diff --git a/src/Analysis.js b/src/Analysis.js index 898df2d..18f99bc 100644 --- a/src/Analysis.js +++ b/src/Analysis.js @@ -88,7 +88,7 @@ export default class Analysis { } // Searching for morse string like "--.- --.--." - if (Utils.stringCharDiversity(str, ["\n"]) >= 3 && Utils.isMorse(str)) { + if (Utils.isMorse(str)) { this.counter.morseLiteral++; } } diff --git a/src/obfuscators/index.js b/src/obfuscators/index.js index b9f16b6..1293dbd 100644 --- a/src/obfuscators/index.js +++ b/src/obfuscators/index.js @@ -37,11 +37,6 @@ export function isObfuscatedCode(analysis) { if (analysis.counter.identifiers > kMinimumIdsCount && uPrefixNames.size > 0) { analysis.hasPrefixedIdentifiers = calcAvgPrefixedIdentifiers(analysis, prefix) > 80; } - // console.log(prefix); - // console.log(oneTimeOccurence); - // console.log(analysis.hasPrefixedIdentifiers); - // console.log(analysis.counter.identifiers); - // console.log(analysis.counter.encodedArrayValue); if (uPrefixNames.size === 1 && freejsobfuscator.verify(analysis, prefix)) { encoderName = "freejsobfuscator"; diff --git a/test/fixtures/obfuscated/notMorse.js b/test/fixtures/obfuscated/notMorse.js new file mode 100644 index 0000000..cc574b5 --- /dev/null +++ b/test/fixtures/obfuscated/notMorse.js @@ -0,0 +1,62 @@ +function decodeNotMorse(notMorseCode) { + var ref = { + '.': 'a', + '..': 'b', + '...': 'c', + '-': 'd', + '--': 'e', + '---': 'f', + '.-': 'g', + '.--': 'h', + '-.': 'i', + '-..': 'j', + '....': 'k', + '----': 'l', + '.-.-': 'm', + '.--.': 'n', + '....----': 'o', + '...----': 'p', + '..----': 'q', + '.----': 'r', + '. . .': 's', + '- - -': 't', + '. - .': 'u', + '- . -': 'v', + '. . -': 'w', + '- . .': 'x', + '- - .': 'y', + '_': 'z', + '__': '1', + '___': '2', + '____': '3', + '._': '4', + '.__': '5', + '.___': '6', + '__.': '7', + '.-_': '8', + '-._': '9', + '_-.': '0', + }; + + return notMorseCode + .split(' ') + .map( + a => a + .split(' ') + .map( + b => ref[b] + ).join('') + ).join(' '); +} + +var decoded = decodeNotMorse(".-- --- .-. -.. .-- --- .-. -.."); +var decoded = decodeNotMorse(".-- --- .-. -.. .-- --- .-. -.."); +var decoded = decodeNotMorse(".-- --- .-. -.. .-- --- .-. -.."); +var decoded = decodeNotMorse(".-- --- .-. -.. .-- --- .-. -.."); +var decoded = decodeNotMorse(".-- --- .-. -.. .-- --- .-. -.."); +var decoded = decodeNotMorse(".-- --- .-. -.. .-- --- .-. -.."); +var decoded = decodeNotMorse(".-- --- .-. -.. .-- --- .-. -.."); +var decoded = decodeNotMorse(".-- --- .-. -.. .-- --- .-. -.."); +var decoded = decodeNotMorse(".-- --- .-. -.. .-- --- .-. -.."); +var decoded = decodeNotMorse(".-- --- .-. -.. .-- --- .-. -.."); +console.log(decoded); diff --git a/test/obfuscated.spec.js b/test/obfuscated.spec.js index ec14a3c..4df4ead 100644 --- a/test/obfuscated.spec.js +++ b/test/obfuscated.spec.js @@ -20,14 +20,21 @@ test("should detect 'jsfuck' obfuscation", () => { assert.strictEqual(warnings[0].value, "jsfuck"); }); -// test("should detect 'morse' obfuscation", () => { -// const trycatch = readFileSync(new URL("morse.js", FIXTURE_URL), "utf-8"); -// const { warnings } = runASTAnalysis(trycatch); - -// assert.strictEqual(warnings.length, 1); -// assert.deepEqual(getWarningKind(warnings), ["obfuscated-code"].sort()); -// assert.strictEqual(warnings[0].value, "morse"); -// }); +test("should detect 'morse' obfuscation", () => { + const trycatch = readFileSync(new URL("morse.js", FIXTURE_URL), "utf-8"); + const { warnings } = runASTAnalysis(trycatch); + + assert.strictEqual(warnings.length, 1); + assert.deepEqual(getWarningKind(warnings), ["obfuscated-code"].sort()); + assert.strictEqual(warnings[0].value, "morse"); +}); + +test("should not detect 'morse' obfuscation", () => { + const trycatch = readFileSync(new URL("notMorse.js", FIXTURE_URL), "utf-8"); + const { warnings } = runASTAnalysis(trycatch); + + assert.strictEqual(warnings.length, 0); +}); test("should detect 'jjencode' obfuscation", () => { const trycatch = readFileSync(