Merge branch 'genericeval'

2024-11-23 04:40:06 +00:00 · 2013-04-01 10:36:15 -07:00 · 2013-04-01 10:36:15 -07:00 · 408988b67a
commit 408988b67a
parent f78daa196a c90589d4ea
2 changed files with 55 additions and 0 deletions
--- a/index.html
+++ b/index.html
@ -152,6 +152,7 @@ a {
 <script src="unpackers/urlencode_unpacker.js"></script>
 <script src="unpackers/p_a_c_k_e_r_unpacker.js"></script>
 <script src="unpackers/myobfuscate_unpacker.js"></script>
+<script src="unpackers/genericeval_unpacker.js"></script>

 <script>

@ -168,6 +169,7 @@ function run_tests() {
    P_A_C_K_E_R.run_tests(st);
    Urlencoded.run_tests(st);
    MyObfuscate.run_tests(st);
+    GenericEval.run_tests(st);
    // $('#testresults').html(results.replace(/r/g, '').replace(/\n/g, '<br>'));
    var results = st.results_raw().replace(/ /g, '&nbsp;').replace(/\r/g, '·').replace(/\n/g, '<br>');
    $('#testresults').html(results).show();
@ -236,6 +238,12 @@ function unpacker_filter(source) {
            }
        }
    }
+    if (GenericEval.detect(source)) {
+        var unpacked = GenericEval.unpack(source);
+        if (unpacked != source) {
+            source = unpacker_filter(unpacked);
+        }
+    }

    return trailing_comments + source;
 }
--- a/unpackers/genericeval_unpacker.js
+++ b/unpackers/genericeval_unpacker.js
@ -0,0 +1,47 @@
+//
+// simple unpacker/deobfuscator for anything eval-based
+//
+// written by Einar Lielmanis <einar@jsbeautifier.org>
+//
+// usage:
+//
+// if (GenericEval.detect(some_string)) {
+//     var unpacked = GenericEval.unpack(some_string);
+// }
+//
+//
+
+var GenericEval = {
+    detect: function (str) {
+        if (GenericEval.starts_with(str, 'eval(')) {
+            return true;
+        }
+        return false;
+    },
+
+    unpack: function (str) {
+        if (GenericEval.detect(str)) {
+            var modified_source = 'eval = function (s) { unpacked_source += s; }\n' + str;
+            var unpacked_source = '';
+            eval(modified_source);
+            return unpacked_source ? unpacked_source : str;
+        }
+        return str;
+    },
+
+    starts_with: function (str, what) {
+        return str.substr(0, what.length) === what;
+    },
+
+    ends_with: function (str, what) {
+        return str.substr(str.length - what.length, what.length) === what;
+    },
+
+    run_tests: function (sanity_test) {
+        var t = sanity_test || new SanityTest();
+
+        return t;
+    }
+
+
+}