corrade-nucleus-nucleons – Blame information for rev 20
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
20 | office | 1 | // |
2 | // simple unpacker/deobfuscator for scripts messed up with javascriptobfuscator.com |
||
3 | // written by Einar Lielmanis <einar@jsbeautifier.org> |
||
4 | // |
||
5 | // usage: |
||
6 | // |
||
7 | // if (JavascriptObfuscator.detect(some_string)) { |
||
8 | // var unpacked = JavascriptObfuscator.unpack(some_string); |
||
9 | // } |
||
10 | // |
||
11 | // |
||
12 | |||
13 | var JavascriptObfuscator = { |
||
14 | detect: function(str) { |
||
15 | return /^var _0x[a-f0-9]+ ?\= ?\[/.test(str); |
||
16 | }, |
||
17 | |||
18 | unpack: function(str) { |
||
19 | if (JavascriptObfuscator.detect(str)) { |
||
20 | var matches = /var (_0x[a-f\d]+) ?\= ?\[(.*?)\];/.exec(str); |
||
21 | if (matches) { |
||
22 | var var_name = matches[1]; |
||
23 | var strings = JavascriptObfuscator._smart_split(matches[2]); |
||
24 | str = str.substring(matches[0].length); |
||
25 | for (var k in strings) { |
||
26 | str = str.replace(new RegExp(var_name + '\\[' + k + '\\]', 'g'), |
||
27 | JavascriptObfuscator._fix_quotes(JavascriptObfuscator._unescape(strings[k]))); |
||
28 | } |
||
29 | } |
||
30 | } |
||
31 | return str; |
||
32 | }, |
||
33 | |||
34 | _fix_quotes: function(str) { |
||
35 | var matches = /^"(.*)"$/.exec(str); |
||
36 | if (matches) { |
||
37 | str = matches[1]; |
||
38 | str = "'" + str.replace(/'/g, "\\'") + "'"; |
||
39 | } |
||
40 | return str; |
||
41 | }, |
||
42 | |||
43 | _smart_split: function(str) { |
||
44 | var strings = []; |
||
45 | var pos = 0; |
||
46 | while (pos < str.length) { |
||
47 | if (str.charAt(pos) === '"') { |
||
48 | // new word |
||
49 | var word = ''; |
||
50 | pos += 1; |
||
51 | while (pos < str.length) { |
||
52 | if (str.charAt(pos) === '"') { |
||
53 | break; |
||
54 | } |
||
55 | if (str.charAt(pos) === '\\') { |
||
56 | word += '\\'; |
||
57 | pos++; |
||
58 | } |
||
59 | word += str.charAt(pos); |
||
60 | pos++; |
||
61 | } |
||
62 | strings.push('"' + word + '"'); |
||
63 | } |
||
64 | pos += 1; |
||
65 | } |
||
66 | return strings; |
||
67 | }, |
||
68 | |||
69 | |||
70 | _unescape: function(str) { |
||
71 | // inefficient if used repeatedly or on small strings, but wonderful on single large chunk of text |
||
72 | for (var i = 32; i < 128; i++) { |
||
73 | str = str.replace(new RegExp('\\\\x' + i.toString(16), 'ig'), String.fromCharCode(i)); |
||
74 | } |
||
75 | str = str.replace(/\\x09/g, "\t"); |
||
76 | return str; |
||
77 | }, |
||
78 | |||
79 | run_tests: function(sanity_test) { |
||
80 | var t = sanity_test || new SanityTest(); |
||
81 | |||
82 | t.test_function(JavascriptObfuscator._smart_split, "JavascriptObfuscator._smart_split"); |
||
83 | t.expect('', []); |
||
84 | t.expect('"a", "b"', ['"a"', '"b"']); |
||
85 | t.expect('"aaa","bbbb"', ['"aaa"', '"bbbb"']); |
||
86 | t.expect('"a", "b\\\""', ['"a"', '"b\\\""']); |
||
87 | t.test_function(JavascriptObfuscator._unescape, 'JavascriptObfuscator._unescape'); |
||
88 | t.expect('\\x40', '@'); |
||
89 | t.expect('\\x10', '\\x10'); |
||
90 | t.expect('\\x1', '\\x1'); |
||
91 | t.expect("\\x61\\x62\\x22\\x63\\x64", 'ab"cd'); |
||
92 | t.test_function(JavascriptObfuscator.detect, 'JavascriptObfuscator.detect'); |
||
93 | t.expect('', false); |
||
94 | t.expect('abcd', false); |
||
95 | t.expect('var _0xaaaa', false); |
||
96 | t.expect('var _0xaaaa = ["a", "b"]', true); |
||
97 | t.expect('var _0xaaaa=["a", "b"]', true); |
||
98 | t.expect('var _0x1234=["a","b"]', true); |
||
99 | return t; |
||
100 | } |
||
101 | |||
102 | |||
103 | }; |