wc3edit.net

I got confused over where to post it since I couldn't find tool section, so I post it here. Mod, feel free to move it.

This tool de-obfuscates JASS code in case your deprotector didn't do it or didn't do it well enough. I tested it with both .j files and .wts files recovered with xdep.
Features (all features can be turned off in .ini file):
Indents lines, inserts blank lines between functions.
Renames globals, locals and functions (xdep only renames globals).
Restores integers obfuscated as hexadecimals or characters (e.g. 'd' is restored as 100), bypasses simple arithmetic operations with constants (e.g. 123+877 is restored as 1000) and restores unit/item/etc IDs after that (so if protector converted 'U000' to 135436526+1293784898 the original ID will get recovered).
Extracts strings from WTS.
Prints function definitions and their line numbers to another file.
Inlines short functions (mostly generated by GUI)
Does not bug up when it finds a linebreak inside string constant (xdep stops indenting lines in this case).

.zip file contains .exe console application and .ini config file.
All input/output files are defined in .ini

http://www.mediafire.com/?1yypxxwmcd3

Antivirus Version Last Update Result
AhnLab-V3 2008.5.22.1 2008.05.22 -
AntiVir 7.8.0.19 2008.05.22 -
Virus total results

Authentium 5.1.0.4 2008.05.22 -
Avast 4.8.1195.0 2008.05.22 -
AVG 7.5.0.516 2008.05.22 -
BitDefender 7.2 2008.05.22 -
CAT-QuickHeal 9.50 2008.05.22 -
ClamAV 0.92.1 2008.05.22 -
DrWeb 4.44.0.09170 2008.05.22 -
eSafe 7.0.15.0 2008.05.22 -
eTrust-Vet 31.4.5812 2008.05.22 -
Ewido 4.0 2008.05.22 -
F-Prot 4.4.2.54 2008.05.16 -
F-Secure 6.70.13260.0 2008.05.22 -
Fortinet 3.14.0.0 2008.05.22 -
GData 2.0.7306.1023 2008.05.22 -
Ikarus T3.1.1.26.0 2008.05.22 -
Kaspersky 7.0.0.125 2008.05.22 -
McAfee 5301 2008.05.22 -
Microsoft 1.3520 2008.05.22 -
NOD32v2 3123 2008.05.22 -
Norman 5.80.02 2008.05.22 -
Panda 9.0.0.4 2008.05.22 -
Prevx1 V2 2008.05.22 -
Rising 20.45.32.00 2008.05.22 -
Sophos 4.29.0 2008.05.22 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.22 -
TheHacker 6.2.92.317 2008.05.22 -
VBA32 3.12.6.6 2008.05.22 -
VirusBuster 4.3.26:9 2008.05.22 -
Webwasher-Gateway 6.6.2 2008.05.22 -

Looks good

44k, I dont trust it. Could be a password stealer. who knows!! When I get a chance, I will try it on my other lappy with a banned key.

_________________
.
.
How to use cheats: http://forum.wc3edit.net/announces/are- ... 35804.html

I don't trust this either ...

It's 76kb... though he is from Vampirism Fire... so idk...

_________________
Computer Specs:
Motherboard: GA-990FXA-UD3
CPU: FX-8350 @ 4.0GHz
PSU: Corsair CX500
RAM: G.Skill Ripjaws X 8GB @ 1866
GPU: Radeon HD 4870 1GB
HDD: OCZ Vertex series 30GB SSD
Case: Antec 900
Monitor: Toshiba 32"
OS: Windows 7 Ultimate

I trust him, he made the RSA that Shamanno is gonna hate .

_________________

wow i didnt know you got such attitude.
here are the sources, if u still dont trust the .exe it then compile the sources yourself.

http://www.mediafire.com/?mtwxtbmxajg

I'll trust him. Looks safe , I'll test it out!
Well, it's an interesting program. It took the war3map.j and the war3map.wts and made two new files, war3mapDECL.j and war3mapDO.j. The DO is the normal war3map.j file. The DECL is actually just a list of the function titles, in order. It's a bunch of this.
I'm not even sure if it was obsfuscated beforehand, but afterward, it had changed from this
to THIS
It also tried to change rawcodes to four character rawcodes, from the integers that they were, but I unfortunately didn't have a .j file with that, so it did nothing. If anyone has a file with that type of protection, go ahead and try this, but I can't fully test it at the moment. One thing that was annoying, though, was that it renamed everything. I could have changed that, but it was the default. If I searched for function main, it will not come up. You need to figure out which line it was in the original, and scroll to it in the new one. Basically, it is TRUE AS ADVERTISED. If anyone else would like to test the other functions that I did not, please do, but this program seems like it will work if it IS obsfuscated. For the amount of stuff that this has, I also doubt it has room for a virus, and as everyone's scans have come up clean... We can trust him. This seems like a very useful tool for deobsfuscation, I'm going to keep it in case I do need it!

(edit) Yeah, you're right. I don't know what's up with that, nobody bothered to actually download and run a virus check, they just assumed that since it was that small, it must be a virus. Though, it doesn't help that you just joined yesterday, and that was your first post. Besides, my antivirus makes this horrible noise if I try to download spyware, and stops the download until I tell it to go, lol. Kaspersky seems pretty good so far!

_________________
My Warcraft III Tool Collection
If you want to chat/game with me:
Blizzard: Senethior459#1962
Discord: Kyle#7409
Steam: Spacekidkyle

Its small because there are no resources (except an icon which takes up 1 kb) and its done in C++ with no .net or anything, plus its console. I don't know how people manage to make 1 MB .exe files unless they put in a bunch of images and stuff.

Anyway, I suppose I should not rename the "main" function because then it will not work. But other than that, most of the time obfuscated files rename all variables/functions to those O1I0 things so making these options set by default is okay.

Cool tool, I wish I had thie earlier lol. Would have saved me some time.

_________________
You know why the Yankees always win, Frank?
'Cause they have Mickey Mantle?
No, it's 'cause the other teams can't stop staring at those damn pinstripes.