levisre · June 26, 2017 10:02
diff --git a/check_ext.au3 b/check_ext.au3
 #include <Array.au3>
 #include <File.au3>
 #include <Misc.au3>

 _Singleton(@ScriptName)
 Opt('MustDeclareVars', 1)

 Global Const $EXTENSIONS_PATH = getDefaultExtensionsPath()

 startScan()
 Func getDefaultExtensionsPath()
 	Local $path = @LocalAppDataDir & '\Google\Chrome\'

 	If Not FileExists($path) Then
 		$path = @LocalAppDataDir & '\CocCoc\Browser\'

 		If Not FileExists($path) Then Return ''
 	EndIf

 	Return $path & 'User Data\Default\Extensions\'
 EndFunc

 Func startScan()
 	Local $path = getDefaultExtensionsPath()
 	If $path And FileExists($path) Then
 		If StringLeft($path, 1) <> '\' Then $path &= '\'

 		Local $extensions = _FileListToArray($path, '*', 2)
 		_log('Total extensions: ' & $extensions[0] & @CRLF)

 		; Remove counter
 		_ArrayDelete($extensions, 0)

 		For $extension In $extensions
 			checkExtension($path, $extension)
 		Next

 		_log('Done!' & @CRLF)
 	Else
 		Return False
 	EndIf
 EndFunc

 Func checkExtension($path, $extension)
 	If StringLen($extension) <> 32 Then Return False

 	_log('Checking extension: ' & $extension & @TAB)

 	; Ignore IDs
 	If $extension == 'ngpampappnmepgilojfohadhhmbhlaek' Or $extension == 'hmlcjjclebjnfohgmgikjfnbmfkigocc' Then
 		_log(' [OK]' & @CRLF)
 		Return True
 	EndIf

 	; Malware extension ID
 	If $extension == 'ldobpmmlhhamdbpcipmehcibdlkoliah' Then
 		_log(' [Malware Extension]' & @CRLF)
 		Return False
 	EndIf

 	; Read manifest.json
 	Local $manifestPath = getManifestPath($path & $extension)
 	If $manifestPath == False Then
 		_log(' [ERROR]' & @CRLF)
 		Return False
 	Else
 		Local $fp = FileOpen($manifestPath)
 		Local $data = FileRead($fp)
 		FileClose($fp)

 		If StringInStr($data, '"name": "IDM Integration Module"') Then
 			If StringInStr($data, '"author": "J2Team"') Then
 				_log(' [Malware Extension]' & @CRLF)
 			Else
 				_log(' [Fake IDM Extension]' & @CRLF)
 			EndIf
 			Return False
 		EndIf
 	EndIf

 	; Everything is OK
 	_log(' [OK]' & @CRLF)
 	Return True
 EndFunc

 Func getManifestPath($path)
 	Local $tempArr = _FileListToArray($path, '*', 2, True)
 	If Not @error And $tempArr[0] > 0 Then
 		Return $tempArr[1] & '\manifest.json'
 	Else
 		Return False
 	EndIf
 EndFunc

 Func _log($msg)
 	ConsoleWrite($msg)
 EndFunc
	#include <Array.au3>
	#include <File.au3>
	#include <Misc.au3>

	_Singleton(@ScriptName)
	Opt('MustDeclareVars', 1)

	Global Const $EXTENSIONS_PATH = getDefaultExtensionsPath()

	startScan()
	Func getDefaultExtensionsPath()
	Local $path = @LocalAppDataDir & '\Google\Chrome\'

	If Not FileExists($path) Then
	$path = @LocalAppDataDir & '\CocCoc\Browser\'

	If Not FileExists($path) Then Return ''
	EndIf

	Return $path & 'User Data\Default\Extensions\'
	EndFunc

	Func startScan()
	Local $path = getDefaultExtensionsPath()
	If $path And FileExists($path) Then
	If StringLeft($path, 1) <> '\' Then $path &= '\'

	Local $extensions = _FileListToArray($path, '*', 2)
	_log('Total extensions: ' & $extensions[0] & @CRLF)

	; Remove counter
	_ArrayDelete($extensions, 0)

	For $extension In $extensions
	checkExtension($path, $extension)
	Next

	_log('Done!' & @CRLF)
	Else
	Return False
	EndIf
	EndFunc

	Func checkExtension($path, $extension)
	If StringLen($extension) <> 32 Then Return False

	_log('Checking extension: ' & $extension & @TAB)

	; Ignore IDs
	If $extension == 'ngpampappnmepgilojfohadhhmbhlaek' Or $extension == 'hmlcjjclebjnfohgmgikjfnbmfkigocc' Then
	_log(' [OK]' & @CRLF)
	Return True
	EndIf

	; Malware extension ID
	If $extension == 'ldobpmmlhhamdbpcipmehcibdlkoliah' Then
	_log(' [Malware Extension]' & @CRLF)
	Return False
	EndIf

	; Read manifest.json
	Local $manifestPath = getManifestPath($path & $extension)
	If $manifestPath == False Then
	_log(' [ERROR]' & @CRLF)
	Return False
	Else
	Local $fp = FileOpen($manifestPath)
	Local $data = FileRead($fp)
	FileClose($fp)

	If StringInStr($data, '"name": "IDM Integration Module"') Then
	If StringInStr($data, '"author": "J2Team"') Then
	_log(' [Malware Extension]' & @CRLF)
	Else
	_log(' [Fake IDM Extension]' & @CRLF)
	EndIf
	Return False
	EndIf
	EndIf

	; Everything is OK
	_log(' [OK]' & @CRLF)
	Return True
	EndFunc

	Func getManifestPath($path)
	Local $tempArr = _FileListToArray($path, '*', 2, True)
	If Not @error And $tempArr[0] > 0 Then
	Return $tempArr[1] & '\manifest.json'
	Else
	Return False
	EndIf
	EndFunc

	Func _log($msg)
	ConsoleWrite($msg)
	EndFunc