def analyse(js, tree):
"""
Main function called from pdfrankenstein. Analyzes javascript in order to deobfuscate the code.
:param js: String of code to analyze
:param tree: Tree xml object to use as reference for objects called from the code.
:return: String of deobfuscated code
"""
if not PyV8:
return ''
with PyV8.JSIsolate():
context = PyV8.JSContext()
context.enter()
context.eval('evalCode = \'\';')
context.eval(
'evalOverride = function (expression) { evalCode += expression; return;}'
)
context.eval('eval=evalOverride')
try:
if tree is not None:
create_objs(context, tree)
ret = eval_loop(js, context)
context.leave()
if ret == None:
return ''
else:
return ret
except Exception as e:
context.leave()
# return 'Error with analyzing JS: ' + e.message
return ''
def run(self):
with PyV8.JSIsolate():
with PyV8.JSContext() as context:
with open(self.sjcljs) as fh:
sjcl = fh.read()
context.eval(sjcl)
resp = context.eval('sjcl.decrypt("%s", \'%s\')' % \
(self.password, self.message))
self.result = resp
del context
def run(self):
with PyV8.JSIsolate():
with PyV8.JSContext() as context:
with open(self.sjcljs) as fh:
sjcl = fh.read()
context.eval(sjcl)
resp = context.eval('sjcl.encrypt("%s", "%s");' %
(self.password, self.message))
self.result = JSONDecoder().decode(resp)
del context
