diff --git a/src/core/config/Categories.js b/src/core/config/Categories.js
index 270c1e1e..07664f87 100755
--- a/src/core/config/Categories.js
+++ b/src/core/config/Categories.js
@@ -282,6 +282,7 @@ const Categories = [
"XPath expression",
"JPath expression",
"CSS selector",
+ "Microsoft Script Decoder",
"Strip HTML tags",
"Diff",
"To Snake case",
diff --git a/src/core/config/OperationConfig.js b/src/core/config/OperationConfig.js
index 40571293..e4210db2 100755
--- a/src/core/config/OperationConfig.js
+++ b/src/core/config/OperationConfig.js
@@ -25,6 +25,7 @@ import IP from "../operations/IP.js";
import JS from "../operations/JS.js";
import MAC from "../operations/MAC.js";
import MorseCode from "../operations/MorseCode.js";
+import MS from "../operations/MS.js";
import NetBIOS from "../operations/NetBIOS.js";
import Numberwang from "../operations/Numberwang.js";
import OS from "../operations/OS.js";
@@ -520,6 +521,7 @@ const OperationConfig = {
}
]
},
+
"To Charcode": {
description: "Converts text to its unicode character code equivalent.
e.g. Γειά σου becomes 0393 03b5 03b9 03ac 20 03c3 03bf 03c5",
run: ByteRepr.runToCharcode,
@@ -3204,6 +3206,13 @@ const OperationConfig = {
}
]
},
+ "Microsoft Script Decoder": {
+ description: "Decodes Microsoft Encoded Script files that have been encoded with Microsoft's custom encoding. These are often VBS (Visual Basic Script) files that are encoded and renamed with a '.vbe' extention or JS (JScript) files renamed with a '.jse' extention.
Sample
Encoded:
#@~^RQAAAA==-mD~sX|:/TP{~J:+dYbxL~@!F@*@!+@*@!&@*eEI@#@&@#@&.jm.raY 214Wv:zms/obI0xEAAA==^#~@
Decoded:
var my_msg = "Testing <1><2><3>!";\n\nVScript.Echo(my_msg);",
+ run: MS.runDecodeScript,
+ inputType: "string",
+ outputType: "string",
+ args: []
+ },
"Syntax highlighter": {
description: "Adds syntax highlighting to a range of source code languages. Note that this will not indent the code. Use one of the 'Beautify' operations for that.",
run: Code.runSyntaxHighlight,
diff --git a/src/core/operations/MS.js b/src/core/operations/MS.js
new file mode 100644
index 00000000..d0f6149a
--- /dev/null
+++ b/src/core/operations/MS.js
@@ -0,0 +1,213 @@
+/**
+ * Microsoft operations.
+ *
+ * @author bmwhitn [brian.m.whitney@outlook.com]
+ * @copyright Crown Copyright 2017
+ * @license Apache-2.0
+ *
+ * @namespace
+ */
+const MS = {
+
+ /**
+ * @constant
+ * @default
+ */
+ D_DECODE: [
+ "",
+ "",
+ "",
+ "",
+ "",
+ "",
+ "",
+ "",
+ "",
+ "\x57\x6E\x7B",
+ "\x4A\x4C\x41",
+ "\x0B\x0B\x0B",
+ "\x0C\x0C\x0C",
+ "\x4A\x4C\x41",
+ "\x0E\x0E\x0E",
+ "\x0F\x0F\x0F",
+ "\x10\x10\x10",
+ "\x11\x11\x11",
+ "\x12\x12\x12",
+ "\x13\x13\x13",
+ "\x14\x14\x14",
+ "\x15\x15\x15",
+ "\x16\x16\x16",
+ "\x17\x17\x17",
+ "\x18\x18\x18",
+ "\x19\x19\x19",
+ "\x1A\x1A\x1A",
+ "\x1B\x1B\x1B",
+ "\x1C\x1C\x1C",
+ "\x1D\x1D\x1D",
+ "\x1E\x1E\x1E",
+ "\x1F\x1F\x1F",
+ "\x2E\x2D\x32",
+ "\x47\x75\x30",
+ "\x7A\x52\x21",
+ "\x56\x60\x29",
+ "\x42\x71\x5B",
+ "\x6A\x5E\x38",
+ "\x2F\x49\x33",
+ "\x26\x5C\x3D",
+ "\x49\x62\x58",
+ "\x41\x7D\x3A",
+ "\x34\x29\x35",
+ "\x32\x36\x65",
+ "\x5B\x20\x39",
+ "\x76\x7C\x5C",
+ "\x72\x7A\x56",
+ "\x43\x7F\x73",
+ "\x38\x6B\x66",
+ "\x39\x63\x4E",
+ "\x70\x33\x45",
+ "\x45\x2B\x6B",
+ "\x68\x68\x62",
+ "\x71\x51\x59",
+ "\x4F\x66\x78",
+ "\x09\x76\x5E",
+ "\x62\x31\x7D",
+ "\x44\x64\x4A",
+ "\x23\x54\x6D",
+ "\x75\x43\x71",
+ "\x4A\x4C\x41",
+ "\x7E\x3A\x60",
+ "\x4A\x4C\x41",
+ "\x5E\x7E\x53",
+ "\x40\x4C\x40",
+ "\x77\x45\x42",
+ "\x4A\x2C\x27",
+ "\x61\x2A\x48",
+ "\x5D\x74\x72",
+ "\x22\x27\x75",
+ "\x4B\x37\x31",
+ "\x6F\x44\x37",
+ "\x4E\x79\x4D",
+ "\x3B\x59\x52",
+ "\x4C\x2F\x22",
+ "\x50\x6F\x54",
+ "\x67\x26\x6A",
+ "\x2A\x72\x47",
+ "\x7D\x6A\x64",
+ "\x74\x39\x2D",
+ "\x54\x7B\x20",
+ "\x2B\x3F\x7F",
+ "\x2D\x38\x2E",
+ "\x2C\x77\x4C",
+ "\x30\x67\x5D",
+ "\x6E\x53\x7E",
+ "\x6B\x47\x6C",
+ "\x66\x34\x6F",
+ "\x35\x78\x79",
+ "\x25\x5D\x74",
+ "\x21\x30\x43",
+ "\x64\x23\x26",
+ "\x4D\x5A\x76",
+ "\x52\x5B\x25",
+ "\x63\x6C\x24",
+ "\x3F\x48\x2B",
+ "\x7B\x55\x28",
+ "\x78\x70\x23",
+ "\x29\x69\x41",
+ "\x28\x2E\x34",
+ "\x73\x4C\x09",
+ "\x59\x21\x2A",
+ "\x33\x24\x44",
+ "\x7F\x4E\x3F",
+ "\x6D\x50\x77",
+ "\x55\x09\x3B",
+ "\x53\x56\x55",
+ "\x7C\x73\x69",
+ "\x3A\x35\x61",
+ "\x5F\x61\x63",
+ "\x65\x4B\x50",
+ "\x46\x58\x67",
+ "\x58\x3B\x51",
+ "\x31\x57\x49",
+ "\x69\x22\x4F",
+ "\x6C\x6D\x46",
+ "\x5A\x4D\x68",
+ "\x48\x25\x7C",
+ "\x27\x28\x36",
+ "\x5C\x46\x70",
+ "\x3D\x4A\x6E",
+ "\x24\x32\x7A",
+ "\x79\x41\x2F",
+ "\x37\x3D\x5F",
+ "\x60\x5F\x4B",
+ "\x51\x4F\x5A",
+ "\x20\x42\x2C",
+ "\x36\x65\x57"
+ ],
+
+ /**
+ * @constant
+ * @default
+ */
+ D_COMBINATION: [
+ 0, 1, 2, 0, 1, 2, 1, 2, 2, 1, 2, 1, 0, 2, 1, 2, 0, 2, 1, 2, 0, 0, 1, 2, 2, 1, 0, 2, 1, 2, 2, 1,
+ 0, 0, 2, 1, 2, 1, 2, 0, 2, 0, 0, 1, 2, 0, 2, 1, 0, 2, 1, 2, 0, 0, 1, 2, 2, 0, 0, 1, 2, 0, 2, 1
+ ],
+
+
+ /**
+ * Decodes Microsoft Encoded Script files that can be read and executed by cscript.exe/wscript.exe.
+ * This is a conversion of a Python script that was originally created by Didier Stevens
+ * (https://DidierStevens.com).
+ *
+ * @private
+ * @param {string} data
+ * @returns {string}
+ */
+ _decode: function (data) {
+ let result = [];
+ let index = -1;
+ data = data.replace(/@&/g, String.fromCharCode(10))
+ .replace(/@#/g, String.fromCharCode(13))
+ .replace(/@\*/g, ">")
+ .replace(/@!/g, "<")
+ .replace(/@\$/g, "@");
+
+ for (let i = 0; i < data.length; i++) {
+ let byte = data.charCodeAt(i);
+ let char = data.charAt(i);
+ if (byte < 128) {
+ index++;
+ }
+
+ if ((byte === 9 || byte > 31 && byte < 128) &&
+ byte !== 60 &&
+ byte !== 62 &&
+ byte !== 64) {
+ char = MS.D_DECODE[byte].charAt(MS.D_COMBINATION[index % 64]);
+ }
+ result.push(char);
+ }
+ return result.join("");
+ },
+
+
+ /**
+ * Microsoft Script Decoder operation.
+ *
+ * @param {string} input
+ * @param {Object[]} args
+ * @returns {string}
+ */
+ runDecodeScript: function (input, args) {
+ let matcher = /#@~\^.{6}==(.+).{6}==\^#~@/;
+ let encodedData = matcher.exec(input);
+ if (encodedData){
+ return MS._decode(encodedData[1]);
+ } else {
+ return "";
+ }
+ }
+
+};
+
+export default MS;
diff --git a/test/index.js b/test/index.js
index 25059465..91c0410e 100644
--- a/test/index.js
+++ b/test/index.js
@@ -22,9 +22,11 @@ import "./tests/operations/DateTime.js";
import "./tests/operations/FlowControl.js";
import "./tests/operations/Image.js";
import "./tests/operations/MorseCode.js";
+import "./tests/operations/MS.js";
import "./tests/operations/StrUtils.js";
import "./tests/operations/SeqUtils.js";
+
let allTestsPassing = true;
const testStatusCounts = {
total: 0,
diff --git a/test/tests/operations/MS.js b/test/tests/operations/MS.js
new file mode 100644
index 00000000..acf0f085
--- /dev/null
+++ b/test/tests/operations/MS.js
@@ -0,0 +1,22 @@
+/**
+ * MS tests.
+ *
+ * @author bwhitn [brian.m.whitney@outlook.com]
+ * @copyright Crown Copyright 2017
+ * @license Apache-2.0
+ */
+import TestRegister from "../../TestRegister.js";
+
+TestRegister.addTests([
+ {
+ name: "Microsoft Script Decoder",
+ input: "#@~^RQAAAA==-mD~sX|:/TP{~J:+dYbxL~@!F@*@!+@*@!&@*eEI@#@&@#@&\x7fjm.raY 214Wv:zms/obI0xEAAA==^#~@",
+ expectedOutput: "var my_msg = \"Testing <1><2><3>!\";\r\n\r\nWScript.Echo(my_msg);",
+ recipeConfig: [
+ {
+ "op": "Microsoft Script Decoder",
+ "args": []
+ },
+ ],
+ },
+]);