Module refinery.units.obfuscation.ps1.concat
Expand source code Browse git
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import re
from refinery.units.obfuscation import IterativeDeobfuscator
from refinery.units.obfuscation.ps1 import string_unquote, string_quote, Ps1StringLiterals
class deob_ps1_concat(IterativeDeobfuscator):
_SENTINEL = re.compile(R'''['"]\s*[+&]\s*['"]''')
def deobfuscate(self, data):
def concat(data):
strlit = Ps1StringLiterals(data)
repeat = True
while repeat:
for match in self._SENTINEL.finditer(data):
a, b = match.span()
a = strlit.get_container(a)
if a is None:
continue
b = strlit.get_container(b)
if b is None or b != a + 1:
continue
a = strlit.ranges[a]
b = strlit.ranges[b]
stra = data[slice(*a)]
strb = data[slice(*b)]
parts = list(string_unquote(stra))
it = iter(string_unquote(strb))
parts[~0] += next(it)
parts.extend(it)
yield data[:a[0]] + string_quote(parts)
data = data[b[1]:]
strlit.update(data)
break
else:
repeat = False
yield data
return ''.join(concat(data))Classes
class deob_ps1_concat (timeout=100)-
Expand source code Browse git
class deob_ps1_concat(IterativeDeobfuscator): _SENTINEL = re.compile(R'''['"]\s*[+&]\s*['"]''') def deobfuscate(self, data): def concat(data): strlit = Ps1StringLiterals(data) repeat = True while repeat: for match in self._SENTINEL.finditer(data): a, b = match.span() a = strlit.get_container(a) if a is None: continue b = strlit.get_container(b) if b is None or b != a + 1: continue a = strlit.ranges[a] b = strlit.ranges[b] stra = data[slice(*a)] strb = data[slice(*b)] parts = list(string_unquote(stra)) it = iter(string_unquote(strb)) parts[~0] += next(it) parts.extend(it) yield data[:a[0]] + string_quote(parts) data = data[b[1]:] strlit.update(data) break else: repeat = False yield data return ''.join(concat(data))Ancestors
Class variables
var required_dependenciesvar optional_dependencies
Methods
def deobfuscate(self, data)-
Expand source code Browse git
def deobfuscate(self, data): def concat(data): strlit = Ps1StringLiterals(data) repeat = True while repeat: for match in self._SENTINEL.finditer(data): a, b = match.span() a = strlit.get_container(a) if a is None: continue b = strlit.get_container(b) if b is None or b != a + 1: continue a = strlit.ranges[a] b = strlit.ranges[b] stra = data[slice(*a)] strb = data[slice(*b)] parts = list(string_unquote(stra)) it = iter(string_unquote(strb)) parts[~0] += next(it) parts.extend(it) yield data[:a[0]] + string_quote(parts) data = data[b[1]:] strlit.update(data) break else: repeat = False yield data return ''.join(concat(data))
Inherited members