corrade-nucleus-nucleons – Blame information for rev 20
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 20 | office | 1 | // |
| 2 | // simple unpacker/deobfuscator for scripts messed up with javascriptobfuscator.com |
||
| 3 | // written by Einar Lielmanis <einar@jsbeautifier.org> |
||
| 4 | // |
||
| 5 | // usage: |
||
| 6 | // |
||
| 7 | // if (JavascriptObfuscator.detect(some_string)) { |
||
| 8 | // var unpacked = JavascriptObfuscator.unpack(some_string); |
||
| 9 | // } |
||
| 10 | // |
||
| 11 | // |
||
| 12 | |||
| 13 | var JavascriptObfuscator = { |
||
| 14 | detect: function(str) { |
||
| 15 | return /^var _0x[a-f0-9]+ ?\= ?\[/.test(str); |
||
| 16 | }, |
||
| 17 | |||
| 18 | unpack: function(str) { |
||
| 19 | if (JavascriptObfuscator.detect(str)) { |
||
| 20 | var matches = /var (_0x[a-f\d]+) ?\= ?\[(.*?)\];/.exec(str); |
||
| 21 | if (matches) { |
||
| 22 | var var_name = matches[1]; |
||
| 23 | var strings = JavascriptObfuscator._smart_split(matches[2]); |
||
| 24 | str = str.substring(matches[0].length); |
||
| 25 | for (var k in strings) { |
||
| 26 | str = str.replace(new RegExp(var_name + '\\[' + k + '\\]', 'g'), |
||
| 27 | JavascriptObfuscator._fix_quotes(JavascriptObfuscator._unescape(strings[k]))); |
||
| 28 | } |
||
| 29 | } |
||
| 30 | } |
||
| 31 | return str; |
||
| 32 | }, |
||
| 33 | |||
| 34 | _fix_quotes: function(str) { |
||
| 35 | var matches = /^"(.*)"$/.exec(str); |
||
| 36 | if (matches) { |
||
| 37 | str = matches[1]; |
||
| 38 | str = "'" + str.replace(/'/g, "\\'") + "'"; |
||
| 39 | } |
||
| 40 | return str; |
||
| 41 | }, |
||
| 42 | |||
| 43 | _smart_split: function(str) { |
||
| 44 | var strings = []; |
||
| 45 | var pos = 0; |
||
| 46 | while (pos < str.length) { |
||
| 47 | if (str.charAt(pos) === '"') { |
||
| 48 | // new word |
||
| 49 | var word = ''; |
||
| 50 | pos += 1; |
||
| 51 | while (pos < str.length) { |
||
| 52 | if (str.charAt(pos) === '"') { |
||
| 53 | break; |
||
| 54 | } |
||
| 55 | if (str.charAt(pos) === '\\') { |
||
| 56 | word += '\\'; |
||
| 57 | pos++; |
||
| 58 | } |
||
| 59 | word += str.charAt(pos); |
||
| 60 | pos++; |
||
| 61 | } |
||
| 62 | strings.push('"' + word + '"'); |
||
| 63 | } |
||
| 64 | pos += 1; |
||
| 65 | } |
||
| 66 | return strings; |
||
| 67 | }, |
||
| 68 | |||
| 69 | |||
| 70 | _unescape: function(str) { |
||
| 71 | // inefficient if used repeatedly or on small strings, but wonderful on single large chunk of text |
||
| 72 | for (var i = 32; i < 128; i++) { |
||
| 73 | str = str.replace(new RegExp('\\\\x' + i.toString(16), 'ig'), String.fromCharCode(i)); |
||
| 74 | } |
||
| 75 | str = str.replace(/\\x09/g, "\t"); |
||
| 76 | return str; |
||
| 77 | }, |
||
| 78 | |||
| 79 | run_tests: function(sanity_test) { |
||
| 80 | var t = sanity_test || new SanityTest(); |
||
| 81 | |||
| 82 | t.test_function(JavascriptObfuscator._smart_split, "JavascriptObfuscator._smart_split"); |
||
| 83 | t.expect('', []); |
||
| 84 | t.expect('"a", "b"', ['"a"', '"b"']); |
||
| 85 | t.expect('"aaa","bbbb"', ['"aaa"', '"bbbb"']); |
||
| 86 | t.expect('"a", "b\\\""', ['"a"', '"b\\\""']); |
||
| 87 | t.test_function(JavascriptObfuscator._unescape, 'JavascriptObfuscator._unescape'); |
||
| 88 | t.expect('\\x40', '@'); |
||
| 89 | t.expect('\\x10', '\\x10'); |
||
| 90 | t.expect('\\x1', '\\x1'); |
||
| 91 | t.expect("\\x61\\x62\\x22\\x63\\x64", 'ab"cd'); |
||
| 92 | t.test_function(JavascriptObfuscator.detect, 'JavascriptObfuscator.detect'); |
||
| 93 | t.expect('', false); |
||
| 94 | t.expect('abcd', false); |
||
| 95 | t.expect('var _0xaaaa', false); |
||
| 96 | t.expect('var _0xaaaa = ["a", "b"]', true); |
||
| 97 | t.expect('var _0xaaaa=["a", "b"]', true); |
||
| 98 | t.expect('var _0x1234=["a","b"]', true); |
||
| 99 | return t; |
||
| 100 | } |
||
| 101 | |||
| 102 | |||
| 103 | }; |