diff --git a/src/core/config/Categories.js b/src/core/config/Categories.js
index 80b2b3a7..401f6e4f 100755
--- a/src/core/config/Categories.js
+++ b/src/core/config/Categories.js
@@ -66,7 +66,7 @@ const Categories = [
"Encode text",
"Decode text",
"Swap endianness",
- "Micrsoft Script Decoder",
+ "Microsoft Script Decoder",
]
},
{
diff --git a/src/core/config/OperationConfig.js b/src/core/config/OperationConfig.js
index 08a6310f..1410f485 100755
--- a/src/core/config/OperationConfig.js
+++ b/src/core/config/OperationConfig.js
@@ -521,6 +521,7 @@ const OperationConfig = {
}
]
},
+
"To Charcode": {
description: "Converts text to its unicode character code equivalent.
e.g. Γειά σου
becomes 0393 03b5 03b9 03ac 20 03c3 03bf 03c5
",
run: ByteRepr.runToCharcode,
@@ -3205,8 +3206,8 @@ const OperationConfig = {
}
]
},
- "Micrsoft Script Decoder": {
- description: "Decodes Microsoft Encoded Script files that have been encoded with Microsoft's custom encoding.",
+ "Microsoft Script Decoder": {
+ description: "Decodes Microsoft Encoded Script files that have been encoded with Microsoft's custom encoding. These are often VBS (Visual Basic Script) files that are encoded and often renamed ".vbe" extention or JS (JScript) files renamed with ".jse" extention.",
run: MS.runDecodeScript,
inputType: "string",
outputType: "string",
diff --git a/src/core/operations/MS.js b/src/core/operations/MS.js
index 853f1a42..b382c234 100644
--- a/src/core/operations/MS.js
+++ b/src/core/operations/MS.js
@@ -1,5 +1,5 @@
/**
- * Decodes Microsft Encoded Script files that can be read and executed by cscript.exe/wscript.exe.
+ * Decodes Microsoft Encoded Script files that can be read and executed by cscript.exe/wscript.exe.
* This is a conversion of a Python script that was originally created by Didier Stevens (https://DidierStevens.com).
*
* @author bmwhitn [brian.m.whitney@outlook.com]
@@ -215,17 +215,18 @@ const MS = {
],
/**
+ * @private
* @param {string} data
* @returns {string}
*/
- decode: function (data) {
+ _decode: function (data) {
let result = [];
let index = -1;
- data = data.replace(/@&/g, String.fromCharCode(10));
- data = data.replace(/@#/g, String.fromCharCode(13));
- data = data.replace(/@\*/g, ">");
- data = data.replace(/@!/g, "<");
- data = data.replace(/@\$/g, "@");
+ data = data.replace(/@&/g, String.fromCharCode(10))
+ .replace(/@#/g, String.fromCharCode(13))
+ .replace(/@\*/g, ">")
+ .replace(/@!/g, "<")
+ .replace(/@\$/g, "@");
for (let i = 0; i < data.length; i++) {
let byte = data.charCodeAt(i);
let char = data.charAt(i);
@@ -241,15 +242,17 @@ const MS = {
},
/**
+ * Microsoft Script Decoder operation
+ *
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
runDecodeScript: function (input, args) {
- let matcher = /#@~\^......==(.+)......==\^#~@/;
+ let matcher = /#@~\^.{6}==(.+).{6}==\^#~@/;
let encodedData = matcher.exec(input);
if (encodedData){
- return MS.decode(encodedData[1]);
+ return MS._decode(encodedData[1]);
} else {
return "";
}
diff --git a/test/tests/operations/MS.js b/test/tests/operations/MS.js
index 184e4bd1..acf0f085 100644
--- a/test/tests/operations/MS.js
+++ b/test/tests/operations/MS.js
@@ -1,7 +1,7 @@
/**
- * CharEnc tests.
+ * MS tests.
*
- * @author tlwr [toby@toby.codes]
+ * @author bwhitn [brian.m.whitney@outlook.com]
* @copyright Crown Copyright 2017
* @license Apache-2.0
*/
@@ -9,12 +9,12 @@ import TestRegister from "../../TestRegister.js";
TestRegister.addTests([
{
- name: "Micrsoft Script Decoder",
- input: "##@~^DgAAAA==\\ko$K6,JCV^GJqAQAAA==^#~@",
- expectedOutput: "MsgBox \"Hello\"",
+ name: "Microsoft Script Decoder",
+ input: "#@~^RQAAAA==-mD~sX|:/TP{~J:+dYbxL~@!F@*@!+@*@!&@*eEI@#@&@#@&\x7fjm.raY 214Wv:zms/obI0xEAAA==^#~@",
+ expectedOutput: "var my_msg = \"Testing <1><2><3>!\";\r\n\r\nWScript.Echo(my_msg);",
recipeConfig: [
{
- "op": "Micrsoft Script Decoder",
+ "op": "Microsoft Script Decoder",
"args": []
},
],