. 

  49.                 var word = '';
    50. 

  50.                 pos += 1;
    51. 

  51.                 while (pos < str.length) {
    52. 

  52.                     if (str.charAt(pos) == '"') {
    53. 

  53.                         break;
    54. 

  54.                     }
    55. 

  55.                     if (str.charAt(pos) == '\\') {
    56. 

  56.                         word += '\\';
    57. 

  57.                         pos++;
    58. 

  58.                     }
    59. 

  59.                     word += str.charAt(pos);
    60. 

  60.                     pos++;
    61. 

  61.                 }
    62. 

  62.                 strings.push('"' + word + '"');
    63. 

  63.             }
    64. 

  64.             pos += 1;
    65. 

  65.         }
    66. 

  66.         return strings;
    67. 

  67.     },
    68. 

  68. 

  69. 

  70.     _unescape: function (str) {
    71. 

  71.         // inefficient if used repeatedly or on small strings, but wonderful on single large chunk of text
    72. 

  72.         for (var i = 32; i < 128; i++) {
    73. 

  73.             str = str.replace(new RegExp('\\\\x' + i.toString(16), 'ig'), String.fromCharCode(i));
    74. 

  74.         }
    75. 

  75.         str = str.replace(/\\x09/g, "\t");
    76. 

  76.         return str;
    77. 

  77.     },
    78. 

  78. 

  79.     run_tests: function (sanity_test) {
    80. 

  80.         var t = sanity_test || new SanityTest();
    81. 

  81. 

  82.         t.test_function(JavascriptObfuscator._smart_split, "JavascriptObfuscator._smart_split");
    83. 

  83.         t.expect('', []);
    84. 

  84.         t.expect('"a", "b"', ['"a"', '"b"']);
    85. 

  85.         t.expect('"aaa","bbbb"', ['"aaa"', '"bbbb"']);
    86. 

  86.         t.expect('"a", "b\\\""', ['"a"', '"b\\\""']);
    87. 

  87.         t.test_function(JavascriptObfuscator._unescape, 'JavascriptObfuscator._unescape');
    88. 

  88.         t.expect('\\x40', '@');
    89. 

  89.         t.expect('\\x10', '\\x10');
    90. 

  90.         t.expect('\\x1', '\\x1');
    91. 

  91.         t.expect("\\x61\\x62\\x22\\x63\\x64", 'ab"cd');
    92. 

  92.         t.test_function(JavascriptObfuscator.detect, 'JavascriptObfuscator.detect');
    93. 

  93.         t.expect('', false);
    94. 

  94.         t.expect('abcd', false);
    95. 

  95.         t.expect('var _0xaaaa', false);
    96. 

  96.         t.expect('var _0xaaaa = ["a", "b"]', true);
    97. 

  97.         t.expect('var _0xaaaa=["a", "b"]', true);
    98. 

  98.         t.expect('var _0x1234=["a","b"]', true);
    99. 

  99.         return t;
    100. 

  100.     }
    101. 

  101. 

  102. 

  103. };
    104.