misc-code/JEBAllatori.py at master · freshmanhhhhhh/misc-code · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
from com.pnfsoftware.jeb.client.api import IScript, IGraphicalClientContext, IUnitView
from com.pnfsoftware.jeb.core.units import IUnit, IXmlUnit
from com.pnfsoftware.jeb.core.units.code.android import IDexUnit
from com.pnfsoftware.jeb.core import RuntimeProjectUtil

class JEBAllatori(IScript):

    def run(self, ctx):
        engctx = ctx.getEnginesContext()
        if not engctx:
            print('Back-end engines not initialized')
            return

        projects = engctx.getProjects()
        if not projects:
            print('There is no opened project')
            return

        if not isinstance(ctx, IGraphicalClientContext):
            print('This script must be run within a graphical client')
            return

        prj = projects[0]

        fragment = ctx.getFocusedView().getActiveFragment()
        if not fragment:
            print "Select a view and the active fragment"
            return

        selectedstring = fragment.getActiveItemAsText()
        if not selectedstring:
            print("Select a string to de-obfuscate")
            return

        selectedstring = self.prepare_string(selectedstring)
        x1, x2 = self.get_args(ctx, selectedstring)

        print self.deobfuscate(selectedstring,x1,x2)

    def get_args(self, ctx, caption):
        # ask user how to configure the de-obfuscation routine
        # caption is the title to display
        # returns two ints
        default_x1 = '53'
        default_x2 = '66'
        x1 = ctx.displayQuestionBox(caption, 'x1= (default is %s)' % (default_x1), default_x1)
        x2 = ctx.displayQuestionBox(caption, 'x2= (default is %s)' % (default_x2), default_x2)

        return int(x1), int(x2)

    def prepare_string(self, thestring):
        # Typically, you'll get this as input: '"T,Q0Z+QlT2ElT!A+Z,\u001B"'
        # this outputs: u'T,Q0Z+QlT2ElT!A+Z,\x1b'

        # remove first and last quote
        l = len(thestring)
        s = thestring
        if thestring[0] == '"' and thestring[l-1] == '"':
            s = thestring[1:l-1]

        # handle unicode escaping
        return s.decode('unicode-escape')

    def deobfuscate(self, thestring, x1, x2):
        decoded = ''
        print "De-obfuscating: ", thestring
        index = len(thestring) -1
        while (index >=0):
            decoded = chr(ord(thestring[index]) ^ x1) + decoded
            if (index - 1) < 0:
                break
            index = index - 1
            decoded = (chr(ord(thestring[index]) ^ x2)) + decoded
            index = index - 1
        return decoded