def run(self, doc: MSDocument) -> None:
LOG.debug('Generating document variable name.')
formatter = EncryptStringsFmtr()
doc.code = highlight(doc.code, VbNetLexer(), formatter)
document_var = get_random_string(16)
code_prefix, code_suffix = split_var_declaration_from_code(doc.code)
# Merge the codes: we must keep the global variables declarations on top.
doc.code = code_prefix + VBA_BASE64_FUNCTION[0] + VBA_XOR_FUNCTION[0] + \
code_suffix + VBA_BASE64_FUNCTION[1] + VBA_XOR_FUNCTION[1].format(document_var)
b64 = base64.b64encode(bytes(formatter.crypt_key)).decode()
MAX_LENGTH = 512
printable_b64 = [
b64[i:i + MAX_LENGTH] for i in range(0, len(b64), MAX_LENGTH)
]
printable_b64 = '" & _\n"'.join(printable_b64)
LOG.info('''Paste this in your VBA editor to add the Document Variable:
ActiveDocument.Variables.Add Name:="{}", Value:="{}"'''.format(
document_var, printable_b64))
doc.code = '"Use this line to add the document variable to you file and then remove these comments."\n' + \
'ActiveDocument.Variables.Add Name:="{}", Value:="{}"\n'.format(document_var,
printable_b64) + doc.code
doc.doc_var[document_var] = b64
def run(self, doc: MSDocument) -> None:
LOG.debug('Generating document variable name.')
formatter = _EncryptStrings()
doc.code = highlight(doc.code, VbNetLexer(), formatter)
document_var = get_random_string(16)
doc.code = VBA_BASE64_FUNCTION + VBA_XOR_FUNCTION.format(
document_var) + doc.code
b64 = base64.b64encode(bytes(formatter.crypt_key)).decode()
LOG.info('''Paste this in your VBA editor to add the Document Variable:
ActiveDocument.Variables.Add Name:="{}", Value:="{}"'''.format(
document_var, b64))
def run(self, doc: MSDocument) -> None:
code = doc.code
code = code.split("\n")
code = map(_split_line_if_necessary, code)
code = "\n".join(code)
doc.code = code
def main():
configure_logging()
LOG.info("VBA obfuscator - Thomas LEROY & Nicolas BONNET")
parser = argparse.ArgumentParser(description='Obfuscate a VBA file.')
parser.add_argument('input_file',
type=str,
action='store',
help='path of the file to obfuscate')
parser.add_argument(
'--output_file',
type=str,
action='store',
help='output file (if no file is supplied, stdout will be used)')
args = parser.parse_args()
try:
doc = MSDocument(args.input_file)
except OSError as e:
raise BadPathError("Could not open input file") from e
LOG.info("Loaded the code.")
Pipe(doc).run(
SplitStrings(),
CryptStrings(),
RandomizeNames(),
ReplaceIntegersWithAddition(),
ReplaceIntegersWithXor(),
StripComments(),
RemoveEmptyLines(),
)
LOG.info("Obfuscated the code.")
if args.output_file:
try:
with open(args.output_file, "w") as f:
f.write(doc.code)
except OSError as e:
raise BadPathError("Could not open output file") from e
LOG.info("Wrote to file.")
else:
sys.stdout.write(doc.code)
def run(self, doc: MSDocument) -> None:
doc.code = re.sub(r'(?:(\s*)\n)+', '\n', doc.code)
def run(self, doc: MSDocument) -> None:
doc.code = highlight(doc.code, VbNetLexer(), _AdditionFormatter())
from obfuscator.modifier.misc import RemoveEmptyLines
from obfuscator.modifier.numbers import ObfuscateIntegers
from obfuscator.modifier.strings import CryptStrings, SplitStrings
from obfuscator.modifier.functions_vars import RandomizeNames
from obfuscator.msdocument import MSDocument
VBA_PATH = "example_macro/download_payload.vba"
if __name__ == "__main__":
configure_logging()
LOG = logging.getLogger(__name__)
LOG.info("VBA obfuscator - Thomas LEROY & Nicolas BONNET")
LOG.info("Loading the document...")
doc = MSDocument(VBA_PATH)
LOG.info("Obfuscating the code...")
Pipe(doc).run(
SplitStrings(),
CryptStrings(),
RandomizeNames(),
StripComments(),
RemoveEmptyLines(),
ObfuscateIntegers(),
)
LOG.info("Done!")
print(doc.code)
with open("output.vba", "w") as f:
f.write(doc.code)
def run(self, doc: MSDocument) -> None:
doc.code = highlight(doc.code, VbNetLexer(),
_ConvertNumbersFormatter())
def run(self, doc: MSDocument) -> None:
doc.code = highlight(doc.code, VbNetLexer(), _StripCommentsFormatter())
def run(self, doc: MSDocument) -> None:
doc.code = highlight(doc.code, VbNetLexer(), _SplitStrings())
def run(self, doc: MSDocument) -> None:
doc.code = re.sub(r'^\s*', '', doc.code, flags=re.MULTILINE)
