Comments (8)
Samples emailed.
John
from macrome.
deobfuscate DID work on this test spreadsheet
from macrome.
Yup, I'd call this a bug. Do you feel comfortable sharing this file, or a similar file that causes the crash? I can't fix this issue without being able to reproduce it locally unfortunately.
My guess is that whatever cell is at A14 is what's causing it to blow up, so if you can't share it, but you can somehow open the file in Excel and copy paste out that cell's contents, I can probably try to fix that as well.
If I had to guess, it's because of the ARGUMENT usage - I've never actually seen that used before, but my guess is that after defining the argument for a user defined function and then invoking it, there's some extra garbage added to that invocation's BIFF record and that's what's causing problems.
from macrome.
from macrome.
I attached the files to that email. I'm hoping you received them, and that github didn't just filter them out.
John
from macrome.
Unfortunately it looks like the attachments got eaten. Depending on what your personal opsec thresholds are there's a few options here:
- Email it directly to me at mi[c]h[a]el[[.]]]we[][]ber[][@]][[malw][[are][.]piz[]]za (with no []s in it).
- Host it somewhere you feel comfortable, provide a link, and then delete the files after I verify I've grabbed them. You can send me the link via email if you like.
- Use the github site to reply to this, and then you can drag+drop the zip file as an attachment. I'll delete the issue post after I grab the files.
- I'm open to other suggestions as well.
The bug is definitely in my formula parsing code, but I'm not entirely sure where it might be.
Cheers!
-Mike
from macrome.
I was able to use the samples you sent me to improve Macrome's parsing of BiffRecords, specifically with regards to funky ranges which create extra PtgRange and PtgMemArea records. These were previously unhandled - they will now properly dump information.
If you're comfortable pulling down the latest code and compiling it, give it a try - otherwise I'll push a release in the coming days and you can work with that.
Thanks for helping improve this tool!
from macrome.
I've pushed a release containing the fix for this issue. Going to close for now, but if errors continue popping up please reopen it!
from macrome.
Related Issues (15)
- Payload HOT 5
- error HOT 6
- Formula too long HOT 3
- Sequence contains no elements. HOT 3
- Decoy Documents can only have 1 sheet
- XOR Obfuscated Documents cannot have normal Images
- Auto_Open Obfuscation breaks auto execution on MacOS HOT 1
- i work on xlsb macro sheet (biff12) mal detect, read this xls code but noticed some record not in ms xls document , but macrome has HOT 4
- Why my xls just keep loading & stuck?
- Dotnet supported version HOT 4
- cobaltstrike HOT 18
- not working in Excel 2016 32bit HOT 21
- Auto_open Never Triggers HOT 7
- How to use msf to get reverse shell, I will crash here HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from macrome.