/script-kiddie/002_script_kiddie/script-kiddie/bower_components/js-beautify/python/jsbeautifier/unpackers/__init__.py |
@@ -0,0 +1,67 @@ |
# |
# General code for JSBeautifier unpackers infrastructure. See README.specs |
# written by Stefano Sanfilippo <a.little.coder@gmail.com> |
# |
|
"""General code for JSBeautifier unpackers infrastructure.""" |
|
import pkgutil |
import re |
from jsbeautifier.unpackers import evalbased |
|
# NOTE: AT THE MOMENT, IT IS DEACTIVATED FOR YOUR SECURITY: it runs js! |
BLACKLIST = ['jsbeautifier.unpackers.evalbased'] |
|
class UnpackingError(Exception): |
"""Badly packed source or general error. Argument is a |
meaningful description.""" |
pass |
|
def getunpackers(): |
"""Scans the unpackers dir, finds unpackers and add them to UNPACKERS list. |
An unpacker will be loaded only if it is a valid python module (name must |
adhere to naming conventions) and it is not blacklisted (i.e. inserted |
into BLACKLIST.""" |
path = __path__ |
prefix = __name__ + '.' |
unpackers = [] |
interface = ['unpack', 'detect', 'PRIORITY'] |
for _importer, modname, _ispkg in pkgutil.iter_modules(path, prefix): |
if 'tests' not in modname and modname not in BLACKLIST: |
try: |
module = __import__(modname, fromlist=interface) |
except ImportError: |
raise UnpackingError('Bad unpacker: %s' % modname) |
else: |
unpackers.append(module) |
|
return sorted(unpackers, key = lambda mod: mod.PRIORITY) |
|
UNPACKERS = getunpackers() |
|
def run(source, evalcode=False): |
"""Runs the applicable unpackers and return unpacked source as a string.""" |
for unpacker in [mod for mod in UNPACKERS if mod.detect(source)]: |
source = unpacker.unpack(source) |
if evalcode and evalbased.detect(source): |
source = evalbased.unpack(source) |
return source |
|
def filtercomments(source): |
"""NOT USED: strips trailing comments and put them at the top.""" |
trailing_comments = [] |
comment = True |
|
while comment: |
if re.search(r'^\s*\/\*', source): |
comment = source[0, source.index('*/') + 2] |
elif re.search(r'^\s*\/\/', source): |
comment = re.search(r'^\s*\/\/', source).group(0) |
else: |
comment = None |
|
if comment: |
source = re.sub(r'^\s+', '', source[len(comment):]) |
trailing_comments.append(comment) |
|
return '\n'.join(trailing_comments) + source |
/script-kiddie/002_script_kiddie/script-kiddie/bower_components/js-beautify/python/jsbeautifier/unpackers/evalbased.py |
@@ -0,0 +1,39 @@ |
# |
# Unpacker for eval() based packers, a part of javascript beautifier |
# by Einar Lielmanis <einar@jsbeautifier.org> |
# |
# written by Stefano Sanfilippo <a.little.coder@gmail.com> |
# |
# usage: |
# |
# if detect(some_string): |
# unpacked = unpack(some_string) |
# |
|
"""Unpacker for eval() based packers: runs JS code and returns result. |
Works only if a JS interpreter (e.g. Mozilla's Rhino) is installed and |
properly set up on host.""" |
|
from subprocess import PIPE, Popen |
|
PRIORITY = 3 |
|
def detect(source): |
"""Detects if source is likely to be eval() packed.""" |
return source.strip().lower().startswith('eval(function(') |
|
def unpack(source): |
"""Runs source and return resulting code.""" |
return jseval('print %s;' % source[4:]) if detect(source) else source |
|
# In case of failure, we'll just return the original, without crashing on user. |
def jseval(script): |
"""Run code in the JS interpreter and return output.""" |
try: |
interpreter = Popen(['js'], stdin=PIPE, stdout=PIPE) |
except OSError: |
return script |
result, errors = interpreter.communicate(script) |
if interpreter.poll() or errors: |
return script |
return result |
/script-kiddie/002_script_kiddie/script-kiddie/bower_components/js-beautify/python/jsbeautifier/unpackers/javascriptobfuscator.py |
@@ -0,0 +1,58 @@ |
# |
# simple unpacker/deobfuscator for scripts messed up with |
# javascriptobfuscator.com |
# |
# written by Einar Lielmanis <einar@jsbeautifier.org> |
# rewritten in Python by Stefano Sanfilippo <a.little.coder@gmail.com> |
# |
# Will always return valid javascript: if `detect()` is false, `code` is |
# returned, unmodified. |
# |
# usage: |
# |
# if javascriptobfuscator.detect(some_string): |
# some_string = javascriptobfuscator.unpack(some_string) |
# |
|
"""deobfuscator for scripts messed up with JavascriptObfuscator.com""" |
|
import re |
|
PRIORITY = 1 |
|
def smartsplit(code): |
"""Split `code` at " symbol, only if it is not escaped.""" |
strings = [] |
pos = 0 |
while pos < len(code): |
if code[pos] == '"': |
word = '' # new word |
pos += 1 |
while pos < len(code): |
if code[pos] == '"': |
break |
if code[pos] == '\\': |
word += '\\' |
pos += 1 |
word += code[pos] |
pos += 1 |
strings.append('"%s"' % word) |
pos += 1 |
return strings |
|
def detect(code): |
"""Detects if `code` is JavascriptObfuscator.com packed.""" |
# prefer `is not` idiom, so that a true boolean is returned |
return (re.search(r'^var _0x[a-f0-9]+ ?\= ?\[', code) is not None) |
|
def unpack(code): |
"""Unpacks JavascriptObfuscator.com packed code.""" |
if detect(code): |
matches = re.search(r'var (_0x[a-f\d]+) ?\= ?\[(.*?)\];', code) |
if matches: |
variable = matches.group(1) |
dictionary = smartsplit(matches.group(2)) |
code = code[len(matches.group(0)):] |
for key, value in enumerate(dictionary): |
code = code.replace(r'%s[%s]' % (variable, key), value) |
return code |
/script-kiddie/002_script_kiddie/script-kiddie/bower_components/js-beautify/python/jsbeautifier/unpackers/myobfuscate.py |
@@ -0,0 +1,86 @@ |
# |
# deobfuscator for scripts messed up with myobfuscate.com |
# by Einar Lielmanis <einar@jsbeautifier.org> |
# |
# written by Stefano Sanfilippo <a.little.coder@gmail.com> |
# |
# usage: |
# |
# if detect(some_string): |
# unpacked = unpack(some_string) |
# |
|
# CAVEAT by Einar Lielmanis |
|
# |
# You really don't want to obfuscate your scripts there: they're tracking |
# your unpackings, your script gets turned into something like this, |
# as of 2011-08-26: |
# |
# var _escape = 'your_script_escaped'; |
# var _111 = document.createElement('script'); |
# _111.src = 'http://api.www.myobfuscate.com/?getsrc=ok' + |
# '&ref=' + encodeURIComponent(document.referrer) + |
# '&url=' + encodeURIComponent(document.URL); |
# var 000 = document.getElementsByTagName('head')[0]; |
# 000.appendChild(_111); |
# document.write(unescape(_escape)); |
# |
|
"""Deobfuscator for scripts messed up with MyObfuscate.com""" |
|
import re |
import base64 |
|
# Python 2 retrocompatibility |
# pylint: disable=F0401 |
# pylint: disable=E0611 |
try: |
from urllib import unquote |
except ImportError: |
from urllib.parse import unquote |
|
from jsbeautifier.unpackers import UnpackingError |
|
PRIORITY = 1 |
|
CAVEAT = """// |
// Unpacker warning: be careful when using myobfuscate.com for your projects: |
// scripts obfuscated by the free online version call back home. |
// |
|
""" |
|
SIGNATURE = (r'["\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4A\x4B\x4C\x4D\x4E\x4F' |
r'\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5A\x61\x62\x63\x64\x65' |
r'\x66\x67\x68\x69\x6A\x6B\x6C\x6D\x6E\x6F\x70\x71\x72\x73\x74\x75' |
r'\x76\x77\x78\x79\x7A\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x2B' |
r'\x2F\x3D","","\x63\x68\x61\x72\x41\x74","\x69\x6E\x64\x65\x78' |
r'\x4F\x66","\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65","' |
r'\x6C\x65\x6E\x67\x74\x68"]') |
|
def detect(source): |
"""Detects MyObfuscate.com packer.""" |
return SIGNATURE in source |
|
def unpack(source): |
"""Unpacks js code packed with MyObfuscate.com""" |
if not detect(source): |
return source |
payload = unquote(_filter(source)) |
match = re.search(r"^var _escape\='<script>(.*)<\/script>'", |
payload, re.DOTALL) |
polished = match.group(1) if match else source |
return CAVEAT + polished |
|
def _filter(source): |
"""Extracts and decode payload (original file) from `source`""" |
try: |
varname = re.search(r'eval\(\w+\(\w+\((\w+)\)\)\);', source).group(1) |
reverse = re.search(r"var +%s *\= *'(.*)';" % varname, source).group(1) |
except AttributeError: |
raise UnpackingError('Malformed MyObfuscate data.') |
try: |
return base64.b64decode(reverse[::-1].encode('utf8')).decode('utf8') |
except TypeError: |
raise UnpackingError('MyObfuscate payload is not base64-encoded.') |
/script-kiddie/002_script_kiddie/script-kiddie/bower_components/js-beautify/python/jsbeautifier/unpackers/packer.py |
@@ -0,0 +1,114 @@ |
# |
# Unpacker for Dean Edward's p.a.c.k.e.r, a part of javascript beautifier |
# by Einar Lielmanis <einar@jsbeautifier.org> |
# |
# written by Stefano Sanfilippo <a.little.coder@gmail.com> |
# |
# usage: |
# |
# if detect(some_string): |
# unpacked = unpack(some_string) |
# |
|
"""Unpacker for Dean Edward's p.a.c.k.e.r""" |
|
import re |
import string |
from jsbeautifier.unpackers import UnpackingError |
|
PRIORITY = 1 |
|
def detect(source): |
"""Detects whether `source` is P.A.C.K.E.R. coded.""" |
return source.replace(' ', '').startswith('eval(function(p,a,c,k,e,') |
|
def unpack(source): |
"""Unpacks P.A.C.K.E.R. packed js code.""" |
payload, symtab, radix, count = _filterargs(source) |
|
if count != len(symtab): |
raise UnpackingError('Malformed p.a.c.k.e.r. symtab.') |
|
try: |
unbase = Unbaser(radix) |
except TypeError: |
raise UnpackingError('Unknown p.a.c.k.e.r. encoding.') |
|
def lookup(match): |
"""Look up symbols in the synthetic symtab.""" |
word = match.group(0) |
return symtab[unbase(word)] or word |
|
source = re.sub(r'\b\w+\b', lookup, payload) |
return _replacestrings(source) |
|
def _filterargs(source): |
"""Juice from a source file the four args needed by decoder.""" |
juicers = [ (r"}\('(.*)', *(\d+), *(\d+), *'(.*)'\.split\('\|'\), *(\d+), *(.*)\)\)"), |
(r"}\('(.*)', *(\d+), *(\d+), *'(.*)'\.split\('\|'\)"), |
] |
for juicer in juicers: |
args = re.search(juicer, source, re.DOTALL) |
if args: |
a = args.groups() |
try: |
return a[0], a[3].split('|'), int(a[1]), int(a[2]) |
except ValueError: |
raise UnpackingError('Corrupted p.a.c.k.e.r. data.') |
|
# could not find a satisfying regex |
raise UnpackingError('Could not make sense of p.a.c.k.e.r data (unexpected code structure)') |
|
|
|
def _replacestrings(source): |
"""Strip string lookup table (list) and replace values in source.""" |
match = re.search(r'var *(_\w+)\=\["(.*?)"\];', source, re.DOTALL) |
|
if match: |
varname, strings = match.groups() |
startpoint = len(match.group(0)) |
lookup = strings.split('","') |
variable = '%s[%%d]' % varname |
for index, value in enumerate(lookup): |
source = source.replace(variable % index, '"%s"' % value) |
return source[startpoint:] |
return source |
|
|
class Unbaser(object): |
"""Functor for a given base. Will efficiently convert |
strings to natural numbers.""" |
ALPHABET = { |
53 : '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQ', |
59 : '0123456789abcdefghijklmnopqrstuvwABCDEFGHIJKLMNOPQRSTUVWXYZ', |
62 : '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', |
95 : (' !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ' |
'[\]^_`abcdefghijklmnopqrstuvwxyz{|}~') |
} |
|
def __init__(self, base): |
self.base = base |
|
# If base can be handled by int() builtin, let it do it for us |
if 2 <= base <= 36: |
self.unbase = lambda string: int(string, base) |
else: |
# Build conversion dictionary cache |
try: |
self.dictionary = dict((cipher, index) for |
index, cipher in enumerate(self.ALPHABET[base])) |
except KeyError: |
raise TypeError('Unsupported base encoding.') |
|
self.unbase = self._dictunbaser |
|
def __call__(self, string): |
return self.unbase(string) |
|
def _dictunbaser(self, string): |
"""Decodes a value to an integer.""" |
ret = 0 |
for index, cipher in enumerate(string[::-1]): |
ret += (self.base ** index) * self.dictionary[cipher] |
return ret |
/script-kiddie/002_script_kiddie/script-kiddie/bower_components/js-beautify/python/jsbeautifier/unpackers/tests/test-myobfuscate-output.js |
@@ -0,0 +1,65 @@ |
// |
// Unpacker warning: be careful when using myobfuscate.com for your projects: |
// scripts obfuscated by the free online version call back home. |
// |
|
// |
// Unpacker for Dean Edward's p.a.c.k.e.r, a part of javascript beautifier |
// written by Einar Lielmanis <einar@jsbeautifier.org> |
// |
// Coincidentally, it can defeat a couple of other eval-based compressors. |
// |
// usage: |
// |
// if (P_A_C_K_E_R.detect(some_string)) { |
// var unpacked = P_A_C_K_E_R.unpack(some_string); |
// } |
// |
// |
|
var P_A_C_K_E_R = { |
detect: function (str) { |
return P_A_C_K_E_R._starts_with(str.toLowerCase().replace(/ +/g, ''), 'eval(function(') || |
P_A_C_K_E_R._starts_with(str.toLowerCase().replace(/ +/g, ''), 'eval((function(') ; |
}, |
|
unpack: function (str) { |
var unpacked_source = ''; |
if (P_A_C_K_E_R.detect(str)) { |
try { |
eval('unpacked_source = ' + str.substring(4) + ';') |
if (typeof unpacked_source == 'string' && unpacked_source) { |
str = unpacked_source; |
} |
} catch (error) { |
// well, it failed. we'll just return the original, instead of crashing on user. |
} |
} |
return str; |
}, |
|
_starts_with: function (str, what) { |
return str.substr(0, what.length) === what; |
}, |
|
run_tests: function (sanity_test) { |
var t = sanity_test || new SanityTest(); |
t.test_function(P_A_C_K_E_R.detect, "P_A_C_K_E_R.detect"); |
t.expect('', false); |
t.expect('var a = b', false); |
t.expect('eval(function(p,a,c,k,e,r', true); |
t.expect('eval ( function(p, a, c, k, e, r', true); |
|
t.test_function(P_A_C_K_E_R.unpack, 'P_A_C_K_E_R.unpack'); |
t.expect("eval(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String)){while(c--)r[c]=k[c]||c;k=[function(e){return r[e]}];e=function(){return'\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\\b'+e(c)+'\\\\b','g'),k[c]);return p}('0 2=1',3,3,'var||a'.split('|'),0,{}))", |
'var a=1'); |
|
var starts_with_a = function(what) { return P_A_C_K_E_R._starts_with(what, 'a'); } |
t.test_function(starts_with_a, "P_A_C_K_E_R._starts_with(?, a)"); |
t.expect('abc', true); |
t.expect('bcd', false); |
t.expect('a', true); |
t.expect('', false); |
return t; |
} |
} |
/script-kiddie/002_script_kiddie/script-kiddie/bower_components/js-beautify/python/jsbeautifier/unpackers/tests/test-packer-62-input.js |
@@ -0,0 +1 @@ |
eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('9 H=(j["Y"]["n"]("1h")!=-1)?s:v;9 I=(j["Y"]["w"]()["n"]("1i")!=-1)?s:v;9 J=(j["K"]["n"]("1j")!=-1)?s:v;p Z(){9 a;9 b;9 c;y{b=o z("l.l.7");a=b.P("$Q")}A(c){};i(!a){y{b=o z("l.l.6");a="R 6,0,21,0";b["1k"]="1l";a=b.P("$Q")}A(c){}};i(!a){y{b=o z("l.l.3");a=b.P("$Q")}A(c){}};i(!a){y{b=o z("l.l.3");a="R 3,0,18,0"}A(c){}};i(!a){y{b=o z("l.l");a="R 2,0,0,11"}A(c){a=-1}};m a};p 10(){9 a=-1;i(j["t"]!=12&&j["t"]["13"]>0){i(j["t"]["L M 2.0"]||j["t"]["L M"]){9 b=j["t"]["L M 2.0"]?" 2.0":"";9 c=j["t"]["L M"+b]["1m"];9 d=c["B"](" ");9 e=d[2]["B"](".");9 f=e[0];9 g=e[1];9 h=d[3];i(h==""){h=d[4]};i(h[0]=="d"){h=h["S"](1)}k{i(h[0]=="r"){h=h["S"](1);i(h["n"]("d")>0){h=h["S"](0,h["n"]("d"))}}};9 a=f+"."+g+"."+h}}k{i(j["K"]["w"]()["n"]("T/2.6")!=-1){a=4}k{i(j["K"]["w"]()["n"]("T/2.5")!=-1){a=3}k{i(j["K"]["w"]()["n"]("T")!=-1){a=2}k{i(H&&I&&!J){a=Z()}}}}};m a};p 1n(a,b,c){C=10();i(C==-1){m v}k{i(C!=0){i(H&&I&&!J){14=C["B"](" ");15=14[1];D=15["B"](",")}k{D=C["B"](".")};9 d=D[0];9 e=D[1];9 f=D[2];i(d>E(a)){m s}k{i(d==E(a)){i(e>E(b)){m s}k{i(e==E(b)){i(f>=E(c)){m s}}}}};m v}}};p 16(a,b){i(a["n"]("?")!=-1){m a["1o"](/\\?/,b+"?")}k{m a+b}};p U(a,b,c){9 d="";i(H&&I&&!J){d+="<17 ";N(9 e V a){d+=e+"=""+a[e]+"" "};d+=">";N(9 e V b){d+="<1p 19=""+e+"" 1q=""+b[e]+"" /> "};d+="</17>"}k{d+="<1a ";N(9 e V c){d+=e+"=""+c[e]+"" "};d+="> </1a>"};1r["1s"](d)};p 1t(){9 a=W(1b,".1u","1c","1d:1v-1w-1x-1y-1e","1z/x-1A-1B");U(a["u"],a["F"],a["q"])};p 1C(){9 a=W(1b,".1D","X","1d:1E-1F-1G-1H-1e",12);U(a["u"],a["F"],a["q"])};p W(a,b,c,d,e){9 f=o O();f["q"]=o O();f["F"]=o O();f["u"]=o O();N(9 g=0;g<a["13"];g=g+2){9 h=a[g]["w"]();1I(h){8"1f":G;8"1J":f["q"][a[g]]=a[g+1];G;8"X":;8"1c":a[g+1]=16(a[g+1],b);f["q"]["X"]=a[g+1];f["F"][c]=a[g+1];G;8"1K":;8"1L":;8"1M":;8"1N":;8"1O":;8"1P":;8"1Q":;8"1R":;8"1S":;8"1T":;8"1U":;8"1V":;8"1W":;8"1X":;8"1Y":;8"1Z":;8"20":;8"22":;8"23":;8"24":;8"25":;8"26":;8"27":;8"28":;8"29":;8"2a":;8"2b":;8"2c":;8"2d":;8"2e":;8"2f":;8"2g":;8"2h":;8"2i":;8"2j":;8"2k":;8"2l":;8"1g":;8"2m":;8"2n":f["u"][a[g]]=a[g+1];G;8"2o":;8"2p":;8"2q":;8"2r":;8"2s":;8"2t":;8"2u":;8"2v":;8"19":;8"2w":f["q"][a[g]]=f["u"][a[g]]=a[g+1];G;2x:f["q"][a[g]]=f["F"][a[g]]=a[g+1]}};f["u"]["1f"]=d;i(e){f["q"]["1g"]=e};m f};',62,158,'||||||||case|var|||||||||if|navigator|else|ShockwaveFlash|return|indexOf|new|function|embedAttrs||true|plugins|objAttrs|false|toLowerCase||try|ActiveXObject|catch|split|versionStr|versionArray|parseFloat|params|break|isIE|isWin|isOpera|userAgent|Shockwave|Flash|for|Object|GetVariable|version|WIN|substring|webtv|AC_Generateobj|in|AC_GetArgs|src|appVersion|ControlVersion|GetSwfVer||null|length|tempArray|tempString|AC_AddExtension|object||name|embed|arguments|movie|clsid|444553540000|classid|type|MSIE|win|Opera|AllowScriptAccess|always|description|DetectFlashVer|replace|param|value|document|write|AC_FL_RunContent|swf|d27cdb6e|ae6d|11cf|96b8|application|shockwave|flash|AC_SW_RunContent|dcr|166B1BCA|3F9C|11CF|8075|switch|pluginspage|onafterupdate|onbeforeupdate|onblur|oncellchange|onclick|ondblclick|ondrag|ondragend|ondragenter|ondragleave|ondragover|ondrop|onfinish|onfocus|onhelp|onmousedown|onmouseup||onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup|onload|onlosecapture|onpropertychange|onreadystatechange|onrowsdelete|onrowenter|onrowexit|onrowsinserted|onstart|onscroll|onbeforeeditfocus|onactivate|onbeforedeactivate|ondeactivate|codebase|id|width|height|align|vspace|hspace|class|title|accesskey|tabindex|default'.split('|'),0,{})) |
/script-kiddie/002_script_kiddie/script-kiddie/bower_components/js-beautify/python/jsbeautifier/unpackers/tests/test-packer-non62-input.js |
@@ -0,0 +1 @@ |
var isIE=(navigator["appVersion"]["indexOf"]("MSIE")!=-1)?true:false;var isWin=(navigator["appVersion"]["toLowerCase"]()["indexOf"]("win")!=-1)?true:false;var isOpera=(navigator["userAgent"]["indexOf"]("Opera")!=-1)?true:false;function ControlVersion(){var a;var b;var c;try{b=new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7");a=b.GetVariable("$version")}catch(c){};if(!a){try{b=new ActiveXObject("ShockwaveFlash.ShockwaveFlash.6");a="WIN 6,0,21,0";b["AllowScriptAccess"]="always";a=b.GetVariable("$version")}catch(c){}};if(!a){try{b=new ActiveXObject("ShockwaveFlash.ShockwaveFlash.3");a=b.GetVariable("$version")}catch(c){}};if(!a){try{b=new ActiveXObject("ShockwaveFlash.ShockwaveFlash.3");a="WIN 3,0,18,0"}catch(c){}};if(!a){try{b=new ActiveXObject("ShockwaveFlash.ShockwaveFlash");a="WIN 2,0,0,11"}catch(c){a=-1}};return a};function GetSwfVer(){var a=-1;if(navigator["plugins"]!=null&&navigator["plugins"]["length"]>0){if(navigator["plugins"]["Shockwave Flash 2.0"]||navigator["plugins"]["Shockwave Flash"]){var b=navigator["plugins"]["Shockwave Flash 2.0"]?" 2.0":"";var c=navigator["plugins"]["Shockwave Flash"+b]["description"];var d=c["split"](" ");var e=d[2]["split"](".");var f=e[0];var g=e[1];var h=d[3];if(h==""){h=d[4]};if(h[0]=="d"){h=h["substring"](1)}else{if(h[0]=="r"){h=h["substring"](1);if(h["indexOf"]("d")>0){h=h["substring"](0,h["indexOf"]("d"))}}};var a=f+"."+g+"."+h}}else{if(navigator["userAgent"]["toLowerCase"]()["indexOf"]("webtv/2.6")!=-1){a=4}else{if(navigator["userAgent"]["toLowerCase"]()["indexOf"]("webtv/2.5")!=-1){a=3}else{if(navigator["userAgent"]["toLowerCase"]()["indexOf"]("webtv")!=-1){a=2}else{if(isIE&&isWin&&!isOpera){a=ControlVersion()}}}}};return a};function DetectFlashVer(a,b,c){versionStr=GetSwfVer();if(versionStr==-1){return false}else{if(versionStr!=0){if(isIE&&isWin&&!isOpera){tempArray=versionStr["split"](" ");tempString=tempArray[1];versionArray=tempString["split"](",")}else{versionArray=versionStr["split"](".")};var d=versionArray[0];var e=versionArray[1];var f=versionArray[2];if(d>parseFloat(a)){return true}else{if(d==parseFloat(a)){if(e>parseFloat(b)){return true}else{if(e==parseFloat(b)){if(f>=parseFloat(c)){return true}}}}};return false}}};function AC_AddExtension(a,b){if(a["indexOf"]("?")!=-1){return a["replace"](/\?/,b+"?")}else{return a+b}};function AC_Generateobj(a,b,c){var d="";if(isIE&&isWin&&!isOpera){d+="<object ";for(var e in a){d+=e+"=""+a[e]+"" "};d+=">";for(var e in b){d+="<param name=""+e+"" value=""+b[e]+"" /> "};d+="</object>"}else{d+="<embed ";for(var e in c){d+=e+"=""+c[e]+"" "};d+="> </embed>"};document["write"](d)};function AC_FL_RunContent(){var a=AC_GetArgs(arguments,".swf","movie","clsid:d27cdb6e-ae6d-11cf-96b8-444553540000","application/x-shockwave-flash");AC_Generateobj(a["objAttrs"],a["params"],a["embedAttrs"])};function AC_SW_RunContent(){var a=AC_GetArgs(arguments,".dcr","src","clsid:166B1BCA-3F9C-11CF-8075-444553540000",null);AC_Generateobj(a["objAttrs"],a["params"],a["embedAttrs"])};function AC_GetArgs(a,b,c,d,e){var f=new Object();f["embedAttrs"]=new Object();f["params"]=new Object();f["objAttrs"]=new Object();for(var g=0;g<a["length"];g=g+2){var h=a[g]["toLowerCase"]();switch(h){case"classid":break;case"pluginspage":f["embedAttrs"][a[g]]=a[g+1];break;case"src":;case"movie":a[g+1]=AC_AddExtension(a[g+1],b);f["embedAttrs"]["src"]=a[g+1];f["params"][c]=a[g+1];break;case"onafterupdate":;case"onbeforeupdate":;case"onblur":;case"oncellchange":;case"onclick":;case"ondblclick":;case"ondrag":;case"ondragend":;case"ondragenter":;case"ondragleave":;case"ondragover":;case"ondrop":;case"onfinish":;case"onfocus":;case"onhelp":;case"onmousedown":;case"onmouseup":;case"onmouseover":;case"onmousemove":;case"onmouseout":;case"onkeypress":;case"onkeydown":;case"onkeyup":;case"onload":;case"onlosecapture":;case"onpropertychange":;case"onreadystatechange":;case"onrowsdelete":;case"onrowenter":;case"onrowexit":;case"onrowsinserted":;case"onstart":;case"onscroll":;case"onbeforeeditfocus":;case"onactivate":;case"onbeforedeactivate":;case"ondeactivate":;case"type":;case"codebase":;case"id":f["objAttrs"][a[g]]=a[g+1];break;case"width":;case"height":;case"align":;case"vspace":;case"hspace":;case"class":;case"title":;case"accesskey":;case"name":;case"tabindex":f["embedAttrs"][a[g]]=f["objAttrs"][a[g]]=a[g+1];break;default:f["embedAttrs"][a[g]]=f["params"][a[g]]=a[g+1]}};f["objAttrs"]["classid"]=d;if(e){f["embedAttrs"]["type"]=e};return f}; |
/script-kiddie/002_script_kiddie/script-kiddie/bower_components/js-beautify/python/jsbeautifier/unpackers/tests/testjavascriptobfuscator.py |
@@ -0,0 +1,46 @@ |
# |
# written by Stefano Sanfilippo <a.little.coder@gmail.com> |
# |
|
"""Tests for JavaScriptObfuscator unpacker.""" |
|
import unittest |
from jsbeautifier.unpackers.javascriptobfuscator import ( |
unpack, detect, smartsplit) |
|
# pylint: disable=R0904 |
class TestJavascriptObfuscator(unittest.TestCase): |
"""JavascriptObfuscator.com test case.""" |
def test_smartsplit(self): |
"""Test smartsplit() function.""" |
split = smartsplit |
equals = lambda data, result: self.assertEqual(split(data), result) |
|
equals('', []) |
equals('"a", "b"', ['"a"', '"b"']) |
equals('"aaa","bbbb"', ['"aaa"', '"bbbb"']) |
equals('"a", "b\\\""', ['"a"', '"b\\\""']) |
|
def test_detect(self): |
"""Test detect() function.""" |
positive = lambda source: self.assertTrue(detect(source)) |
negative = lambda source: self.assertFalse(detect(source)) |
|
negative('') |
negative('abcd') |
negative('var _0xaaaa') |
positive('var _0xaaaa = ["a", "b"]') |
positive('var _0xaaaa=["a", "b"]') |
positive('var _0x1234=["a","b"]') |
|
def test_unpack(self): |
"""Test unpack() function.""" |
decodeto = lambda ob, original: self.assertEqual(unpack(ob), original) |
|
decodeto('var _0x8df3=[];var a=10;', 'var a=10;') |
decodeto('var _0xb2a7=["\x74\x27\x65\x73\x74"];var i;for(i=0;i<10;++i)' |
'{alert(_0xb2a7[0]);} ;', 'var i;for(i=0;i<10;++i){alert' |
'("t\'est");} ;') |
|
if __name__ == '__main__': |
unittest.main() |
/script-kiddie/002_script_kiddie/script-kiddie/bower_components/js-beautify/python/jsbeautifier/unpackers/tests/testmyobfuscate.py |
@@ -0,0 +1,40 @@ |
# |
# written by Stefano Sanfilippo <a.little.coder@gmail.com> |
# |
|
"""Tests for MyObfuscate unpacker.""" |
|
import unittest |
import os |
from jsbeautifier.unpackers.myobfuscate import detect, unpack |
from jsbeautifier.unpackers.tests import __path__ as path |
|
INPUT = os.path.join(path[0], 'test-myobfuscate-input.js') |
OUTPUT = os.path.join(path[0], 'test-myobfuscate-output.js') |
|
# pylint: disable=R0904 |
class TestMyObfuscate(unittest.TestCase): |
# pylint: disable=C0103 |
"""MyObfuscate obfuscator testcase.""" |
@classmethod |
def setUpClass(cls): |
"""Load source files (encoded and decoded version) for tests.""" |
with open(INPUT, 'r') as data: |
cls.input = data.read() |
with open(OUTPUT, 'r') as data: |
cls.output = data.read() |
|
def test_detect(self): |
"""Test detect() function.""" |
detected = lambda source: self.assertTrue(detect(source)) |
|
detected(self.input) |
|
def test_unpack(self): |
"""Test unpack() function.""" |
check = lambda inp, out: self.assertEqual(unpack(inp), out) |
|
check(self.input, self.output) |
|
if __name__ == '__main__': |
unittest.main() |
/script-kiddie/002_script_kiddie/script-kiddie/bower_components/js-beautify/python/jsbeautifier/unpackers/tests/testpacker.py |
@@ -0,0 +1,34 @@ |
# |
# written by Stefano Sanfilippo <a.little.coder@gmail.com> |
# |
|
"""Tests for P.A.C.K.E.R. unpacker.""" |
|
import unittest |
from jsbeautifier.unpackers.packer import detect, unpack |
|
# pylint: disable=R0904 |
class TestPacker(unittest.TestCase): |
"""P.A.C.K.E.R. testcase.""" |
def test_detect(self): |
"""Test detect() function.""" |
positive = lambda source: self.assertTrue(detect(source)) |
negative = lambda source: self.assertFalse(detect(source)) |
|
negative('') |
negative('var a = b') |
positive('eval(function(p,a,c,k,e,r') |
positive('eval ( function(p, a, c, k, e, r') |
|
def test_unpack(self): |
"""Test unpack() function.""" |
check = lambda inp, out: self.assertEqual(unpack(inp), out) |
|
check("eval(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String)" |
"){while(c--)r[c]=k[c]||c;k=[function(e){return r[e]}];e=" |
"function(){return'\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(" |
"new RegExp('\\\\b'+e(c)+'\\\\b','g'),k[c]);return p}('0 2=1'," |
"62,3,'var||a'.split('|'),0,{}))", 'var a=1') |
|
if __name__ == '__main__': |
unittest.main() |