Add a jjdecoder function

[GoogleCodeExporter]

CVE-2013-3346 pdf samples have obfuscated Javascript code using jjencode 
(http://utf-8.jp/public/jjencode.html). It would be nice to have a jjdecoder in 
peepdf to quickly deobfuscate the code.

Sample jjdecoder written in Javascript can be found here: 
http://csc.cs.utm.my/syed/images/files/jjdecode/jjdecode.html

Some explanation about how a jjdecoder works can be found here: 
http://corkami.googlecode.com/svn-history/r399/trunk/misc/jjencode.txt

Original issue reported on code.google.com by poxyran...@gmail.com on 12 Dec 2013 at 12:28

[GoogleCodeExporter]

Hi! 

Thanks for the suggestion and info! The main problem with this exploit is that 
it generates some errors if you try to emulate the JS code encoded with the 
jjencoder:

PyV8

RangeError: Maximum call stack size exceeded (  @ 0: -1 )

SpiderMonkey

exception from uncaught JavaScript throw: java.lang.StackOverflowError

I will try to talk with the people involved in the development of PyV8 to see 
if it can be solved. If not, then probably I will add this feature ;)

Original comment by josemigu...@gmail.com on 15 Dec 2013 at 2:23

• Changed state: Accepted
• Added labels: Type-Enhancement
• Removed labels: Type-Defect

[GoogleCodeExporter]

Taking a further look at this I have seen that being able to modify the stack 
limit when the Javascript code is executed in PyV8 would solve the problem. I 
am waiting for a response about it...

It is similar to this request and solution:

https://code.google.com/p/v8/issues/detail?id=2896

Original comment by josemigu...@gmail.com on 15 Dec 2013 at 7:02

[GoogleCodeExporter]

A new command (js_jjdecode) has been added in r210 to decode this type of 
obfuscated Javascript code. Also, updating the PyV8 version it is possible to 
change the stacklimit and avoid the error "Maximum call stack size exceeded". 
This change will be added soon.

Original comment by josemigu...@gmail.com on 2 Feb 2014 at 7:56

• Changed state: Fixed