Proctorio .7z deobfuscation script

README.md

Read the VICE article first

This code snippet will allow anyone to independently verify the claims of this blog post.

Proctorio is violating Google's Policies about code obfuscation.

deobfu.php

<?php
/**
 * Created by Soatok to demo the deobfuscation
 *
 * Original discovery: https://proctor.ninja/the-duality-of-obfuscation-feat
 *
 * Steps to reproduce (Windows)
 *
 * 1. Download the Chrome Extension
 *    - The easy way to do this is to install it into Chrome, then navigate to "%localappdata%\Google\Chrome\User Data\Default\Extensions\fpmapakogndmenjcfoajifaaonnkpkei"
 * 2. Make sure you have PHP installed. You can download it for Windows.
 * 3. Navigate to assets\packs
 * 4. Copy this PHP script into the same directory
 * 5. Run `php.exe deobfu.php`
 * 6. Observe OpenCV XML files, as claimed.
 */

$xorKey = "pIoMIke";
foreach (glob("*.7z") as $file) {
    if (preg_match('/deobfu/', $file)) continue; // already done

    $tmp = explode('/', trim($file, '/'));
    $filename = array_pop($tmp);
    $pieces = explode('.', $filename);

    // Get encrypted file
    $raw = file_get_contents($file);
    $raw_length = mb_strlen($raw, '8bit');
    $repeat = ceil($raw_length / 7); // 7 == $xorKey length

    // Decrypt
    $keystream = mb_substr(str_repeat($xorKey, $repeat), 0, $raw_length, '8bit');
    $raw = $raw ^ $keystream;

    // Output to debofu file:
    $pieces[0] .= '-deobfu';
    $pieces[1] = 'xml';
    file_put_contents(implode('.', $pieces), $raw);
}