Commit eb94f64efa959bbdf5e84c9f79efcc6d9f804ade
1 parent
b4f8d2e4
added "detect_is_encrypted" and "decrypt_file" methods in VBA_Parser
Showing
1 changed file
with
12 additions
and
0 deletions
oletools/olevba.py
| @@ -2686,6 +2686,7 @@ class VBA_Parser(object): | @@ -2686,6 +2686,7 @@ class VBA_Parser(object): | ||
| 2686 | self.pcodedmp_output = None | 2686 | self.pcodedmp_output = None |
| 2687 | #: Flag set to True/False if VBA stomping detected | 2687 | #: Flag set to True/False if VBA stomping detected |
| 2688 | self.vba_stomping_detected = None | 2688 | self.vba_stomping_detected = None |
| 2689 | + self.is_encrypted = None # will be set to True or False by detect_is_encrypted | ||
| 2689 | 2690 | ||
| 2690 | # if filename is None: | 2691 | # if filename is None: |
| 2691 | # if isinstance(_file, basestring): | 2692 | # if isinstance(_file, basestring): |
| @@ -3262,6 +3263,17 @@ class VBA_Parser(object): | @@ -3262,6 +3263,17 @@ class VBA_Parser(object): | ||
| 3262 | log.exception('Error when running oledump.plugin_biff, please report to %s' % URL_OLEVBA_ISSUES) | 3263 | log.exception('Error when running oledump.plugin_biff, please report to %s' % URL_OLEVBA_ISSUES) |
| 3263 | return False | 3264 | return False |
| 3264 | 3265 | ||
| 3266 | + def detect_is_encrypted(self): | ||
| 3267 | + self.is_encrypted = crypto.is_encrypted(self.ole_file) | ||
| 3268 | + return self.is_encrypted | ||
| 3269 | + | ||
| 3270 | + def decrypt_file(self): | ||
| 3271 | + decrypted_file = None | ||
| 3272 | + if self.detect_is_encrypted(): | ||
| 3273 | + passwords = crypto.DEFAULT_PASSWORDS | ||
| 3274 | + decrypted_file = crypto.decrypt(self.filename, passwords) | ||
| 3275 | + | ||
| 3276 | + return decrypted_file | ||
| 3265 | 3277 | ||
| 3266 | def encode_string(self, unicode_str): | 3278 | def encode_string(self, unicode_str): |
| 3267 | """ | 3279 | """ |