Social Icons

twitter facebook google plus linkedin

martes, 27 de enero de 2015

¿Cómo abrir un script VBE?

Hooooola Enfermera (http://youtu.be/DKjzu6ajPio)

¿Hace scripting? Si no lo hace, debiera hacerlo.

Hay un formato especial de archivos VBScript que viene supuestamente codificado, aunque creo que el término correcto sería ofuscado. Este formato es VBE y al intentar abrir un archivo con este formato con un editor de texto común y corriente encontraremos algo parecido a esto:

Mucho contenido no se puede apreciar. Solo caracteres que, aparentemente, carecen de sentido.

Existe la forma de hacer ingeniería inversa con otro script hecho por Jean-Luc Antoine  hace ya varios años atrás.
El código es:

'===============================================================================
'===============================================================================
'  SCRIPT........:  scriptDecode.vbs 
'  VERSION.......:  1.5
'  DATE..........:  11/22/2003
'  AUTHOR........:  Jean-Luc Antoine
'  LINK..........:  http://www.interclasse.com/scripts/decovbe.php
'  ALTERED BY....:  Joe Glessner
'  DESCRIPTION...:  Decodes scripts encoded with screnc.exe. Usable with 
'                   Wscript by dragging an encoded script onto this one. If done
'                   this way, only the first 100 lines (or so) of the script 
'                   will be displayed.
'                   If run using Cscript.exe the entire output will be 
'                   displayed.
'                   This script can be used to output the decoded script to a 
'                   file using Cscript.exe by calling it with the following
'                   syntax:
'
'              cscript [Path]\scriptDecoder.vbs [Path]\ >> output.txt 
'
'===============================================================================
'===============================================================================
'**Start Encode**

'===============================================================================
'#  START 
'===============================================================================
option explicit

    '---------------------------------------------------------------------------
 '#  Declare variables
 '---------------------------------------------------------------------------
    Dim oArgs, NomFichier

 '---------------------------------------------------------------------------
 '#  Check Arguments
 '---------------------------------------------------------------------------
 NomFichier=""
 Set oArgs = WScript.Arguments
 Select Case oArgs.Count
 Case 0 'No Arg, popup a dialog box to choose the file
  NomFichier=BrowseForFolder("Choose an encoded file", &H4031, &H0011)
 Case 1
  If Instr(oArgs(0),"?")=0 Then '-? ou /? => aide
   NomFichier=oArgs(0)
  End If
 Case Else
  WScript.Echo "Too many parameters"
 End Select
 Set oArgs = Nothing

 '---------------------------------------------------------------------------
 '#  Decode the file and output the results
 '---------------------------------------------------------------------------
    If NomFichier<>"" Then
        Dim fso
        Set fso=WScript.CreateObject("Scripting.FileSystemObject")
        If fso.FileExists(NomFichier) Then
            Dim fic,contenu
            Set fic = fso.OpenTextFile(NomFichier, 1)
            Contenu=fic.readAll
            fic.close
            Set fic=Nothing
    
            Const TagInit="#@~^" '#@~^awQAAA==
            Const TagFin="==^#[email protected]" '& chr(0)
            Dim DebutCode, FinCode
            Do
                FinCode=0
                DebutCode=Instr(Contenu,TagInit)
                If DebutCode>0 Then
                    If (Instr(DebutCode,Contenu,"==")-DebutCode)=10 Then 
                        'If "==" follows the tag
                        FinCode=Instr(DebutCode,Contenu,TagFin)
                        If FinCode>0 Then
                            Contenu=Left(Contenu,DebutCode-1) & _
                            Decode(Mid(Contenu,DebutCode+12,FinCode-DebutCode-12-6)) & _
                            Mid(Contenu,FinCode+6)
                        End If
                    End If
                End If
            Loop Until FinCode=0
            WScript.Echo Contenu
        Else
            WScript.Echo Nomfichier & " not found"
        End If
        Set fso=Nothing
    Else
        WScript.Echo "Please give a filename"
        WScript.Echo "Usage : " & wscript.fullname  & " " & WScript.ScriptFullName & _
         " "
    End If

'===============================================================================
'#  Functions
'===============================================================================
    '---------------------------------------------------------------------------
 '#  Name................:  Decode()
 '#  Use.................:  Decode(Chaine)
 '#  Purpose.............:  Reverse the encoding done by screnc.exe.
 '---------------------------------------------------------------------------
    Function Decode(Chaine)
        Dim se,i,c,j,index,ChaineTemp
        Dim tDecode(127)
        Const Combinaison="1231232332321323132311233213233211323231311231321323112331123132"
        Set se=WSCript.CreateObject("Scripting.Encoder")
        For i=9 to 127
            tDecode(i)="JLA"
        Next
        For i=9 to 127
            ChaineTemp=Mid(se.EncodeScriptFile(".vbs",string(3,i),0,""),13,3)
            For j=1 to 3
                c=Asc(Mid(ChaineTemp,j,1))
                tDecode(c)=Left(tDecode(c),j-1) & chr(i) & Mid(tDecode(c),j+1)
            Next
        Next
        'Next line we correct a bug, otherwise a ")" could be decoded to a ">"
        tDecode(42)=Left(tDecode(42),1) & ")" & Right(tDecode(42),1)
        Set se=Nothing
        Chaine=Replace(Replace(Chaine,"@&",chr(10)),"@#",chr(13))
        Chaine=Replace(Replace(Chaine,"@*",">"),"@!","<")
        Chaine=Replace(Chaine,"@$","@")
        index=-1
        For i=1 to Len(Chaine)
            c=asc(Mid(Chaine,i,1))
            If c<128 data-blogger-escaped-c="" data-blogger-escaped-if="" data-blogger-escaped-index="index+1" data-blogger-escaped-or="" data-blogger-escaped-then="">31) and (c<128 data-blogger-escaped-c="" data-blogger-escaped-if="" data-blogger-escaped-then="">60) and (c<>62) and (c<>64) Then
                    Chaine=Left(Chaine,i-1) & Mid(tDecode(c),Mid(Combinaison, _
                     (index mod 64)+1,1),1) & Mid(Chaine,i+1)
                End If
            End If
        Next
        Decode=Chaine
    End Function

    '---------------------------------------------------------------------------
    '#  Name................:  BrowseForFolder()
 '#  Use.................:  BrowseForFolder(ByVal pstrPrompt, ByVal 
    '#                             pintBrowseType, ByVal pintLocation)
    '#  Purpose.............:  Locate the encoded script using Shell.Application
 '---------------------------------------------------------------------------
    Function BrowseForFolder(ByVal pstrPrompt, ByVal pintBrowseType, ByVal pintLocation)
        Dim ShellObject, pstrTempFolder, x
        Set ShellObject=WScript.CreateObject("Shell.Application")
        On Error Resume Next
        Set pstrTempFolder=ShellObject.BrowseForFolder(&H0,pstrPrompt,pintBrowseType,pintLocation)
        BrowseForFolder=pstrTempFolder.ParentFolder.ParseName(pstrTempFolder.Title).Path
        If Err.Number<>0 Then BrowseForFolder=""
        Set pstrTempFolder=Nothing
        Set ShellObject=Nothing
    End Function
    
'===============================================================================
'#  END 
'===============================================================================
La forma es guardarlo en un archivo llamado scriptDecoder.vbs y usarlo así:
cscript [Path]\scriptDecoder.vbs [Path]\[script.vbe]>> output.txt

Eso arrojará el script en un archivo de texto.

Espero que les sirva.