Created
April 21, 2018 21:06
-
-
Save mchubby/f2fc334c4648ea5b21bdeafc4798f9ec to your computer and use it in GitHub Desktop.
0x9597 ISF decryption scripts (D.O.)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# By Kelebek1@fuwa | |
# From https://pastebin.com/GmQyfR0h | |
# 0x9597 ISF decryption scripts | |
import os | |
import sys | |
import struct | |
def get_data(filename): | |
totalbytes = os.path.getsize(filename) | |
infile = open(filename, 'rb') | |
totalfiledata = infile.read(totalbytes) | |
infile.close() | |
return totalfiledata | |
if __name__ == '__main__': | |
filedata = get_data(sys.argv[1]) | |
filecnt = struct.unpack('<I', filedata[0x8:0xc])[0] | |
datastart = struct.unpack('<I', filedata[0xc:0x10])[0] | |
for i in range(0x20, 0x20+(filecnt*0x14), 0x14): | |
filename = '' | |
a = i | |
while (ord(filedata[a]) != 0x0) and (len(filename) <= 12): | |
filename += filedata[a:a+1] | |
a += 1 | |
filepos = struct.unpack('<I', filedata[i+0xc:i+0x10])[0] | |
filelen = struct.unpack('<I', filedata[i+0x10:i+0x14])[0] | |
print 'Extracting %s - pos %x len %x' % (filename, filepos, filelen) | |
filed = bytearray(filedata[filepos:filepos+filelen]) | |
if struct.unpack('>H', filed[0x4:0x6])[0] == 0x9597: | |
print 'Moo' | |
# xor | |
for a in range(0x8, len(filed)): | |
filed[a] = ((filed[a] << 0x6) | (filed[a] >> 0x2)) & 0xFF | |
# try read the strings... | |
newfiledata = '' | |
strpos = struct.unpack('<I', filed[:4])[0] | |
stringcount = 0 | |
for a in range(0x8, strpos, 0x4): | |
currstrpos = struct.unpack('<I', filed[a:a+4])[0] + strpos | |
if a+0x4 == strpos: | |
nextstrpos = len(filed) | |
else: | |
nextstrpos = struct.unpack('<I', filed[a+4:a+8])[0] + strpos | |
# print 'start of string: %x end of string %x' % (currstrpos, nextstrpos) | |
if filed.find('\x2b', currstrpos, nextstrpos) != -1: | |
stringpos = filed.find('\xff\x7f', currstrpos, nextstrpos) | |
if stringpos != -1: | |
# assume we have a string | |
# get the char name | |
charnamepos = filed.find('\x03\x11', currstrpos, nextstrpos) | |
# get the string | |
stringpos += 2 | |
string = '' | |
while filed[stringpos] != 0x0 and stringpos <= nextstrpos: | |
if filed[stringpos] != 0x7f: | |
string += chr(filed[stringpos]) | |
stringpos += 1 | |
if filed[charnamepos+2] > 0: | |
newfiledata += 'name: %x : %s\n' % (filed[charnamepos+2], string) | |
else: | |
newfiledata += string + '\n' | |
stringcount += 1 | |
# print 'string was: %s' % string | |
outfile = open(filename + '_decoded', 'wb') | |
outfile.write(filed) | |
outfile.close() | |
outfile = open(filename.rsplit('.', 1)[0] + '_strings.txt', 'wb') | |
outfile.write(newfiledata) | |
outfile.close() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment