mirror of
https://github.com/gchq/CyberChef.git
synced 2024-11-02 14:11:02 +01:00
Tidied up 'Microsoft Script Decoder' operation
This commit is contained in:
n1474335
parent
f8e9e9ba85
commit
4a86340d50
@ -66,7 +66,6 @@ const Categories = [
|
|||||||
"Encode text",
|
"Encode text",
|
||||||
"Decode text",
|
"Decode text",
|
||||||
"Swap endianness",
|
"Swap endianness",
|
||||||
"Microsoft Script Decoder",
|
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -283,6 +282,7 @@ const Categories = [
|
|||||||
"XPath expression",
|
"XPath expression",
|
||||||
"JPath expression",
|
"JPath expression",
|
||||||
"CSS selector",
|
"CSS selector",
|
||||||
|
"Microsoft Script Decoder",
|
||||||
"Strip HTML tags",
|
"Strip HTML tags",
|
||||||
"Diff",
|
"Diff",
|
||||||
"To Snake case",
|
"To Snake case",
|
||||||
|
|||||||
@ -3207,7 +3207,7 @@ const OperationConfig = {
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"Microsoft Script Decoder": {
|
"Microsoft Script Decoder": {
|
||||||
description: "Decodes Microsoft Encoded Script files that have been encoded with Microsoft's custom encoding. These are often VBS (Visual Basic Script) files that are encoded and often renamed ".vbe" extention or JS (JScript) files renamed with ".jse" extention.<br><br><b>Sample</b><br><br>Encoded:<br><code>#@~^RQAAAA==-mD~sX|:/TP{~J:+dYbxL~@!F@*@!+@*@!&@*eEI@#@&@#@&.jm.raY 214Wv:zms/obI0xEAAA==^#~@</code><br><br>Decoded:<br><code>MsgBox "Hello"</code>",
|
description: "Decodes Microsoft Encoded Script files that have been encoded with Microsoft's custom encoding. These are often VBS (Visual Basic Script) files that are encoded and renamed with a '.vbe' extention or JS (JScript) files renamed with a '.jse' extention.<br><br><b>Sample</b><br><br>Encoded:<br><code>#@~^RQAAAA==-mD~sX|:/TP{~J:+dYbxL~@!F@*@!+@*@!&@*eEI@#@&@#@&.jm.raY 214Wv:zms/obI0xEAAA==^#~@</code><br><br>Decoded:<br><code>var my_msg = "Testing <1><2><3>!";\n\nVScript.Echo(my_msg);</code>",
|
||||||
run: MS.runDecodeScript,
|
run: MS.runDecodeScript,
|
||||||
inputType: "string",
|
inputType: "string",
|
||||||
outputType: "string",
|
outputType: "string",
|
||||||
|
|||||||
@ -1,8 +1,9 @@
|
|||||||
/**
|
/**
|
||||||
* Decodes Microsoft Encoded Script files that can be read and executed by cscript.exe/wscript.exe.
|
* Microsoft operations.
|
||||||
* This is a conversion of a Python script that was originally created by Didier Stevens (https://DidierStevens.com).
