class DumperService { static async analyze(content, name) { const logs = []; const envLogs = []; const dumpedOutput = []; logs.push(`[SYSTEM] Initializing analysis for ${name}`); // Detection let obf = 'Unknown'; if (content.includes('LPH_') || content.toLowerCase().includes('luraph')) obf = 'LURAPH'; else if (content.includes('IronBrew') || content.toLowerCase().includes('ironbrew')) obf = 'IRONBREW'; else if (content.includes('Prometheus')) obf = 'PROMETHEUS'; else if (content.includes('WeAreDevs') || content.includes('WRD')) obf = 'WEAREDEVS'; logs.push(`[LOADER] Signature identified: ${obf}`); // Scan for environment calls const globals = [ ...new Set(content.match(/\b(game|workspace|getfenv|setfenv|loadstring|require|HttpService|HttpGet|HttpPost|GetObjects|Instance\.new|shared|_G|spawn|wait|delay|tick|warn|print|error)\b/g) || []) ]; globals.forEach(g => { envLogs.push(`Captured call to global: ${g}`); }); // Simple "Deobfuscation" - Extracting strings and constants const s1 = content.match(/'[^']*'/g) || []; const s2 = content.match(/"[^"]*"/g) || []; const uniqueStrings = [...new Set([...s1, ...s2])].map(s => { return s.slice(1, -1); }).filter(s => s && s.length > 2); dumpedOutput.push('-- DUMPED CONSTANTS AND STRINGS --'); uniqueStrings.forEach(s => { const escaped = s.split("\"").join("\\\"").split("\n").join("\\n"); dumpedOutput.push(`CONST_STR["${escaped}"]`); }); // Heuristics const networkAccess = content.includes('HttpService') || content.includes('HttpGet') || content.includes('HttpPost'); const suspicious = content.includes('getfenv') || content.includes('loadstring') || content.includes('setfenv'); return { obf, logs, envLogs, dumpedOutput: dumpedOutput.join('\n'), heuristics: { network: networkAccess ? 90 : 5, obfuscation: obf !== 'Unknown' ? 100 : 15, suspicious: suspicious ? 80 : 10 } }; } } module.exports = DumperService;