예제 #1
0
    def run(self, doc: MSDocument) -> None:
        LOG.debug('Generating document variable name.')

        formatter = EncryptStringsFmtr()
        doc.code = highlight(doc.code, VbNetLexer(), formatter)

        document_var = get_random_string(16)

        code_prefix, code_suffix = split_var_declaration_from_code(doc.code)

        # Merge the codes: we must keep the global variables declarations on top.
        doc.code = code_prefix + VBA_BASE64_FUNCTION[0] + VBA_XOR_FUNCTION[0] + \
                   code_suffix + VBA_BASE64_FUNCTION[1] + VBA_XOR_FUNCTION[1].format(document_var)

        b64 = base64.b64encode(bytes(formatter.crypt_key)).decode()
        MAX_LENGTH = 512
        printable_b64 = [
            b64[i:i + MAX_LENGTH] for i in range(0, len(b64), MAX_LENGTH)
        ]
        printable_b64 = '" & _\n"'.join(printable_b64)
        LOG.info('''Paste this in your VBA editor to add the Document Variable:
ActiveDocument.Variables.Add Name:="{}", Value:="{}"'''.format(
            document_var, printable_b64))

        doc.code = '"Use this line to add the document variable to you file and then remove these comments."\n' + \
                   'ActiveDocument.Variables.Add Name:="{}", Value:="{}"\n'.format(document_var,
                                                                                   printable_b64) + doc.code

        doc.doc_var[document_var] = b64
예제 #2
0
    def run(self, doc: obfuscator.msdocument.MSDocument) -> None:
        vars = set(get_variables_defined(doc.code))
        consts = set(get_variables_const(doc.code))
        params = set(get_variables_parameters(doc.code))
        functions = set(get_functions(doc.code))

        names = {}
        for symbol in vars | consts | params | functions:
            if symbol not in BLACKLIST_SYMBOL:
                names[symbol] = get_random_string_of_random_length()

        doc.code = highlight(doc.code, VbNetLexer(), _RandomizeNamesFormatter(names))
예제 #3
0
class ProgrammingLexer(object):
    """lexes a string with multiple programming lexers and returns tokens"""

    lexers = {
        'actionscript': ActionScript3Lexer(),
        'c': CLexer(),
        'cpp': CppLexer(),
        'cs': CSharpLexer(),
        'java': JavaLexer(),
        'javascript': JavascriptLexer(),
        'perl': PerlLexer(),
        'php': PhpLexer(startinline=True),
        'python': PythonLexer(),
        'ruby': RubyLexer(),
        'vb': VbNetLexer(),
    }

    matched_languages = []
    data = None

    def __init__(self, matched_langs, data_string):
        self.matched_languages = matched_langs
        self.data = data_string

    def lex(self):
        """
        For every possible matched language, we run a lexer to see if we can
        eliminate it as a possible match. If we detect errors, or have no
        lexer matches, we remove it from the list.

        :return: the list of lexer results
        :rtype: list
        """
        results = {}
        threads = []

        # Looping through each matched language that has a lexer
        for lexer_id, lexer in \
                [[lexid, lxr] for lexid, lxr in
                 self.lexers.items() if lexid in self.matched_languages]:
            # Creating a thread for each lexer
            thread = ProgrammingLexerThread(lexer_id, lexer, self.data)
            thread.start()
            threads.append(thread)

        for thr in threads:
            thr.join()

        for thr in [th for th in threads if th.result]:
            results[thr.thread_id] = thr.result

        return results
예제 #4
0
    def run(self, doc: MSDocument) -> None:
        LOG.debug('Generating document variable name.')

        formatter = _EncryptStrings()
        doc.code = highlight(doc.code, VbNetLexer(), formatter)

        document_var = get_random_string(16)
        doc.code = VBA_BASE64_FUNCTION + VBA_XOR_FUNCTION.format(
            document_var) + doc.code

        b64 = base64.b64encode(bytes(formatter.crypt_key)).decode()
        LOG.info('''Paste this in your VBA editor to add the Document Variable:
ActiveDocument.Variables.Add Name:="{}", Value:="{}"'''.format(
            document_var, b64))
예제 #5
0
 def run(self, doc: MSDocument) -> None:
     doc.code = highlight(doc.code, VbNetLexer(), _AdditionFormatter())
예제 #6
0
 def run(self, doc: obfuscator.msdocument.MSDocument) -> None:
     doc.code = highlight(doc.code, VbNetLexer(), _RandomizeNamesFormatter())
예제 #7
0
 def remove_comments(self):
     formatter = CommentFormatter()
     self.script.code = highlight(self.script.code, VbNetLexer(), formatter)
예제 #8
0
 def run(self, doc: MSDocument) -> None:
     doc.code = highlight(doc.code, VbNetLexer(),
                          _ConvertNumbersFormatter())
예제 #9
0
 def run(self):
     self.map_variable_names_to_random_names()
     formatter = VariableNamesFormatter(self.rand)
     self.script.code = highlight(self.script.code, VbNetLexer(), formatter)
예제 #10
0
 def run(self, doc: MSDocument) -> None:
     doc.code = highlight(doc.code, VbNetLexer(), _StripCommentsFormatter())
예제 #11
0
def _do_split_line(line: str) -> str:
    return highlight(line, VbNetLexer(), _BreakLinesTooLong())
예제 #12
0
 def run(self, doc: MSDocument) -> None:
     doc.code = highlight(doc.code, VbNetLexer(), _SplitStrings())
예제 #13
0
 def hide_integers(self):
     formatter = IntegerFormatter()
     self.script.code = highlight(self.script.code, VbNetLexer(), formatter)
예제 #14
0
 def encrypt(self):
     formatter = EncryptionFormatter()
     self.script.code = EncryptionFormatter.DECRYPT_VBA + highlight(
         self.script.code, VbNetLexer(), formatter)