def _filter(source): """Extracts and decode payload (original file) from `source`""" try: varname = re.search(r'eval\(\w+\(\w+\((\w+)\)\)\);', source).group(1) reverse = re.search(r"var +%s *\= *'(.*)';" % varname, source).group(1) except AttributeError: raise UnpackingError('Malformed MyObfuscate data.') try: return base64.b64decode(reverse[::-1].encode('utf8')).decode('utf8') except TypeError: raise UnpackingError('MyObfuscate payload is not base64-encoded.')
def _filterargs(source): """Juice from a source file the four args needed by decoder.""" juicers = [ (r"}\('(.*)', *(\d+), *(\d+), *'(.*)'\.split\('\|'\), *(\d+), *(.*)\)\)"), (r"}\('(.*)', *(\d+), *(\d+), *'(.*)'\.split\('\|'\)"), ] for juicer in juicers: args = re.search(juicer, source, re.DOTALL) if args: a = args.groups() try: return a[0], a[3].split('|'), int(a[1]), int(a[2]) except ValueError: raise UnpackingError('Corrupted p.a.c.k.e.r. data.') # could not find a satisfying regex raise UnpackingError('Could not make sense of p.a.c.k.e.r data (unexpected code structure)')
def unpack(source): """Unpacks P.A.C.K.E.R. packed js code.""" payload, symtab, radix, count = _filterargs(source) if radix != 62: raise UnpackingError('Unknown p.a.c.k.e.r. encoding.') if count != len(symtab): raise UnpackingError('Malformed p.a.c.k.e.r. symtab.') def lookup(match): """Look up symbols in the synthetic symtab.""" word = match.group(0) return symtab[unbase62(word)] or word source = re.sub(r'\b\w+\b', lookup, payload) return _replacestrings(source)
def _filterargs(source): """Juice from a source file the four args needed by decoder.""" argsregex = (r"}\('(.*)', *(\d+), *(\d+), *'(.*)'\." r"split\('\|'\), *(\d+), *(.*)\)\)") args = re.search(argsregex, source).groups() try: return args[0], args[3].split('|'), int(args[1]), int(args[2]) except ValueError: raise UnpackingError('Corrupted p.a.c.k.e.r. data.')
def unpack(source): """Unpacks P.A.C.K.E.R. packed js code.""" payload, symtab, radix, count = _filterargs(source) if count != len(symtab): raise UnpackingError("Malformed p.a.c.k.e.r. symtab.") try: unbase = Unbaser(radix) except TypeError: raise UnpackingError("Unknown p.a.c.k.e.r. encoding.") def lookup(match): """Look up symbols in the synthetic symtab.""" word = match.group(0) return symtab[unbase(word)] or word source = re.sub(r"\b\w+\b", lookup, payload) return _replacestrings(source)
def unpack(source): """Unpacks P.A.C.K.E.R. packed js code.""" payload, symtab, radix, count = _filterargs(source) if count != len(symtab): raise UnpackingError("Malformed p.a.c.k.e.r. symtab.") try: unbase = Unbaser(radix) except TypeError: raise UnpackingError("Unknown p.a.c.k.e.r. encoding.") def lookup(match): """Look up symbols in the synthetic symtab.""" word = match.group(0) return symtab[unbase(word)] or word payload = payload.replace("\\\\", "\\").replace("\\'", "'") if sys.version_info.major == 2: source = re.sub(r"\b\w+\b", lookup, payload) else: source = re.sub(r"\b\w+\b", lookup, payload, flags=re.ASCII) return _replacestrings(source)