Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import re, urllib2, requests, cookielib, string, urllib
- #from jsbeautifier.unpackers import UnpackingError
- PRIORITY = 1
- def detect(source):
- """Detects whether `source` is P.A.C.K.E.R. coded."""
- return source.replace(' ', '').startswith('eval(function(p,a,c,k,e,')
- def unpack(source):
- """Unpacks P.A.C.K.E.R. packed js code."""
- payload, symtab, radix, count = _filterargs(source)
- if count != len(symtab):
- raise UnpackingError('Malformed p.a.c.k.e.r. symtab.')
- try:
- unbase = Unbaser(radix)
- except TypeError:
- raise UnpackingError('Unknown p.a.c.k.e.r. encoding.')
- def lookup(match):
- """Look up symbols in the synthetic symtab."""
- word = match.group(0)
- return symtab[unbase(word)] or word
- source = re.sub(r'\b\w+\b', lookup, payload)
- return _replacestrings(source)
- def _filterargs(source):
- """Juice from a source file the four args needed by decoder."""
- juicers = [ (r"}\('(.*)', *(\d+), *(\d+), *'(.*)'\.split\('\|'\), *(\d+), *(.*)\)\)"),
- (r"}\('(.*)', *(\d+), *(\d+), *'(.*)'\.split\('\|'\)"),
- ]
- for juicer in juicers:
- args = re.search(juicer, source, re.DOTALL)
- if args:
- a = args.groups()
- try:
- return a[0], a[3].split('|'), int(a[1]), int(a[2])
- except ValueError:
- raise UnpackingError('Corrupted p.a.c.k.e.r. data.')
- # could not find a satisfying regex
- raise UnpackingError('Could not make sense of p.a.c.k.e.r data (unexpected code structure)')
- def _replacestrings(source):
- """Strip string lookup table (list) and replace values in source."""
- match = re.search(r'var *(_\w+)\=\["(.*?)"\];', source, re.DOTALL)
- if match:
- varname, strings = match.groups()
- startpoint = len(match.group(0))
- lookup = strings.split('","')
- variable = '%s[%%d]' % varname
- for index, value in enumerate(lookup):
- source = source.replace(variable % index, '"%s"' % value)
- return source[startpoint:]
- return source
- class Unbaser(object):
- """Functor for a given base. Will efficiently convert
- strings to natural numbers."""
- ALPHABET = {
- 53 : '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQ',
- 59 : '0123456789abcdefghijklmnopqrstuvwABCDEFGHIJKLMNOPQRSTUVWXYZ',
- 62 : '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ',
- 95 : (' !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ'
- '[\]^_`abcdefghijklmnopqrstuvwxyz{|}~')
- }
- def __init__(self, base):
- self.base = base
- # If base can be handled by int() builtin, let it do it for us
- if 2 <= base <= 36:
- self.unbase = lambda string: int(string, base)
- else:
- # Build conversion dictionary cache
- try:
- self.dictionary = dict((cipher, index) for
- index, cipher in enumerate(self.ALPHABET[base]))
- except KeyError:
- raise TypeError('Unsupported base encoding.')
- self.unbase = self._dictunbaser
- def __call__(self, string):
- return self.unbase(string)
- def _dictunbaser(self, string):
- """Decodes a value to an integer."""
- ret = 0
- for index, cipher in enumerate(string[::-1]):
- ret += (self.base ** index) * self.dictionary[cipher]
- return ret
- class AADecoder(object):
- def __init__(self, aa_encoded_data):
- self.encoded_str = aa_encoded_data.replace('/*´∇`*/', '')
- self.b = ["(c^_^o)", "(゚Θ゚)", "((o^_^o) - (゚Θ゚))", "(o^_^o)",
- "(゚ー゚)", "((゚ー゚) + (゚Θ゚))", "((o^_^o) +(o^_^o))", "((゚ー゚) + (o^_^o))",
- "((゚ー゚) + (゚ー゚))", "((゚ー゚) + (゚ー゚) + (゚Θ゚))", "(゚Д゚) .゚ω゚ノ", "(゚Д゚) .゚Θ゚ノ",
- "(゚Д゚) ['c']", "(゚Д゚) .゚ー゚ノ", "(゚Д゚) .゚Д゚ノ", "(゚Д゚) [゚Θ゚]"]
- def is_aaencoded(self):
- idx = self.encoded_str.find("゚ω゚ノ= /`m´)ノ ~┻━┻ //*´∇`*/ ['_']; o=(゚ー゚) =_=3; c=(゚Θ゚) =(゚ー゚)-(゚ー゚); ")
- if idx == -1:
- return False
- is_encoded = self.encoded_str.find("(゚Д゚)[゚o゚]) (゚Θ゚)) ('_');", idx) != -1
- return is_encoded
- def base_repr(self, number, base=2, padding=0):
- digits = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ'
- if base > len(digits):
- base = len(digits)
- num = abs(number)
- res = []
- while num:
- res.append(digits[num % base])
- num //= base
- if padding:
- res.append('0' * padding)
- if number < 0:
- res.append('-')
- return ''.join(reversed(res or '0'))
- def decode_char(self, enc_char, radix):
- end_char = "+ "
- str_char = ""
- while enc_char != '':
- found = False
- # for i in range(len(self.b)):
- # print self.b[i], enc_char.find(self.b[i])
- # if enc_char.find(self.b[i]) == 0:
- # str_char += self.base_repr(i, radix)
- # enc_char = enc_char[len(self.b[i]):]
- # found = True
- # break
- # print 'found', found, enc_char
- if not found:
- for i in range(len(self.b)):
- enc_char = enc_char.replace(self.b[i], str(i))
- # enc_char = enc_char.replace('(゚Θ゚)', '1').replace('(゚ー゚)', '4').replace('(c^_^o)', '0').replace('(o^_^o)', '3')
- # print 'enc_char', enc_char
- startpos = 0
- findClose = True
- balance = 1
- result = []
- if enc_char.startswith('('):
- l = 0
- for t in enc_char[1:]:
- l += 1
- # print 'looping', findClose, startpos, t, balance
- if findClose and t == ')':
- balance -= 1
- if balance == 0:
- result += [enc_char[startpos:l + 1]]
- findClose = False
- continue
- elif not findClose and t == '(':
- startpos = l
- findClose = True
- balance = 1
- continue
- elif t == '(':
- balance += 1
- if result is None or len(result) == 0:
- return ""
- else:
- for r in result:
- value = self.decode_digit(r, radix)
- # print 'va', value
- str_char += value
- if value == "":
- return ""
- return str_char
- enc_char = enc_char[len(end_char):]
- return str_char
- def parseJSString(self, s):
- try:
- # print s
- # offset = 1 if s[0] == '+' else 0
- tmp = (s.replace('!+[]', '1').replace('!![]', '1').replace('[]', '0')) # .replace('(','str(')[offset:])
- val = int(eval(tmp))
- return val
- except:
- pass
- def decode_digit(self, enc_int, radix):
- # enc_int = enc_int.replace('(゚Θ゚)', '1').replace('(゚ー゚)', '4').replace('(c^_^o)', '0').replace('(o^_^o)', '3')
- # print 'enc_int before', enc_int
- # for i in range(len(self.b)):
- # print self.b[i], enc_char.find(self.b[i])
- # if enc_char.find(self.b[i]) > 0:
- # str_char += self.base_repr(i, radix)
- # enc_char = enc_char[len(self.b[i]):]
- # found = True
- # break
- # enc_int=enc_int.replace(self.b[i], str(i))
- # print 'enc_int before', enc_int
- try:
- return str(eval(enc_int))
- except: pass
- rr = '(\(.+?\)\))\+'
- rerr = enc_int.split('))+') # re.findall(rr, enc_int)
- v = ""
- # print rerr
- for c in rerr:
- if len(c) > 0:
- # print 'v', c
- if c.strip().endswith('+'):
- c = c.strip()[:-1]
- # print 'v', c
- startbrackets = len(c) - len(c.replace('(', ''))
- endbrackets = len(c) - len(c.replace(')', ''))
- if startbrackets > endbrackets:
- c += ')' * (startbrackets - endbrackets)
- if '[' in c:
- v += str(self.parseJSString(c))
- else:
- # print c
- v += str(eval(c))
- return v
- # unreachable code
- # mode 0=+, 1=-
- # mode = 0
- # value = 0
- # while enc_int != '':
- # found = False
- # for i in range(len(self.b)):
- # if enc_int.find(self.b[i]) == 0:
- # if mode == 0:
- # value += i
- # else:
- # value -= i
- # enc_int = enc_int[len(self.b[i]):]
- # found = True
- # break
- # if not found:
- # return ""
- # enc_int = re.sub('^\s+|\s+$', '', enc_int)
- # if enc_int.find("+") == 0:
- # mode = 0
- # else:
- # mode = 1
- # enc_int = enc_int[1:]
- # enc_int = re.sub('^\s+|\s+$', '', enc_int)
- # return self.base_repr(value, radix)
- def decode(self):
- self.encoded_str = re.sub('^\s+|\s+$', '', self.encoded_str)
- # get data
- pattern = (r"\(゚Д゚\)\[゚o゚\]\+ (.+?)\(゚Д゚\)\[゚o゚\]\)")
- result = re.search(pattern, self.encoded_str, re.DOTALL)
- if result is None:
- common.log_utils.log_debug("AADecoder: data not found")
- return False
- data = result.group(1)
- # hex decode string
- begin_char = "(゚Д゚)[゚ε゚]+"
- alt_char = "(o゚ー゚o)+ "
- out = ''
- # print data
- while data != '':
- # Check new char
- if data.find(begin_char) != 0:
- common.log_utils.log_debug("AADecoder: data not found")
- return False
- data = data[len(begin_char):]
- # Find encoded char
- enc_char = ""
- if data.find(begin_char) == -1:
- enc_char = data
- data = ""
- else:
- enc_char = data[:data.find(begin_char)]
- data = data[len(enc_char):]
- radix = 8
- # Detect radix 16 for utf8 char
- if enc_char.find(alt_char) == 0:
- enc_char = enc_char[len(alt_char):]
- radix = 16
- # print repr(enc_char), radix
- # print enc_char.replace('(゚Θ゚)', '1').replace('(゚ー゚)', '4').replace('(c^_^o)', '0').replace('(o^_^o)', '3')
- # print 'The CHAR', enc_char, radix
- str_char = self.decode_char(enc_char, radix)
- if str_char == "":
- common.log_utils.log_debug("no match : ")
- common.log_utils.log_debug(data + "\nout = " + out + "\n")
- return False
- # print 'sofar', str_char, radix,out
- out += chr(int(str_char, radix))
- # print 'sfar', chr(int(str_char, radix)), out
- if out == "":
- common.log_utils.log_debug("no match : " + data)
- return False
- return out
- url = 'https://openload.co/embed/aFNMCPye31g/'
- agent = 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36'
- Accept_lng = 'nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4'
- headers = {'Connection': 'keep-alive','User-Agent': agent,'Accept-Encoding': None,'Upgrade-Insecure-Requests': '1','Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', 'Accept-Language': Accept_lng }
- request = urllib2.Request(url, headers = headers)
- tk = urllib2.urlopen(request).read(); #print tk
- match = re.findall('<script type="text/javascript">(.+)\s*(.+?)</script>', tk)
- for urlx, urly in match:
- if len(urlx) > 220:
- url1= urlx
- url2 = urly
- aa1= AADecoder(url1.replace('/*´∇`*/','')); aa1= aa1.decode(); print aa1
- print '################################################################'
- aa2= AADecoder(url2.replace('/*´∇`*/','')); aa2= aa2.decode();print aa2
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
