Skip to content

Instantly share code, notes, and snippets.

@Demonslay335
Demonslay335 / aplib.cs
Created November 1, 2021 18:17
Depack aPLib in pure C#
using System.Collections.Generic;
using System.IO;
// https://github.com/snemes/aplib/blob/master/aplib.py
public class APLib
{
protected uint Tag;
protected int BitCount;
protected uint GetBit(Stream source)
@Demonslay335
Demonslay335 / blackmatter_checksum.py
Last active May 28, 2022 23:52
Generate BlackMatter checksum
import sys, struct, base64, argparse
def gen_id_from_guid(guid: str) -> str:
checksum = checksum_string(guid + '\0')
b64 = base64.b64encode(checksum.to_bytes(8, 'little'))[0:9]
return b64.decode('utf-8').replace('+', 'x').replace('/', 'i').replace('=', 'z')
def gen_checksum_from_bytes(blob: str) -> str:
blob = bytearray.fromhex(blob)
return checksum(blob, len(blob))
@Demonslay335
Demonslay335 / gen_id.py
Last active August 12, 2020 00:07
DarkSide Ransomware ID Generation
import zlib, sys
def get_id(mac):
mac = int(mac, 16).to_bytes(6, 'big')
return checksum(mac, True)
def checksum(input, compression=False):
v3 = zlib.crc32(input, 0xDEADBEEF)
v4 = zlib.crc32(input, v3)
@Demonslay335
Demonslay335 / Sosemanuk.cs
Created July 23, 2020 16:52
Sosemanuk cryptographic algorithm in C#.
// Adapted from https://www.seanet.com/~bugbee/crypto/sosemanuk/
public class Sosemanuk
{
public Sosemanuk(byte[] key, byte[] iv)
{
BuildAlphas();
SetKey(key);
SetIV(iv);
}
@Demonslay335
Demonslay335 / notes.txt
Last active February 29, 2020 00:52
Makop Ransomware Notes
Sample:
fe52d906fa596e7ae16633074ff7178b3ac40e26a93f0009f1b33d5cbf219e91
Strings and config encrypted with static AES-256 key:
08 02 00 00 10 66 00 00 20 00 00 00 5D 1D E0 32 A9 6D E4 05 A5 5B 12 E1 1F B9 03 A1 CF 2D F8 5A 29 87 78 4D EC 28 61 C1 13 96 FA 15
Decrypted RSA-1024 public key:
06 02 00 00 00 A4 00 00 52 53 41 31 00 04 00 00 01 00 01 00 F1 D1 12 AA DF 72 34 19 DC A4 6E 18 07 15 67 9F F2 6F 4F 03 A7 61 5B 97 C5 6C 20 13 21 A7 40 24 48 91 8D 47 32 81 9B 14 D4 82 0F AF 8A F8 EC 66 8E 87 26 CD 15 37 FC 03 8D 10 BB 90 6D 1D D0 A6 41 A4 B2 60 5F 60 46 45 4C 70 44 20 54 90 C0 D9 4D F6 B2 90 33 BF 78 51 AC E5 76 F6 EB 9C CF 83 A3 21 DD F8 B9 46 67 8B 7A 04 71 54 FD D7 1B 17 DE 39 7A 70 D6 04 AE AD AF 38 B8 1C B8 73 5D A6
Targeted extensions:
@Demonslay335
Demonslay335 / FixProfile.bat
Created February 13, 2020 19:35
FixProfile
@ECHO OFF
SETLOCAL EnableDelayedExpansion
FOR /F "tokens=1,2 delims=#" %%A IN ('"prompt #$H#$E# & ECHO ON & FOR %%B IN (1) DO REM"') DO SET "DEL=%%A"
:: Elevation does not work in XP
VER | FIND /I "XP" > NUL
IF ERRORLEVEL 1 CALL :CHECK-ELEVATE
:: Process arguments
@Demonslay335
Demonslay335 / dump.py
Last active March 1, 2024 08:01
Dumps a PE from VirtualAlloc/VirtualProtect
import os
import sys
import time
import winappdbg
import traceback
class MyEventHandler(winappdbg.EventHandler):
last_alloc_memory = 0
@Demonslay335
Demonslay335 / permutations_of_arrays.cs
Last active January 31, 2019 19:33
Generate permutations of an array of arrays
// Get permutations of an array of arrays
// Adapted from: https://www.geeksforgeeks.org/combinations-from-n-arrays-picking-one-element-from-each-array/
public static IEnumerable<List<T>> PermutationsOfArrays<T>(IList<List<T>> arr)
{
// Number of arrays
int n = arr.Count();
// Keep track of next element in each of the n arrays
int[] indices = new int[n];
@Demonslay335
Demonslay335 / jemd_keygen.py
Created December 19, 2018 04:22
Keygen for Jemd Ransomware
import os, sys, argparse
# Charset used by Jemd ransomware
charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
# https://en.wikipedia.org/wiki/Linear_congruential_generator
def lcg(modulus, a, c, seed):
while True:
seed = (a * seed + c) % modulus
yield seed
@Demonslay335
Demonslay335 / calculate_rsa.cs
Last active December 17, 2018 18:49
Generate private RSA key from factored primes
using System;
using Org.BouncyCastle.Math;
public BigInteger CalculateRSA(BigInteger p, BigInteger q, BigInteger e)
{
// n = p*q - for illustration
BigInteger n = p.Multiply(q);
// phi / r = (p-1)*(q-1)
BigInteger phi = p.Subtract(BigInteger.One).Multiply(q.Subtract(BigInteger.One));