Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
yosoyhendrix
/
AhMyth-Android-RAT
1
0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Branch: master
Branche Tagy
AhMyth-Android-...
/
AhMyth-Server
/
app
/
node_modules
/
js-beautify
/
js
/
lib
/
unpackers
/
myobfuscate_unpacker.js

myobfuscate_unpacker.js 3.0 KB
Permanentný odkaz História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990 
  1. //
    2. 

  2. // simple unpacker/deobfuscator for scripts messed up with myobfuscate.com
    3. 

  3. // You really don't want to obfuscate your scripts there: they're tracking
    4. 

  4. // your unpackings, your script gets turned into something like this,
    5. 

  5. // as of 2011-04-25:
    6. 

  6. /*
    7. 

  7. 

  8.     var _escape = 'your_script_escaped';
    9. 

  9.     var _111 = document.createElement('script');
    10. 

  10.     _111.src = 'http://api.www.myobfuscate.com/?getsrc=ok' +
    11. 

  11.         '&ref=' + encodeURIComponent(document.referrer) +
    12. 

  12.         '&url=' + encodeURIComponent(document.URL);
    13. 

  13.     var 000 = document.getElementsByTagName('head')[0];
    14. 

  14.     000.appendChild(_111);
    15. 

  15.     document.write(unescape(_escape));
    16. 

  16. 

  17. */
    18. 

  18. //
    19. 

  19. // written by Einar Lielmanis <einar@jsbeautifier.org>
    20. 

  20. //
    21. 

  21. // usage:
    22. 

  22. //
    23. 

  23. // if (MyObfuscate.detect(some_string)) {
    24. 

  24. //     var unpacked = MyObfuscate.unpack(some_string);
    25. 

  25. // }
    26. 

  26. //
    27. 

  27. //
    28. 

  28. 

  29. var MyObfuscate = {
    30. 

  30.     detect: function (str) {
    31. 

  31.         if (/^var _?[0O1lI]{3}\=('|\[).*\)\)\);/.test(str)) {
    32. 

  32.             return true;
    33. 

  33.         }
    34. 

  34.         if (/^function _?[0O1lI]{3}\(_/.test(str) && /eval\(/.test(str)) {
    35. 

  35.             return true;
    36. 

  36.         }
    37. 

  37.         return false;
    38. 

  38.     },
    39. 

  39. 

  40.     unpack: function (str) {
    41. 

  41.         if (MyObfuscate.detect(str)) {
    42. 

  42.             var __eval = eval;
    43. 

  43.             try {
    44. 

  44.                 eval = function (unpacked) {
    45. 

  45.                     if (MyObfuscate.starts_with(unpacked, 'var _escape')) {
    46. 

  46.                         // fetch the urlencoded stuff from the script,
    47. 

  47.                         var matches = /'([^']*)'/.exec(unpacked);
    48. 

  48.                         var unescaped = unescape(matches[1]);
    49. 

  49.                         if (MyObfuscate.starts_with(unescaped, '<script>')) {
    50. 

  50.                             unescaped = unescaped.substr(8, unescaped.length - 8);
    51. 

  51.                         }
    52. 

  52.                         if (MyObfuscate.ends_with(unescaped, '</script>')) {
    53. 

  53.                             unescaped = unescaped.substr(0, unescaped.length - 9);
    54. 

  54.                         }
    55. 

  55.                         unpacked = unescaped;
    56. 

  56.                     }
    57. 

  57.                     // throw to terminate the script
    58. 

  58.                     unpacked =  "// Unpacker warning: be careful when using myobfuscate.com for your projects:\n" +
    59. 

  59.                         "// scripts obfuscated by the free online version may call back home.\n" +
    60. 

  60.                         "\n//\n" + unpacked;
    61. 

  61.                     throw unpacked;
    62. 

  62.                 };
    63. 

  63.                 __eval(str); // should throw
    64. 

  64.             } catch (e) {
    65. 

  65.                 // well, it failed. we'll just return the original, instead of crashing on user.
    66. 

  66.                 if (typeof e === "string") {
    67. 

  67.                     str = e;
    68. 

  68.                 }
    69. 

  69.             }
    70. 

  70.             eval = __eval;
    71. 

  71.         }
    72. 

  72.         return str;
    73. 

  73.     },
    74. 

  74. 

  75.     starts_with: function (str, what) {
    76. 

  76.         return str.substr(0, what.length) === what;
    77. 

  77.     },
    78. 

  78. 

  79.     ends_with: function (str, what) {
    80. 

  80.         return str.substr(str.length - what.length, what.length) === what;
    81. 

  81.     },
    82. 

  82. 

  83.     run_tests: function (sanity_test) {
    84. 

  84.         var t = sanity_test || new SanityTest();
    85. 

  85. 

  86.         return t;
    87. 

  87.     }
    88. 

  88. 

  89. 

  90. };
    91.