def run(self, doc: MSDocument) -> None: LOG.debug('Generating document variable name.') formatter = EncryptStringsFmtr() doc.code = highlight(doc.code, VbNetLexer(), formatter) document_var = get_random_string(16) code_prefix, code_suffix = split_var_declaration_from_code(doc.code) # Merge the codes: we must keep the global variables declarations on top. doc.code = code_prefix + VBA_BASE64_FUNCTION[0] + VBA_XOR_FUNCTION[0] + \ code_suffix + VBA_BASE64_FUNCTION[1] + VBA_XOR_FUNCTION[1].format(document_var) b64 = base64.b64encode(bytes(formatter.crypt_key)).decode() MAX_LENGTH = 512 printable_b64 = [ b64[i:i + MAX_LENGTH] for i in range(0, len(b64), MAX_LENGTH) ] printable_b64 = '" & _\n"'.join(printable_b64) LOG.info('''Paste this in your VBA editor to add the Document Variable: ActiveDocument.Variables.Add Name:="{}", Value:="{}"'''.format( document_var, printable_b64)) doc.code = '"Use this line to add the document variable to you file and then remove these comments."\n' + \ 'ActiveDocument.Variables.Add Name:="{}", Value:="{}"\n'.format(document_var, printable_b64) + doc.code doc.doc_var[document_var] = b64
def run(self, doc: MSDocument) -> None: LOG.debug('Generating document variable name.') formatter = _EncryptStrings() doc.code = highlight(doc.code, VbNetLexer(), formatter) document_var = get_random_string(16) doc.code = VBA_BASE64_FUNCTION + VBA_XOR_FUNCTION.format( document_var) + doc.code b64 = base64.b64encode(bytes(formatter.crypt_key)).decode() LOG.info('''Paste this in your VBA editor to add the Document Variable: ActiveDocument.Variables.Add Name:="{}", Value:="{}"'''.format( document_var, b64))
def run(self, doc: MSDocument) -> None: code = doc.code code = code.split("\n") code = map(_split_line_if_necessary, code) code = "\n".join(code) doc.code = code
def main(): configure_logging() LOG.info("VBA obfuscator - Thomas LEROY & Nicolas BONNET") parser = argparse.ArgumentParser(description='Obfuscate a VBA file.') parser.add_argument('input_file', type=str, action='store', help='path of the file to obfuscate') parser.add_argument( '--output_file', type=str, action='store', help='output file (if no file is supplied, stdout will be used)') args = parser.parse_args() try: doc = MSDocument(args.input_file) except OSError as e: raise BadPathError("Could not open input file") from e LOG.info("Loaded the code.") Pipe(doc).run( SplitStrings(), CryptStrings(), RandomizeNames(), ReplaceIntegersWithAddition(), ReplaceIntegersWithXor(), StripComments(), RemoveEmptyLines(), ) LOG.info("Obfuscated the code.") if args.output_file: try: with open(args.output_file, "w") as f: f.write(doc.code) except OSError as e: raise BadPathError("Could not open output file") from e LOG.info("Wrote to file.") else: sys.stdout.write(doc.code)
def run(self, doc: MSDocument) -> None: doc.code = re.sub(r'(?:(\s*)\n)+', '\n', doc.code)
def run(self, doc: MSDocument) -> None: doc.code = highlight(doc.code, VbNetLexer(), _AdditionFormatter())
from obfuscator.modifier.misc import RemoveEmptyLines from obfuscator.modifier.numbers import ObfuscateIntegers from obfuscator.modifier.strings import CryptStrings, SplitStrings from obfuscator.modifier.functions_vars import RandomizeNames from obfuscator.msdocument import MSDocument VBA_PATH = "example_macro/download_payload.vba" if __name__ == "__main__": configure_logging() LOG = logging.getLogger(__name__) LOG.info("VBA obfuscator - Thomas LEROY & Nicolas BONNET") LOG.info("Loading the document...") doc = MSDocument(VBA_PATH) LOG.info("Obfuscating the code...") Pipe(doc).run( SplitStrings(), CryptStrings(), RandomizeNames(), StripComments(), RemoveEmptyLines(), ObfuscateIntegers(), ) LOG.info("Done!") print(doc.code) with open("output.vba", "w") as f: f.write(doc.code)
def run(self, doc: MSDocument) -> None: doc.code = highlight(doc.code, VbNetLexer(), _ConvertNumbersFormatter())
def run(self, doc: MSDocument) -> None: doc.code = highlight(doc.code, VbNetLexer(), _StripCommentsFormatter())
def run(self, doc: MSDocument) -> None: doc.code = highlight(doc.code, VbNetLexer(), _SplitStrings())
def run(self, doc: MSDocument) -> None: doc.code = re.sub(r'^\s*', '', doc.code, flags=re.MULTILINE)