Provide new CLI, and fix github release workflow

Provide syntax coloring Try improve workflow Fix naming in publish workflow Provide real CLI with syntax Coloring Fix readme with information about CLI options Improve way of processing CLI options & standard input
airbus-cert · Jan 12, 2023 · 922d302 · 922d302
1 parent 197c125
commit 922d302
Show file tree

Hide file tree

Showing 8 changed files with 320 additions and 50 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -42,7 +42,7 @@ jobs:
         shell: bash
         run: |
           tag=$(git describe --tags --abbrev=0)
-          release_name="App-$tag-${{ matrix.target }}"
+          release_name="vbSparkle-$tag-${{ matrix.target }}"
 
           # Build everything
           dotnet publish Sources/vbSparkle.Console/ --framework netcoreapp3.1 --runtime "${{ matrix.target }}" -c Release -o "$release_name"
@@ -61,6 +61,6 @@ jobs:
       - name: Publish
         uses: softprops/action-gh-release@v1
         with:
-          files: "App*"
+          files: "vbSparkle-*"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/README.md b/README.md
@@ -28,11 +28,30 @@ string deobfuscated = VbPartialEvaluator.PrettifyEncoded(obfuscatedVB);
 ## As a CLI
 The attached project `vbSparkle.CLI` is an exemple of use of vbSparkle as a CLI.
 The current exemple take either a path as an argument or a full binary in `StdIn`, and return the deobfuscated result.
-![Railroad Diagram](/Resources/cli-exemple.JPG)
+![cli-exemple](/Resources/cli-exemple.JPG)
+
+
+```
+  -p, --path                (Group: input) Path of directory or script file(s)
+                            to be deobfuscated.
+
+  --stdin                   (Group: input) (Default: false) Read from stdin
+
+  -o, --output              File offset.
+
+  --sym-rename-mode         (Default: None) Define how symbols can be renamed.
+                            Valid values: None, Variables, Constants, All
+
+  --junk-code-processing    (Default: Comment) Define how junk code should be
+                            processed. Valid values: Nothing, Remove, Comment
+
+  -i, --indent-spacing      (Default: 4) Defines the number of spaces taken into
+                            account for the indentation of the code.
+```
 
 ## Web UI
 The attached project `vbSparkle.Web` is an exemple of use of vbSparkle within a Web UI.
-![Railroad Diagram](/Resources/webUI.PNG)
+![web-ui](/Resources/webUI.PNG)
 
 # Why to write a VBScript de-obfuscator based on partial-evaluation ?
 VBScript and VBA code obfuscation are popular among attackers and allow to evade detection measures, antivirus, firewalls, EDRs, and allows to make malware analysis more difficult.

diff --git a/Resources/samples/sample_10.txt b/Resources/samples/sample_10.txt
@@ -1,14 +1,6 @@
 wscript.sleep(10000)
 dim KWteaHafFeaq,JHgfeomgLpfMj:ZZFJFG58GJ55H85U5:dim kiolmp:kiolmp = chr(101):dhgprdt():i = 10 + 120 - 130:SDRertserfty = chr(10+10+10+9)
-Function chr(MYURTHFYTR6YFH6RYHF)
-Dim Z7UR7UFHEFRURGHRYHGYR
-dim SDRRFGTYHGFGFGf
-Z7UR7UFHEFRURGHRYHGYR = chr(MYURTHFYTR6YFH6RYHF)
-for i = 1000 - 999 to len(Z7UR7UFHEFRURGHRYHGYR)
-SDRRFGTYHGFGFGf = chr(asc(Z7UR7UFHEFRURGHRYHGYR))
-next
-W = SDRRFGTYHGFGFGf
-end Function
+
 function OPLMITJGUCN57 (OLGTUR783J4H6UR,NHGUIRTNVUTI65,KIOYKGJUTH6785HT)
 OPLMITJGUCN57 = Replace(OLGTUR783J4H6UR,NHGUIRTNVUTI65,KIOYKGJUTH6785HT)
 end function

diff --git a/Sources/vbSparkle.Console/Options.cs b/Sources/vbSparkle.Console/Options.cs
@@ -1,25 +1,35 @@
 using CommandLine;
 using System.Collections.Generic;
+using vbSparkle.Options;
 
 namespace vbSparkle.CLI
 {
-    class Options
+    class BaseOptions
     {
-        [Option('p', "path", Group = "inputGroup", HelpText = "Path of directory or script file(s) to be deobfuscated.")]
-        public IEnumerable<string> InputFiles { get; set; }
-
-        [Option("stdin",
-          Default = false,
-          Group = "inputGroup",
-          HelpText = "Read from stdin")]
-        public bool stdin { get; set; }
-
         [Option('o', "output", Required = false, Default = null, HelpText = "File offset.")]
         public string Output { get; set; }
 
-        [Option(
-          Default = false,
-          HelpText = "Prints all messages to standard output.")]
-        public bool Verbose { get; set; }
+        [Option("sym-rename-mode",
+          Default = SymbolRenamingMode.None,
+          HelpText = "Define how symbols can be renamed.")]
+        public SymbolRenamingMode SymbolRenamingMode { get; set; }
+
+        [Option("junk-code-processing",
+          Default = JunkCodeProcessingMode.Comment,
+          HelpText = "Define how junk code should be processed.")]
+        public JunkCodeProcessingMode JunkCodeProcessingMode { get; set; }
+
+        [Option('i', "indent-spacing",
+          Default = 4,
+          HelpText = "Defines the number of spaces taken into account for the indentation of the code.")]
+        public int IndentSpacing { get; set; }
+
+    }
+
+    class Options: BaseOptions
+    {
+        [Option('p', "path", Required = true, HelpText = "Path of directory or script file(s) to be deobfuscated.")]
+        public IEnumerable<string> InputFiles { get; set; }
+
     }
 }