ESIL unpacker example.js

const r2promise = require(`r2pipe-promise`);
const program = require(`commander`);
const exec = require(`child-process-promise`).exec;

program
    .version(`0.0.1`)
    .parse(process.argv);


async function main() {
    //accepts shellcode from command line in same form as the shell32 arg from the silverlight app
    //outputs to binary then reads it with radare
    const binary = await exec(`echo ${process.argv[2]} | xxd -r -p - test.bin`);

    const r2 = await r2promise.open(`/home/mj/emulator/test.bin`);

    await r2.cmd(`e asm.comments=false`);
    await r2.cmd(`e asm.lines=false`);
    await r2.cmd(`e asm.flags=false`);

    await r2.cmd(`e io.cache=true`);
    await r2.cmd(`e asm.bits=32`);
    await r2.cmd(`e asm.arch=x86`);
    await r2.cmd(`aei`);
    await r2.cmd(`aeim 0xffffd000 0x2000 stack`);

    //pdj print disassembly to find base of code
    // let cmd = await r2.cmdj(`pdj 1`);
    // const base = cmd[0].offset;

    //we know the base already though because we made the binary
    const base = 0;

    //grab file size from the file info
    let cmd = await r2.cmdj(`oj`);
    const end = cmd[0].size;

    //can be used to automate decoding rig shellcodes
    // //look for loop opcode
    // cmd = await r2.cmdj(`pdj 100`);
    // let decoded = null;
    //
    // for (let c of cmd) {
    //     if (c.opcode.match(`call`)) {
    //         decoded = c.offset + 5;
    //         break;
    //     }
    // }

    //continue until byte 25 which is the beginning of the decoded shellcode
    await r2.cmd(`aecu 25`);

    //print disassembly of the remainder of the size of the shellcode minus the decoder, starting at the decoder
    //aka disassemble the decoded
    const raw = await r2.cmd(`pD ${end - 25} @ 25`);

    console.log(raw);
}

main();