|
|
||||||
*
|
*
|
||||||
* @author bmwhitn [brian.m.whitney@outlook.com]
|
* @author bmwhitn [brian.m.whitney@outlook.com]
|
||||||
|
* @copyright Crown Copyright 2017
|
||||||
|
* @license Apache-2.0
|
||||||
*
|
*
|
||||||
* @namespace
|
* @namespace
|
||||||
*/
|
*/
|
||||||
@ -148,73 +149,16 @@ const MS = {
|
|||||||
* @default
|
* @default
|
||||||
*/
|
*/
|
||||||
D_COMBINATION: [
|
D_COMBINATION: [
|
||||||
0,
|
0, 1, 2, 0, 1, 2, 1, 2, 2, 1, 2, 1, 0, 2, 1, 2, 0, 2, 1, 2, 0, 0, 1, 2, 2, 1, 0, 2, 1, 2, 2, 1,
|
||||||
1,
|
0, 0, 2, 1, 2, 1, 2, 0, 2, 0, 0, 1, 2, 0, 2, 1, 0, 2, 1, 2, 0, 0, 1, 2, 2, 0, 0, 1, 2, 0, 2, 1
|
||||||
2,
|
|
||||||
0,
|
|
||||||
1,
|
|
||||||
2,
|
|
||||||
1,
|
|
||||||
2,
|
|
||||||
2,
|
|
||||||
1,
|
|
||||||
2,
|
|
||||||
1,
|
|
||||||
0,
|
|
||||||
2,
|
|
||||||
1,
|
|
||||||
2,
|
|
||||||
0,
|
|
||||||
2,
|
|
||||||
1,
|
|
||||||
2,
|
|
||||||
0,
|
|
||||||
0,
|
|
||||||
1,
|
|
||||||
2,
|
|
||||||
2,
|
|
||||||
1,
|
|
||||||
0,
|
|
||||||
2,
|
|
||||||
1,
|
|
||||||
2,
|
|
||||||
2,
|
|
||||||
1,
|
|
||||||
0,
|
|
||||||
0,
|
|
||||||
2,
|
|
||||||
1,
|
|
||||||
2,
|
|
||||||
1,
|
|
||||||
2,
|
|
||||||
0,
|
|
||||||
2,
|
|
||||||
0,
|
|
||||||
0,
|
|
||||||
1,
|
|
||||||
2,
|
|
||||||
0,
|
|
||||||
2,
|
|
||||||
1,
|
|
||||||
0,
|
|
||||||
2,
|
|
||||||
1,
|
|
||||||
2,
|
|
||||||
0,
|
|
||||||
0,
|
|
||||||
1,
|
|
||||||
2,
|
|
||||||
2,
|
|
||||||
0,
|
|
||||||
0,
|
|
||||||
1,
|
|
||||||
2,
|
|
||||||
0,
|
|
||||||
2,
|
|
||||||
1
|
|
||||||
],
|
],
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Decodes Microsoft Encoded Script files that can be read and executed by cscript.exe/wscript.exe.
|
||||||
|
* This is a conversion of a Python script that was originally created by Didier Stevens
|
||||||
|
* (https://DidierStevens.com).
|
||||||
|
*
|
||||||
* @private
|
* @private
|
||||||
* @param {string} data
|
* @param {string} data
|
||||||
* @returns {string}
|
* @returns {string}
|
||||||
@ -227,13 +171,18 @@ const MS = {
|
|||||||
.replace(/@\*/g, ">")
|
.replace(/@\*/g, ">")
|
||||||
.replace(/@!/g, "<")
|
.replace(/@!/g, "<")
|
||||||
.replace(/@\$/g, "@");
|
.replace(/@\$/g, "@");
|
||||||
|
|
||||||
for (let i = 0; i < data.length; i++) {
|
for (let i = 0; i < data.length; i++) {
|
||||||
let byte = data.charCodeAt(i);
|
let byte = data.charCodeAt(i);
|
||||||
let char = data.charAt(i);
|
let char = data.charAt(i);
|
||||||
if (byte < 128) {
|
if (byte < 128) {
|
||||||
index++;
|
index++;
|
||||||
}
|
}
|
||||||
if ((byte === 9 || byte > 31 && byte < 128) && byte !== 60 && byte !== 62 && byte !== 64) {
|
|
||||||
|
if ((byte === 9 || byte > 31 && byte < 128) &&
|
||||||
|
byte !== 60 &&
|
||||||
|
byte !== 62 &&
|
||||||
|
byte !== 64) {
|
||||||
char = MS.D_DECODE[byte].charAt(MS.D_COMBINATION[index % 64]);
|
char = MS.D_DECODE[byte].charAt(MS.D_COMBINATION[index % 64]);
|
||||||
}
|
}
|
||||||
result.push(char);
|
result.push(char);
|
||||||
@ -241,8 +190,9 @@ const MS = {
|
|||||||
return result.join("");
|
return result.join("");
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Microsoft Script Decoder operation
|
* Microsoft Script Decoder operation.
|
||||||
*
|
*
|
||||||
* @param {string} input
|
* @param {string} input
|
||||||
* @param {Object[]} args
|
* @param {Object[]} args
|
||||||
@ -256,7 +206,8 @@ const MS = {
|
|||||||
} else {
|
} else {
|
||||||
return "";
|
return "";
|
||||||
}
|
}
|
||||||
},
|
}
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
export default MS;
|
export default MS;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user