mchubby/isfunpackscripts.py

## isfunpackscripts.py
# By Kelebek1@fuwa
# From https://pastebin.com/GmQyfR0h
# 0x9597 ISF decryption scripts

import os
import sys
import struct


def get_data(filename):
    totalbytes = os.path.getsize(filename)
    infile = open(filename,  'rb')
    totalfiledata = infile.read(totalbytes)
    infile.close()
    return totalfiledata


if __name__ == '__main__':
    filedata = get_data(sys.argv[1])
    filecnt = struct.unpack('<I', filedata[0x8:0xc])[0]
    datastart = struct.unpack('<I', filedata[0xc:0x10])[0]

    for i in range(0x20, 0x20+(filecnt*0x14), 0x14):
        filename = ''
        a = i
        while (ord(filedata[a]) != 0x0) and (len(filename) <= 12):
            filename += filedata[a:a+1]
            a += 1

        filepos = struct.unpack('<I', filedata[i+0xc:i+0x10])[0]
        filelen = struct.unpack('<I', filedata[i+0x10:i+0x14])[0]
        print 'Extracting %s - pos %x len %x' % (filename, filepos, filelen)

        filed = bytearray(filedata[filepos:filepos+filelen])
        if struct.unpack('>H', filed[0x4:0x6])[0] == 0x9597:
            print 'Moo'
            # xor
            for a in range(0x8, len(filed)):
                filed[a] = ((filed[a] << 0x6) | (filed[a] >> 0x2)) & 0xFF

        # try read the strings...
        newfiledata = ''
        strpos = struct.unpack('<I', filed[:4])[0]
        stringcount = 0

        for a in range(0x8, strpos, 0x4):
            currstrpos = struct.unpack('<I', filed[a:a+4])[0] + strpos
            if a+0x4 == strpos:
                nextstrpos = len(filed)
            else:
                nextstrpos = struct.unpack('<I', filed[a+4:a+8])[0] + strpos
            # print 'start of string: %x end of string %x' % (currstrpos, nextstrpos)

            if filed.find('\x2b', currstrpos, nextstrpos) != -1:
                stringpos = filed.find('\xff\x7f', currstrpos, nextstrpos)
                if stringpos != -1:
                    # assume we have a string
                    # get the char name
                    charnamepos = filed.find('\x03\x11', currstrpos, nextstrpos)

                    # get the string
                    stringpos += 2
                    string = ''
                    while filed[stringpos] != 0x0 and stringpos <= nextstrpos:
                        if filed[stringpos] != 0x7f:
                            string += chr(filed[stringpos])
                        stringpos += 1
                    if filed[charnamepos+2] > 0:
                        newfiledata += 'name: %x : %s\n' % (filed[charnamepos+2], string)
                    else:
                        newfiledata += string + '\n'
                    stringcount += 1
                    # print 'string was: %s' % string

        outfile = open(filename + '_decoded', 'wb')
        outfile.write(filed)
        outfile.close()

        outfile = open(filename.rsplit('.', 1)[0] + '_strings.txt', 'wb')
        outfile.write(newfiledata)
        outfile.close()
	# By Kelebek1@fuwa
	# From https://pastebin.com/GmQyfR0h
	# 0x9597 ISF decryption scripts

	import os
	import sys
	import struct


	def get_data(filename):
	totalbytes = os.path.getsize(filename)
	infile = open(filename, 'rb')
	totalfiledata = infile.read(totalbytes)
	infile.close()
	return totalfiledata


	if __name__ == '__main__':
	filedata = get_data(sys.argv[1])
	filecnt = struct.unpack('<I', filedata[0x8:0xc])[0]
	datastart = struct.unpack('<I', filedata[0xc:0x10])[0]

	for i in range(0x20, 0x20+(filecnt*0x14), 0x14):
	filename = ''
	a = i
	while (ord(filedata[a]) != 0x0) and (len(filename) <= 12):
	filename += filedata[a:a+1]
	a += 1

	filepos = struct.unpack('<I', filedata[i+0xc:i+0x10])[0]
	filelen = struct.unpack('<I', filedata[i+0x10:i+0x14])[0]
	print 'Extracting %s - pos %x len %x' % (filename, filepos, filelen)

	filed = bytearray(filedata[filepos:filepos+filelen])
	if struct.unpack('>H', filed[0x4:0x6])[0] == 0x9597:
	print 'Moo'
	# xor
	for a in range(0x8, len(filed)):
	filed[a] = ((filed[a] << 0x6) \| (filed[a] >> 0x2)) & 0xFF

	# try read the strings...
	newfiledata = ''
	strpos = struct.unpack('<I', filed[:4])[0]
	stringcount = 0

	for a in range(0x8, strpos, 0x4):
	currstrpos = struct.unpack('<I', filed[a:a+4])[0] + strpos
	if a+0x4 == strpos:
	nextstrpos = len(filed)
	else:
	nextstrpos = struct.unpack('<I', filed[a+4:a+8])[0] + strpos
	# print 'start of string: %x end of string %x' % (currstrpos, nextstrpos)

	if filed.find('\x2b', currstrpos, nextstrpos) != -1:
	stringpos = filed.find('\xff\x7f', currstrpos, nextstrpos)
	if stringpos != -1:
	# assume we have a string
	# get the char name
	charnamepos = filed.find('\x03\x11', currstrpos, nextstrpos)

	# get the string
	stringpos += 2
	string = ''
	while filed[stringpos] != 0x0 and stringpos <= nextstrpos:
	if filed[stringpos] != 0x7f:
	string += chr(filed[stringpos])
	stringpos += 1
	if filed[charnamepos+2] > 0:
	newfiledata += 'name: %x : %s\n' % (filed[charnamepos+2], string)
	else:
	newfiledata += string + '\n'
	stringcount += 1
	# print 'string was: %s' % string

	outfile = open(filename + '_decoded', 'wb')
	outfile.write(filed)
	outfile.close()

	outfile = open(filename.rsplit('.', 1)[0] + '_strings.txt', 'wb')
	outfile.write(newfiledata)
	outfile.close()