diff --git a/src/core/config/Categories.js b/src/core/config/Categories.js
index 401f6e4f..07664f87 100755
--- a/src/core/config/Categories.js
+++ b/src/core/config/Categories.js
@@ -66,7 +66,6 @@ const Categories = [
"Encode text",
"Decode text",
"Swap endianness",
- "Microsoft Script Decoder",
]
},
{
@@ -283,6 +282,7 @@ const Categories = [
"XPath expression",
"JPath expression",
"CSS selector",
+ "Microsoft Script Decoder",
"Strip HTML tags",
"Diff",
"To Snake case",
diff --git a/src/core/config/OperationConfig.js b/src/core/config/OperationConfig.js
index d309147a..e4210db2 100755
--- a/src/core/config/OperationConfig.js
+++ b/src/core/config/OperationConfig.js
@@ -3207,7 +3207,7 @@ const OperationConfig = {
]
},
"Microsoft Script Decoder": {
- description: "Decodes Microsoft Encoded Script files that have been encoded with Microsoft's custom encoding. These are often VBS (Visual Basic Script) files that are encoded and often renamed ".vbe" extention or JS (JScript) files renamed with ".jse" extention.
Sample
Encoded:
#@~^RQAAAA==-mD~sX|:/TP{~J:+dYbxL~@!F@*@!+@*@!&@*eEI@#@&@#@&.jm.raY 214Wv:zms/obI0xEAAA==^#~@
Decoded:
MsgBox "Hello"",
+ description: "Decodes Microsoft Encoded Script files that have been encoded with Microsoft's custom encoding. These are often VBS (Visual Basic Script) files that are encoded and renamed with a '.vbe' extention or JS (JScript) files renamed with a '.jse' extention.
Sample
Encoded:
#@~^RQAAAA==-mD~sX|:/TP{~J:+dYbxL~@!F@*@!+@*@!&@*eEI@#@&@#@&.jm.raY 214Wv:zms/obI0xEAAA==^#~@
Decoded:
var my_msg = "Testing <1><2><3>!";\n\nVScript.Echo(my_msg);",
run: MS.runDecodeScript,
inputType: "string",
outputType: "string",
diff --git a/src/core/operations/MS.js b/src/core/operations/MS.js
index b382c234..d0f6149a 100644
--- a/src/core/operations/MS.js
+++ b/src/core/operations/MS.js
@@ -1,8 +1,9 @@
/**
- * Decodes Microsoft Encoded Script files that can be read and executed by cscript.exe/wscript.exe.
- * This is a conversion of a Python script that was originally created by Didier Stevens (https://DidierStevens.com).
+ * Microsoft operations.
*
* @author bmwhitn [brian.m.whitney@outlook.com]
+ * @copyright Crown Copyright 2017
+ * @license Apache-2.0
*
* @namespace
*/
@@ -148,73 +149,16 @@ const MS = {
* @default
*/
D_COMBINATION: [
- 0,
- 1,
- 2,
- 0,
- 1,
- 2,
- 1,
- 2,
- 2,
- 1,
- 2,
- 1,
- 0,
- 2,
- 1,
- 2,
- 0,
- 2,
- 1,
- 2,
- 0,
- 0,
- 1,
- 2,
- 2,
- 1,
- 0,
- 2,
- 1,
- 2,
- 2,
- 1,
- 0,
- 0,
- 2,
- 1,
- 2,
- 1,
- 2,
- 0,
- 2,
- 0,
- 0,
- 1,
- 2,
- 0,
- 2,
- 1,
- 0,
- 2,
- 1,
- 2,
- 0,
- 0,
- 1,
- 2,
- 2,
- 0,
- 0,
- 1,
- 2,
- 0,
- 2,
- 1
+ 0, 1, 2, 0, 1, 2, 1, 2, 2, 1, 2, 1, 0, 2, 1, 2, 0, 2, 1, 2, 0, 0, 1, 2, 2, 1, 0, 2, 1, 2, 2, 1,
+ 0, 0, 2, 1, 2, 1, 2, 0, 2, 0, 0, 1, 2, 0, 2, 1, 0, 2, 1, 2, 0, 0, 1, 2, 2, 0, 0, 1, 2, 0, 2, 1
],
+
/**
+ * Decodes Microsoft Encoded Script files that can be read and executed by cscript.exe/wscript.exe.
+ * This is a conversion of a Python script that was originally created by Didier Stevens
+ * (https://DidierStevens.com).
+ *
* @private
* @param {string} data
* @returns {string}
@@ -227,13 +171,18 @@ const MS = {
.replace(/@\*/g, ">")
.replace(/@!/g, "<")
.replace(/@\$/g, "@");
+
for (let i = 0; i < data.length; i++) {
let byte = data.charCodeAt(i);
let char = data.charAt(i);
if (byte < 128) {
index++;
}
- if ((byte === 9 || byte > 31 && byte < 128) && byte !== 60 && byte !== 62 && byte !== 64) {
+
+ if ((byte === 9 || byte > 31 && byte < 128) &&
+ byte !== 60 &&
+ byte !== 62 &&
+ byte !== 64) {
char = MS.D_DECODE[byte].charAt(MS.D_COMBINATION[index % 64]);
}
result.push(char);
@@ -241,8 +190,9 @@ const MS = {
return result.join("");
},
+
/**
- * Microsoft Script Decoder operation
+ * Microsoft Script Decoder operation.
*
* @param {string} input
* @param {Object[]} args
@@ -256,7 +206,8 @@ const MS = {
} else {
return "";
}
- },
+ }
+
};
export default MS;