Mirror/CyberChef
1
0
Fork 0
mirror of https://github.com/gchq/CyberChef.git synced 2024-11-02 06:01:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Tidied up 'Microsoft Script Decoder' operation

Browse Source
This commit is contained in:
n1474335 2017-08-30 15:56:51 +00:00
parent f8e9e9ba85
commit 4a86340d50
3 changed files with 22 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/core/config/Categories.js
View File

@ -66,7 +66,6 @@ const Categories = [
"Encode text",
"Decode text",
"Swap endianness",
"Microsoft Script Decoder",
]
},
{
@ -283,6 +282,7 @@ const Categories = [
"XPath expression",
"JPath expression",
"CSS selector",
"Microsoft Script Decoder",
"Strip HTML tags",
"Diff",
"To Snake case",

2
src/core/config/OperationConfig.js
View File

@ -3207,7 +3207,7 @@ const OperationConfig = {
]
},
"Microsoft Script Decoder": {
description: "Decodes Microsoft Encoded Script files that have been encoded with Microsoft's custom encoding. These are often VBS (Visual Basic Script) files that are encoded and often renamed &#34;.vbe&#34; extention or JS (JScript) files renamed with &#34;.jse&#34; extention.<br><br><b>Sample</b><br><br>Encoded:<br><code>#@~^RQAAAA==-mD~sX|:/TP{~J:+dYbxL~@!F@*@!+@*@!&amp;@*eEI@#@&amp;@#@&amp;.jm.raY 214Wv:zms/obI0xEAAA==^#~@</code><br><br>Decoded:<br><code>MsgBox &#34;Hello&#34;</code>",
description: "Decodes Microsoft Encoded Script files that have been encoded with Microsoft's custom encoding. These are often VBS (Visual Basic Script) files that are encoded and renamed with a '.vbe' extention or JS (JScript) files renamed with a '.jse' extention.<br><br><b>Sample</b><br><br>Encoded:<br><code>#@~^RQAAAA==-mD~sX|:/TP{~J:+dYbxL~@!F@*@!+@*@!&amp;@*eEI@#@&amp;@#@&amp;.jm.raY 214Wv:zms/obI0xEAAA==^#~@</code><br><br>Decoded:<br><code>var my_msg = &#34;Testing <1><2><3>!&#34;;\n\nVScript.Echo(my_msg);</code>",
run: MS.runDecodeScript,
inputType: "string",
outputType: "string",

89
src/core/operations/MS.js
View File

@ -1,8 +1,9 @@
/**
* Decodes Microsoft Encoded Script files that can be read and executed by cscript.exe/wscript.exe.
* This is a conversion of a Python script that was originally created by Didier Stevens (https://DidierStevens.com).
* Microsoft operations.
*
* @author bmwhitn [brian.m.whitney@outlook.com]
* @copyright Crown Copyright 2017
* @license Apache-2.0
*
* @namespace
*/
@ -148,73 +149,16 @@ const MS = {
* @default
*/
D_COMBINATION: [
0,
1,
2,
0,
1,
2,
1,
2,
2,
1,
2,
1,
0,
2,
1,
2,
0,
2,
1,
2,
0,
0,
1,
2,
2,
1,
0,
2,
1,
2,
2,
1,
0,
0,
2,
1,
2,
1,
2,
0,
2,
0,
0,
1,
2,
0,
2,
1,
0,
2,
1,
2,
0,
0,
1,
2,
2,
0,
0,
1,
2,
0,
2,
1
0, 1, 2, 0, 1, 2, 1, 2, 2, 1, 2, 1, 0, 2, 1, 2, 0, 2, 1, 2, 0, 0, 1, 2, 2, 1, 0, 2, 1, 2, 2, 1,
0, 0, 2, 1, 2, 1, 2, 0, 2, 0, 0, 1, 2, 0, 2, 1, 0, 2, 1, 2, 0, 0, 1, 2, 2, 0, 0, 1, 2, 0, 2, 1
],
/**
* Decodes Microsoft Encoded Script files that can be read and executed by cscript.exe/wscript.exe.
* This is a conversion of a Python script that was originally created by Didier Stevens
* (https://DidierStevens.com).
*
* @private
* @param {string} data
* @returns {string}
@ -227,13 +171,18 @@ const MS = {
.replace(/@\*/g, ">")
.replace(/@!/g, "<")
.replace(/@\$/g, "@");
for (let i = 0; i < data.length; i++) {
let byte = data.charCodeAt(i);
let char = data.charAt(i);
if (byte < 128) {
index++;
}
if ((byte === 9 || byte > 31 && byte < 128) && byte !== 60 && byte !== 62 && byte !== 64) {
if ((byte === 9 || byte > 31 && byte < 128) &&
byte !== 60 &&
byte !== 62 &&
byte !== 64) {
char = MS.D_DECODE[byte].charAt(MS.D_COMBINATION[index % 64]);
}
result.push(char);
@ -241,8 +190,9 @@ const MS = {
return result.join("");
},
/**
* Microsoft Script Decoder operation
* Microsoft Script Decoder operation.
*
* @param {string} input
* @param {Object[]} args
@ -256,7 +206,8 @@ const MS = {
} else {
return "";
}
},
}
};
export default MS;