Skip to content

Commit

Permalink
Provide new CLI, and fix github release workflow
Browse files Browse the repository at this point in the history 
Provide syntax coloring

Try improve workflow

Fix naming in publish workflow

Provide real CLI with syntax Coloring
  • Loading branch information
@sbruyere
sbruyere committed Jan 12, 2023
1 parent 197c125 commit 7a2c74f
Show file tree
Hide file tree
Showing 7 changed files with 270 additions and 34 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ jobs:
shell: bash
run: |
tag=$(git describe --tags --abbrev=0)
release_name="App-$tag-${{ matrix.target }}"
release_name="vbSparkle-$tag-${{ matrix.target }}"
# Build everything
dotnet publish Sources/vbSparkle.Console/ --framework netcoreapp3.1 --runtime "${{ matrix.target }}" -c Release -o "$release_name"
Expand All @@ -61,6 +61,6 @@ jobs:
- name: Publish
uses: softprops/action-gh-release@v1
with:
files: "App*"
files: "vbSparkle-*"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
10 changes: 1 addition & 9 deletions Resources/samples/sample_10.txt
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,6 @@
wscript.sleep(10000)
dim KWteaHafFeaq,JHgfeomgLpfMj:ZZFJFG58GJ55H85U5:dim kiolmp:kiolmp = chr(101):dhgprdt():i = 10 + 120 - 130:SDRertserfty = chr(10+10+10+9)
Function chr(MYURTHFYTR6YFH6RYHF)
Dim Z7UR7UFHEFRURGHRYHGYR
dim SDRRFGTYHGFGFGf
Z7UR7UFHEFRURGHRYHGYR = chr(MYURTHFYTR6YFH6RYHF)
for i = 1000 - 999 to len(Z7UR7UFHEFRURGHRYHGYR)
SDRRFGTYHGFGFGf = chr(asc(Z7UR7UFHEFRURGHRYHGYR))
next
W = SDRRFGTYHGFGFGf
end Function

function OPLMITJGUCN57 (OLGTUR783J4H6UR,NHGUIRTNVUTI65,KIOYKGJUTH6785HT)
OPLMITJGUCN57 = Replace(OLGTUR783J4H6UR,NHGUIRTNVUTI65,KIOYKGJUTH6785HT)
end function
Expand Down
29 changes: 23 additions & 6 deletions Sources/vbSparkle.Console/Options.cs
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,42 @@
using CommandLine;
using System.Collections.Generic;
using vbSparkle.Options;

namespace vbSparkle.CLI
{
class Options
{
[Option('p', "path", Group = "inputGroup", HelpText = "Path of directory or script file(s) to be deobfuscated.")]
[Option('p', "path", Group = "input", HelpText = "Path of directory or script file(s) to be deobfuscated.")]
public IEnumerable<string> InputFiles { get; set; }

[Option("stdin",
Default = false,
Group = "inputGroup",
Group = "input",
HelpText = "Read from stdin")]
public bool stdin { get; set; }

[Option('o', "output", Required = false, Default = null, HelpText = "File offset.")]
public string Output { get; set; }

[Option(
Default = false,
HelpText = "Prints all messages to standard output.")]
public bool Verbose { get; set; }
//[Option('v',
// Default = false,
// HelpText = "Prints all messages to standard output.")]
//public bool Verbose { get; set; }

[Option("sym-rename-mode",
Default = SymbolRenamingMode.None,
HelpText = "Define how symbols can be renamed.")]
public SymbolRenamingMode SymbolRenamingMode { get; set; }

[Option("junk-code-processing",
Default = JunkCodeProcessingMode.Comment,
HelpText = "Define junk code should be processed.")]
public JunkCodeProcessingMode JunkCodeProcessingMode { get; set; }

[Option('i', "indent-spacing",
Default = 4,
HelpText = "Defines the number of spaces taken into account for the indentation of the code.")]
public int IndentSpacing { get; set; }

}
}
222 changes: 207 additions & 15 deletions Sources/vbSparkle.Console/Program.cs
View file
Original file line number Diff line number Diff line change
@@ -1,72 +1,264 @@
using CommandLine;
using System;
using CommandLine.Text;

using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Reflection;
using vbSparkle.Options;
using Colorful;
using System.Drawing;
using System.Threading.Tasks;
using System.Threading;

namespace vbSparkle.CLI
{
class Program
{
static void Main(string[] args)
{
Parser.Default.ParseArguments<Options>(args)
.WithParsed(opts => RunOptionsAndReturnExitCode(opts))
.WithNotParsed(errs => HandleParseError(errs));
InitializeConsoleHeader();
//1- disable auto generated help
var parser = new CommandLine.Parser(with => with.HelpWriter = null);

//2- run parser and get result
var parserResult = parser.ParseArguments<Options>(args);

parserResult.WithNotParsed(errs => DisplayHelp(parserResult, errs));
parserResult.WithParsed(opts => RunOptionsAndReturnExitCode(opts));

}

private static void InitializeConsoleHeader()
{
Console.ForegroundColor = Color.WhiteSmoke;
string version = Assembly.GetExecutingAssembly().GetName().Version.ToString();
Console.ResetColor();
Console.ReplaceAllColorsWithDefaults();
Console.Title = "vbSparkle " + version;

Console.WriteLine(
@" _ __ _ _ " + "\r\n" +
@"__ _| |__ / _\_ __ __ _ _ __| | _| | ___ " + "\r\n" +
@"\ \ / / '_ \\ \| '_ \ / _` | '__| |/ / |/ _ \" + "\r\n" +
@" \ V /| |_) |\ \ |_) | (_| | | | <| | __/" + "\r\n" +
@" \_/ |_.__/\__/ .__/ \__,_|_| |_|\_\_|\___|" + "\r\n" +
@" |_| v" + version
, Color.AliceBlue);

Console.WriteLine();
Console.WriteLine();

Console.WriteLine("Copyright © Airbus CERT");
Console.WriteLine("https://github.com/airbus-cert/vbSparkle");
Console.WriteLine();
Console.WriteLine();
}

private static void HandleParseError(IEnumerable<Error> errs)
private static void DisplayHelp<T>(ParserResult<T> result, IEnumerable<Error> errors)
{
var helpText = HelpText.AutoBuild(result, h =>
{
h.AdditionalNewLineAfterOption = true;
h.Heading = System.String.Empty;
h.Copyright = System.String.Empty;
h.AddEnumValuesToHelpText = true;

h.AddPreOptionsLine("Sample usage:");
h.AddPreOptionsLine("> vbSparkle.CLI -p sample.vbs");

return HelpText.DefaultParsingErrorsHandler(result, h);
}, e => e);

Console.WriteLine(helpText);

Console.ReadLine();
}

private static void RunOptionsAndReturnExitCode(Options opts)
{
if (opts.InputFiles.Count() > 0)
foreach (var filename in opts.InputFiles)
{

Console.WriteLine($"# Processing {filename} ...");
string fileContent = File.ReadAllText(filename);

string result = DeobfuscateContent(fileContent);
string result = DeobfuscateContent(fileContent, opts);

if (!string.IsNullOrWhiteSpace(opts.Output))
File.AppendAllText(opts.Output, result);
else
Console.Out.Write(result);
WriteSyntaxColoringConsoleCode(result);

}

if (opts.stdin)
{
string fileContent = Console.In.ReadToEnd();

string result = DeobfuscateContent(fileContent);
string result = DeobfuscateContent(fileContent, opts);

if (!string.IsNullOrWhiteSpace(opts.Output))
File.AppendAllText(opts.Output, result);
else
Console.Out.Write(result);
{
WriteSyntaxColoringConsoleCode(result);
// Console.Out.Write(result);
}
}
}

private static string DeobfuscateContent(string content)
private static void WriteSyntaxColoringConsoleCode(string result)
{
Stopwatch perfWatch = new Stopwatch();

perfWatch.Start();

string[] vbKeywords = new string[]
{
"As",
"Binary",
"ByRef",
"ByVal",
"Date",
"Else",
"Empty",
"Error",
"False",
"For",
"Friend",
"Get",
"Input",
"Is",
"Len",
"Let",
"Lock",
"Me",
"Mid",
"New",
"Next",
"Nothing",
"Null",
"On",
"Option",
"Optional",
"ParamArray",
"Print",
"Private",
"Property",
"PtrSafe",
"Public",
"Resume",
"Seek",
"Set",
"Static",
"Step",
"String",
"Then",
"Time",
"To",
"True",
"WithEvents",
"Dim",
"ReDim",
"Preserve",
"If",
"Then",
"Function",
"Sub",
"GoSub",
"GoTo",
"On",
"Error",
"Do",
"Until",
"End",
"Exit",
"While",
"Loop",
"And",
"Or",
"\\+",
"\\&",
"\\=",
"\\-",
"\\*"
};


string[] funcKeywords = new string[]
{
"Mid",
"Mid$",
"Asc",
"Asc$",
"Chr",
"Chr$",
"UBound",
"LBound",
"Len",
"UCase",
"LCase"

};

StyleSheet styleSheet = new StyleSheet(Color.White);

string[] dangerKeywords = new string[]
{
"CreateObject",
"WScript.Shell",
"WScript.GetObject",

};

foreach (var v in dangerKeywords.Distinct().ToArray())
styleSheet.AddStyle(v, Color.Red);

foreach (var v in vbKeywords.Distinct().ToArray())
styleSheet.AddStyle(v + "\\s+", Color.CornflowerBlue);

foreach (var v in funcKeywords.Distinct().ToArray())
styleSheet.AddStyle(v + "\\(", Color.LightBlue);



//foreach (var v in funcKeywords.Distinct().ToArray())
styleSheet.AddStyle("[a-zA-Z][\\w]*\\(", Color.SkyBlue);

styleSheet.AddStyle("\\)", Color.LightBlue);

styleSheet.AddStyle("\\\"(.*?)\\\"", Color.Orange);
styleSheet.AddStyle("\\\'(.*?).*", Color.Green);

Console.WriteLine(new string('═', 80));

Console.WriteLineStyled(result + "\r\n", styleSheet);

perfWatch.Stop();
Console.ForegroundColor = Color.WhiteSmoke;

Console.WriteLine(new string('═', 80));
Console.WriteLine($"# Printed in {perfWatch.ElapsedMilliseconds} ms.");

}

private static string DeobfuscateContent(string content, Options opts)
{
Stopwatch perfWatch = new Stopwatch();

perfWatch.Start();

var result = VbPartialEvaluator.PrettifyEncoded(content, new EvaluatorOptions()
{
SymbolRenamingMode = SymbolRenamingMode.None,
JunkCodeProcessingMode = JunkCodeProcessingMode.Remove,
IndentSpacing = 4,
SymbolRenamingMode = opts.SymbolRenamingMode,
JunkCodeProcessingMode = opts.JunkCodeProcessingMode,
IndentSpacing = opts.IndentSpacing
});

perfWatch.Stop();
Console.WriteLine($"Computed in {perfWatch.ElapsedMilliseconds} ms.");
Console.WriteLine($"# Computed in {perfWatch.ElapsedMilliseconds} ms.");

return result;
}
Expand Down
14 changes: 13 additions & 1 deletion Sources/vbSparkle.Console/Properties/launchSettings.json
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,20 @@
{
"profiles": {
"vbSparkle.Console": {
"Help": {
"commandName": "Project",
"commandLineArgs": "--help"
},
"Sample_7": {
"commandName": "Project",
"commandLineArgs": "-p $(SolutionDir)\\Resources\\samples\\sample_7.txt"
},
"Sample_10": {
"commandName": "Project",
"commandLineArgs": "-p $(SolutionDir)\\Resources\\samples\\sample_10.txt --sym-rename-mode All"
},
"vbSparkle.Console": {
"commandName": "Project",
"commandLineArgs": ""
}
}
}
Loading

0 comments on commit 7a2c74f

Please sign in to comment.