MayerDaniel/ida_dec.py

## ida_dec.py
def strdec(offset, key, leng, mult=1664525, const=1013904223):
    out = bytearray()

    bytes_read = ida_bytes.get_bytes(offset, leng)

    for i in range(len(bytes_read)):
        key = mult * key + const
        b1 = (bytes_read[i] ^ (key >> 12)) & 0xff
        out.append(b1)

    print(out)

    ida_bytes.patch_bytes(offset, bytes(out))


def decrypt_ida(addr):
    for xref in CodeRefsTo(addr, 0): #0x4016E6
        args = [] #order will be seed, offset, leng

        heads = [x for x in Heads(xref - 250, xref)] #reverse since we are looking backwards
        heads.reverse()
        for h in heads:
            if idc.print_insn_mnem(h) == 'push':
                args.append(idc.get_operand_value(h,0))
                if len(args) == 3:
                    break
        strdec(args[1], args[0], args[2])
	def strdec(offset, key, leng, mult=1664525, const=1013904223):
	out = bytearray()

	bytes_read = ida_bytes.get_bytes(offset, leng)

	for i in range(len(bytes_read)):
	key = mult * key + const
	b1 = (bytes_read[i] ^ (key >> 12)) & 0xff
	out.append(b1)

	print(out)

	ida_bytes.patch_bytes(offset, bytes(out))


	def decrypt_ida(addr):
	for xref in CodeRefsTo(addr, 0): #0x4016E6
	args = [] #order will be seed, offset, leng

	heads = [x for x in Heads(xref - 250, xref)] #reverse since we are looking backwards
	heads.reverse()
	for h in heads:
	if idc.print_insn_mnem(h) == 'push':
	args.append(idc.get_operand_value(h,0))
	if len(args) == 3:
	break
	strdec(args[1], args[0], args[2])