diff --git a/src/core/config/Categories.js b/src/core/config/Categories.js
index 80b2b3a78b..401f6e4f27 100755
--- a/src/core/config/Categories.js
+++ b/src/core/config/Categories.js
@@ -66,7 +66,7 @@ const Categories = [
"Encode text",
"Decode text",
"Swap endianness",
- "Micrsoft Script Decoder",
+ "Microsoft Script Decoder",
]
},
{
diff --git a/src/core/config/OperationConfig.js b/src/core/config/OperationConfig.js
index 08a6310fc5..1410f48580 100755
--- a/src/core/config/OperationConfig.js
+++ b/src/core/config/OperationConfig.js
@@ -521,6 +521,7 @@ const OperationConfig = {
}
]
},
+
"To Charcode": {
description: "Converts text to its unicode character code equivalent.
e.g. Γειά σου becomes 0393 03b5 03b9 03ac 20 03c3 03bf 03c5",
run: ByteRepr.runToCharcode,
@@ -3205,8 +3206,8 @@ const OperationConfig = {
}
]
},
- "Micrsoft Script Decoder": {
- description: "Decodes Microsoft Encoded Script files that have been encoded with Microsoft's custom encoding.",
+ "Microsoft Script Decoder": {
+ description: "Decodes Microsoft Encoded Script files that have been encoded with Microsoft's custom encoding. These are often VBS (Visual Basic Script) files that are encoded and often renamed ".vbe" extention or JS (JScript) files renamed with ".jse" extention.",
run: MS.runDecodeScript,
inputType: "string",
outputType: "string",
diff --git a/src/core/operations/MS.js b/src/core/operations/MS.js
index 853f1a4249..b382c2340b 100644
--- a/src/core/operations/MS.js
+++ b/src/core/operations/MS.js
@@ -1,5 +1,5 @@
/**
- * Decodes Microsft Encoded Script files that can be read and executed by cscript.exe/wscript.exe.
+ * Decodes Microsoft Encoded Script files that can be read and executed by cscript.exe/wscript.exe.
* This is a conversion of a Python script that was originally created by Didier Stevens (https://DidierStevens.com).
*
* @author bmwhitn [brian.m.whitney@outlook.com]
@@ -215,17 +215,18 @@ const MS = {
],
/**
+ * @private
* @param {string} data
* @returns {string}
*/
- decode: function (data) {
+ _decode: function (data) {
let result = [];
let index = -1;
- data = data.replace(/@&/g, String.fromCharCode(10));
- data = data.replace(/@#/g, String.fromCharCode(13));
- data = data.replace(/@\*/g, ">");
- data = data.replace(/@!/g, "<");
- data = data.replace(/@\$/g, "@");
+ data = data.replace(/@&/g, String.fromCharCode(10))
+ .replace(/@#/g, String.fromCharCode(13))
+ .replace(/@\*/g, ">")
+ .replace(/@!/g, "<")
+ .replace(/@\$/g, "@");
for (let i = 0; i < data.length; i++) {
let byte = data.charCodeAt(i);
let char = data.charAt(i);
@@ -241,15 +242,17 @@ const MS = {
},
/**
+ * Microsoft Script Decoder operation
+ *
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
runDecodeScript: function (input, args) {
- let matcher = /#@~\^......==(.+)......==\^#~@/;
+ let matcher = /#@~\^.{6}==(.+).{6}==\^#~@/;
let encodedData = matcher.exec(input);
if (encodedData){
- return MS.decode(encodedData[1]);
+ return MS._decode(encodedData[1]);
} else {
return "";
}
diff --git a/test/tests/operations/MS.js b/test/tests/operations/MS.js
index 184e4bd16f..acf0f08560 100644
--- a/test/tests/operations/MS.js
+++ b/test/tests/operations/MS.js
@@ -1,7 +1,7 @@
/**
- * CharEnc tests.
+ * MS tests.
*
- * @author tlwr [toby@toby.codes]
+ * @author bwhitn [brian.m.whitney@outlook.com]
* @copyright Crown Copyright 2017
* @license Apache-2.0
*/
@@ -9,12 +9,12 @@ import TestRegister from "../../TestRegister.js";
TestRegister.addTests([
{
- name: "Micrsoft Script Decoder",
- input: "##@~^DgAAAA==\\ko$K6,JCV^GJqAQAAA==^#~@",
- expectedOutput: "MsgBox \"Hello\"",
+ name: "Microsoft Script Decoder",
+ input: "#@~^RQAAAA==-mD~sX|:/TP{~J:+dYbxL~@!F@*@!+@*@!&@*eEI@#@&@#@&\x7fjm.raY 214Wv:zms/obI0xEAAA==^#~@",
+ expectedOutput: "var my_msg = \"Testing <1><2><3>!\";\r\n\r\nWScript.Echo(my_msg);",
recipeConfig: [
{
- "op": "Micrsoft Script Decoder",
+ "op": "Microsoft Script Decoder",
"args": []
},
],