fix bools

Author: kmvi

src/deobfuscator.ts

@@ -2,11 +2,10 @@ import * as espree from 'espree';
 import * as estree from 'estree';
 import { generate } from 'escodegen';
 import { EspreeFacade } from './EspreeFacade';
-import { VariableDeclaration } from 'estree';
 import { StringArrayProtection } from './string-array';
 import { registerDecoders } from './utils';
 import { ProtectionBase } from './protection';
-import { StringSplit } from './string-split';
+import { StringSplit, BooleanLiterals } from './literals';
 
 type ProtectionCtor = new (code: string, ast: estree.Program) => ProtectionBase;
 
@@ -26,11 +25,12 @@ export class Deobfuscator {
     private ast: estree.Program | null = null;
     private protections: ProtectionCtor[] = [
         StringSplit,
+        BooleanLiterals,
         StringArrayProtection,
     ];
 
     constructor (public code: string) {
-        
+
     }
 
     init(): void {
@@ -52,7 +52,7 @@ export class Deobfuscator {
                 code = generate(ast);
             }
         }
-        
+
         return code;
     }
 

src/literals.ts

@@ -0,0 +1,83 @@
+import * as espree from 'espree';
+import * as estree from 'estree';
+import { ProtectionBase } from "./protection";
+import { VisitorOption, traverse, replace } from 'estraverse';
+import * as Utils from './utils';
+
+export class StringSplit extends ProtectionBase {
+
+    constructor(code: string, ast: estree.Program) {
+        super(code, ast);
+        this.active = true;
+    }
+
+    detect(): boolean {
+        return this.active;
+    }
+
+    remove(): estree.Program {
+        if (!this.active)
+            return this.ast;
+
+        this.ast = <estree.Program> replace(this.ast, {
+            enter: (node, parent) => {
+                if (Utils.isBinaryExpression(node) && node.operator === '+' &&
+                Utils.isLiteral(node.left) && Utils.isLiteral(node.right) &&
+                    typeof node.left.value === 'string' && typeof node.right.value === 'string')
+                {
+                    return <estree.Literal> {
+                        type: 'Literal',
+                        value: node.left.value + node.right.value
+                    };
+                }
+            }
+        });
+
+        return this.ast;
+    }
+
+}
+
+export class BooleanLiterals extends ProtectionBase {
+
+    constructor(code: string, ast: estree.Program) {
+        super(code, ast);
+        this.active = true;
+    }
+
+    detect(): boolean {
+        return this.active;
+    }
+
+    remove(): estree.Program {
+        if (!this.active)
+            return this.ast;
+
+        this.ast = <estree.Program> replace(this.ast, {
+            enter: (node, parent) => {
+                let isEmptyArray = function (e: estree.Node): e is estree.ArrayExpression {
+                    return Utils.isArrayExpression(e) && e.elements.length === 0;
+                };
+                let isNegate = function (e: estree.Node): e is estree.UnaryExpression {
+                    return Utils.isUnaryExpression(e) && e.operator === '!';
+                };
+                if (isNegate(node)) {
+                    if (isNegate(node.argument) && isEmptyArray(node.argument.argument)) {
+                        return <estree.Literal> {
+                            type: 'Literal',
+                            value: true
+                        };
+                    } else if (isEmptyArray(node.argument)) {
+                        return <estree.Literal> {
+                            type: 'Literal',
+                            value: false
+                        };
+                    }
+                }
+            }
+        });
+
+        return this.ast;
+    }
+
+}

src/string-split.ts

@@ -29,29 +29,29 @@ export function registerDecoders(): void {
         that.rc4 || (
             that.rc4 = function (str: any, key: any) {
                 var s = [], j = 0, x, res = '', newStr = '';
-               
+
                 str = that.atob(str);
-                    
+
                 for (var k = 0, length = str.length; k < length; k++) {
                     newStr += '%' + ('00' + str.charCodeAt(k).toString(16)).slice(-2);
                 }
-            
+
                 str = decodeURIComponent(newStr);
-                                    
+
                 for (var i = 0; i < 256; i++) {
                     s[i] = i;
                 }
-     
+
                 for (i = 0; i < 256; i++) {
                     j = (j + s[i] + key.charCodeAt(i % key.length)) % 256;
                     x = s[i];
                     s[i] = s[j];
                     s[j] = x;
                 }
-                
+
                 i = 0;
                 j = 0;
-                
+
                 for (var y = 0; y < str.length; y++) {
                     i = (i + 1) % 256;
                     j = (j + s[i]) % 256;
@@ -60,7 +60,7 @@ export function registerDecoders(): void {
                     s[j] = x;
                     res += String.fromCharCode(str.charCodeAt(y) ^ s[(s[i] + s[j]) % 256]);
                 }
-                          
+
                 return res;
         });
     })(global);
@@ -112,3 +112,6 @@ export function isArrayExpression(node: estree.Node): node is estree.ArrayExpres
     return node.type === 'ArrayExpression';
 }
 
+export function isUnaryExpression(node: estree.Node): node is estree.UnaryExpression {
+    return node.type === 'UnaryExpression';
+}