Verified Commit efcc4f8b authored by Zander Work's avatar Zander Work
Browse files

updated malware scripts

parent eab9285e
#!/usr/bin/env python3
import binascii
import struct
import sys
def decrypt_packet(key, packet):
packet = binascii.unhexlify(packet)
length = struct.unpack("<H", packet[37:39])
if length == 0:
return
enc_bytes = packet[39:]
key = binascii.unhexlify(key)
out_pkt = b""
for i in range(len(enc_bytes)):
out_pkt += bytes([enc_bytes[i] ^ key[i % len(key)]])
return out_pkt
def main(argv):
if len(argv) != 3:
print("usage: ./dec_pkt.py [key binascii] [pkt binascii]")
return 1
print(decrypt_packet(argv[1], argv[2]))
return 0
if __name__ == "__main__":
sys.exit(main(sys.argv))
\ No newline at end of file
......@@ -63,4 +63,5 @@ strs = get_strs(elf, config["stiv"], config["stky"])
if len(sys.argv) > 1:
print(strs[int(sys.argv[1])])
else:
print(strs)
\ No newline at end of file
for i in range(len(strs)):
print(f"{hex(i)}\t{strs[i]}")
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment