Last active
May 26, 2019 00:47
-
-
Save darkarnium/c52a176371188feb0ca3b455dcb19e7a to your computer and use it in GitHub Desktop.
Quick and dirty XOR routine for encrapted strings with a known key (eg. Mirai table.c entries)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env | |
| import sys | |
| import pprint | |
| import struct | |
| if len(sys.argv) < 2: | |
| print 'Usage: unpack.py <VALUE> [<KEY>]' | |
| sys.exit(-1) | |
| try: | |
| obfuscation_key = sys.argv[2] | |
| except IndexError: | |
| obfuscation_key = 'deadbeef' | |
| # Deobfuscate the value for the given key. | |
| try: | |
| table_key = struct.unpack('hhhh', obfuscation_key) | |
| table_val = sys.argv[1].split('\\x')[1:] | |
| except struct.error: | |
| print 'ERR: Provided key invalid: Must be 4 bytes!' | |
| sys.exit(-2) | |
| k1 = table_key[0] & 255 | |
| k2 = table_key[1] & 255 | |
| k3 = table_key[2] & 255 | |
| k4 = table_key[3] & 255 | |
| result = [] | |
| for c in table_val: | |
| x = int(c, 16) | |
| x ^= k1 | |
| x ^= k2 | |
| x ^= k3 | |
| x ^= k4 | |
| result.append(chr(x)) | |
| pprint.pprint(result) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment