/
patch.js
132 lines (124 loc) · 4.6 KB
/
patch.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
/* !!!! Patches from box-js !!!! */
let __PATCH_CODE_ADDED__ = true;
window = this;
_globalTimeOffset = 0;
WScript.sleep = function(delay) {
_globalTimeOffset += delay;
}
let fullYearGetter = Date.prototype.getFullYear;
Date.prototype.getFullYear = function() {
console.log("Warning: the script tried to read the current date.");
console.log("If it doesn't work correctly (eg. fails to decrypt a string,");
console.log("try editing patch.js with a different year.");
// return 2017;
return fullYearGetter.call(this);
};
Date.prototype.getYear = function() {
return this.getFullYear();
};
Date.prototype.toString = function() {
// Example format: Thu Aug 24 18:17:18 UTC+0200 2017
const dayName = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"][this.getDay()];
const monName = ["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"][this.getMonth()];
return [
dayName, monName, this.getUTCDay(),
this.getUTCHours() + ":" + this.getUTCMinutes() + ":" + this.getUTCSeconds(),
"UTC-0500", // New York timezone
this.getFullYear()
].join(" ");
}
const legacyDate = Date;
Date = function() {
return new Proxy({
_actualTime: new legacyDate(...arguments),
}, {
get: (target, prop) => {
// Fast forward through time to foil anti-sandboxing busy
// loops. The _myOffset field caches the faked time offset
// used when the Date object was 1st looked at and
// advances if so future date objects jump forward in
// time.
if (typeof(target._myOffset) == "undefined") {
target._myOffset = _globalTimeOffset;
_globalTimeOffset += 100;
}
const modifiedDate = new legacyDate(target._actualTime.getTime() + target._myOffset);
if (prop === Symbol.toPrimitive) return hint => {
switch (hint) {
case "string":
case "default": {
return modifiedDate.toString();
}
case "number": {
return modifiedDate.getTime();
}
default:
throw new Error("Unknown hint!");
}
}
if (typeof prop !== "symbol") {
if (!(prop in modifiedDate) && (prop in legacyDate)) return legacyDate[prop];
if (!(prop in legacyDate.prototype)) return undefined;
}
if (typeof(modifiedDate[prop]) === "undefined") return undefined;
const boundFn = modifiedDate[prop].bind(modifiedDate);
return function() {
const ret = boundFn.apply(null, arguments);
target._actualTime = new legacyDate(modifiedDate.getTime() - _globalTimeOffset);
return ret;
}
}
});
}
Date.now = () => legacyDate.now() + _globalTimeOffset;
Date.length = 7;
Date.parse = legacyDate.parse;
Date.UTC = legacyDate.UTC;
Date.toString = () => legacyDate.toString()
Date.valueOf = () => legacyDate.valueOf()
Array.prototype.Count = function() {
return this.length;
};
let _OriginalFnToString = Function.prototype.toString;
Function.prototype.toString = function() {
/**
* WSH's toString() looks a bit different for built-in functions
* than result generated by Node.js (tabbed and wrapped with newlines)
* which is sometimes checked by malicious scripts.
*/
let source = _OriginalFnToString.call(this);
let r = source.replace(
/^function (\S+) { \[native code\] }$/,
((m, fnName) => `\nfunction ${fnName} {\n [native code]\n}\n`)
)
// Some obfuscators flag funcs with newlines.
r = r.replace(/\n/g, "").replace(/{ +/g, "{").replace(/ +}/g, "}");
return r;
}
// Handle dynamic code executed via c("...") where c = SomeFunc.constructor.
let _OriginalFnConstructor = Function.prototype.constructor;
function _CreateFunc(...args) {
let originalSource = args.pop();
let source;
if (typeof originalSource === "function") {
originalSource = originalSource.toString();
source = rewrite("(" + originalSource + ")");
} else if (typeof originalSource === "string") {
source = `/* Function arguments: ${JSON.stringify(args)} */\n` + rewrite(originalSource);
} else {
// What the fuck JS
// For some reason, IIFEs result in a call to Function.
//return new _OriginalFunction(...args, source);
return new _OriginalFnConstructor(...args, source);
}
logJS(source);
//return new _OriginalFunction(...args, source);
return new _OriginalFnConstructor(...args, source);
}
Function.prototype.constructor = _CreateFunc;
// Handle dynamic code executed via Function("...").
let _OriginalFunction = Function;
Function = _CreateFunc;
Function.toString = () => _OriginalFunction.toString()
Function.valueOf = () => _OriginalFunction.valueOf()
/* End patches */