Skip to content

Instantly share code, notes, and snippets.

@korniltsev
Forked from alexander-hanel/nemty_str_decoder.py
Created October 2, 2022 05:46
Show Gist options
  • Save korniltsev/5d63823aa8fbf2e1a38942ebcbe504bb to your computer and use it in GitHub Desktop.
Save korniltsev/5d63823aa8fbf2e1a38942ebcbe504bb to your computer and use it in GitHub Desktop.
IDAPython script for decoding strings in nemty
import base64
from Crypto.Cipher import ARC4
def str_decrypt(enc_data):
key = 'fuckav\x00'
cipher = ARC4.new(key)
try:
enc_data = base64.b64decode(enc_data)
except:
return enc_data
return cipher.decrypt(enc_data)
for xref in CodeRefsTo(0x407395, 0):
args = idaapi.get_arg_addrs(xref)
if args:
arg_offset = args[0]
enc_offset = idc.get_operand_value(arg_offset, 0)
enc_data = idc.get_strlit_contents(enc_offset)
if enc_data:
dec_str = str_decrypt(enc_data)
idc.set_cmt(enc_offset, dec_str, 0)
print dec_str, hex(enc_offset)[:-1], hex(xref)[:-1], enc_data
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment