r00tten/cf38dd8ffa483be2768ac60eb0f00a4e_decrypt.py

## cf38dd8ffa483be2768ac60eb0f00a4e_decrypt.py
#!/usr/bin/python
import sys
import struct
import re
from rijndael.cipher.crypt import new
from rijndael.cipher.blockcipher import MODE_CBC

encValues = []

def readValues():
    file = open('encrypttedValues', 'r')
    data = file.read()
    file.close()

    sp = data.split('\n\n')

    for i in range(len(sp)):
        tempArr = []

        for j in (sp[i].split('\n')):
            tempArr.append(hex(int(j)))

        encValues.append(tempArr)

def searchAndReplace(fName):
    file = open(fName, 'r')
    data = file.read()
    file.close()

    pat = re.findall('<Module>.\\\\u200C\(\w+\)', data)

    for i in pat:
        num = re.findall('[0-9]{6}', i)
        dec = twoHunc(int(num[0]))
        dec = dec.replace('\\', '\\\\')
        data = re.sub('<Module>.\\\\u200C\(' + num[0] + '\)', '\"' + dec + '\"', data)
        #data.replace('<Module>.\\u200C(' + num[0] + ')', dec)


    updatedfName = fName.split('.')[0] + '_sNr.cs'
    file = open(updatedfName, 'w')
    file.write(data)
    file.close()

def blockCopy(arr1, t, arr2, m, k, typ):
    counter = 0
    for i in range(t, len(arr1)):
        temp = tuple(struct.pack('<' + typ, int(arr1[i], 16)))
        for j in temp:
            if counter < k:
                arr2.append(hex(ord(j)))
                counter += 1

def arrayToStr(arr):
    arrStr = ''
    temp = ''
    for i in range(len(arr)):
        temp = arr[i].split('x')[1]
        if len(temp) < 2:
            temp = '0' + temp
        arrStr += temp

    return arrStr

def rijndaelDecrypt(A_0, A_1, A_2):
    rjn = new(A_1, MODE_CBC, A_2, blocksize=16)
    return rjn.decrypt(A_0)

def twoHunc(A_0):
    array2 = []
    array3 = []
    array4 = []

    #object[] u = <Module>.\u1680;

    num7 = 32
    num8 = 16

    num3 = 0
    num6 = 2
    num5 = 8

    num4 = 861
    num9 = 6668
    num3 = A_0

    num3 = num3 >> num6
    num3 = num3 - num5 + num4 - 28354
    num3 = (num3 ^ num4 ^ num9)

    num3 = num3 - 831
    num3 = (num3 - num4) / num5

    array = encValues[num3];

    #Buffer.BlockCopy(array, 0, array2, 0, array.Length * 4);
    blockCopy(array, 0, array2, 0, len(array) * 4, 'L')

    array5 = []
    array5 = array2

    num10 = len(array5) - num7 + num8

    array6 = []

    #Buffer.BlockCopy(array5, 0, array3, 0, num7);
    blockCopy(array5, 0, array3, 0, num7, 'B')
    #Buffer.BlockCopy(array5, num7, array4, 0, num8);
    blockCopy(array5, num7, array4, 0, num8, 'B')
    #Buffer.BlockCopy(array5, num7 + num8, array6, 0, num10);
    blockCopy(array5, num7 + num8, array6, 0, num10, 'B')

    array6Str = arrayToStr(array6)
    array3Str = arrayToStr(array3)
    array4Str = arrayToStr(array4)

    #return Encoding.UTF8.GetString(<Module>.\u202B(array6, array3, array4));
    dec = rijndaelDecrypt(str(bytearray.fromhex(array6Str)), str(bytearray.fromhex(array3Str)), str(bytearray.fromhex(array4Str)))
    return dec.strip()

def main():
    if len(sys.argv) <= 1:
        print '[+] decryptor.py <file_to_decrypt>'
        exit()
    readValues()
    searchAndReplace(sys.argv[1])

if __name__ == "__main__":
    main()
	#!/usr/bin/python
	import sys
	import struct
	import re
	from rijndael.cipher.crypt import new
	from rijndael.cipher.blockcipher import MODE_CBC

	encValues = []

	def readValues():
	file = open('encrypttedValues', 'r')
	data = file.read()
	file.close()

	sp = data.split('\n\n')

	for i in range(len(sp)):
	tempArr = []

	for j in (sp[i].split('\n')):
	tempArr.append(hex(int(j)))

	encValues.append(tempArr)

	def searchAndReplace(fName):
	file = open(fName, 'r')
	data = file.read()
	file.close()

	pat = re.findall('<Module>.\\\\u200C\(\w+\)', data)

	for i in pat:
	num = re.findall('[0-9]{6}', i)
	dec = twoHunc(int(num[0]))
	dec = dec.replace('\\', '\\\\')
	data = re.sub('<Module>.\\\\u200C\(' + num[0] + '\)', '\"' + dec + '\"', data)
	#data.replace('<Module>.\\u200C(' + num[0] + ')', dec)


	updatedfName = fName.split('.')[0] + '_sNr.cs'
	file = open(updatedfName, 'w')
	file.write(data)
	file.close()

	def blockCopy(arr1, t, arr2, m, k, typ):
	counter = 0
	for i in range(t, len(arr1)):
	temp = tuple(struct.pack('<' + typ, int(arr1[i], 16)))
	for j in temp:
	if counter < k:
	arr2.append(hex(ord(j)))
	counter += 1

	def arrayToStr(arr):
	arrStr = ''
	temp = ''
	for i in range(len(arr)):
	temp = arr[i].split('x')[1]
	if len(temp) < 2:
	temp = '0' + temp
	arrStr += temp

	return arrStr

	def rijndaelDecrypt(A_0, A_1, A_2):
	rjn = new(A_1, MODE_CBC, A_2, blocksize=16)
	return rjn.decrypt(A_0)

	def twoHunc(A_0):
	array2 = []
	array3 = []
	array4 = []

	#object[] u = <Module>.\u1680;

	num7 = 32
	num8 = 16

	num3 = 0
	num6 = 2
	num5 = 8

	num4 = 861
	num9 = 6668
	num3 = A_0

	num3 = num3 >> num6
	num3 = num3 - num5 + num4 - 28354
	num3 = (num3 ^ num4 ^ num9)

	num3 = num3 - 831
	num3 = (num3 - num4) / num5

	array = encValues[num3];

	#Buffer.BlockCopy(array, 0, array2, 0, array.Length * 4);
	blockCopy(array, 0, array2, 0, len(array) * 4, 'L')

	array5 = []
	array5 = array2

	num10 = len(array5) - num7 + num8

	array6 = []

	#Buffer.BlockCopy(array5, 0, array3, 0, num7);
	blockCopy(array5, 0, array3, 0, num7, 'B')
	#Buffer.BlockCopy(array5, num7, array4, 0, num8);
	blockCopy(array5, num7, array4, 0, num8, 'B')
	#Buffer.BlockCopy(array5, num7 + num8, array6, 0, num10);
	blockCopy(array5, num7 + num8, array6, 0, num10, 'B')

	array6Str = arrayToStr(array6)
	array3Str = arrayToStr(array3)
	array4Str = arrayToStr(array4)

	#return Encoding.UTF8.GetString(<Module>.\u202B(array6, array3, array4));
	dec = rijndaelDecrypt(str(bytearray.fromhex(array6Str)), str(bytearray.fromhex(array3Str)), str(bytearray.fromhex(array4Str)))
	return dec.strip()

	def main():
	if len(sys.argv) <= 1:
	print '[+] decryptor.py <file_to_decrypt>'
	exit()
	readValues()
	searchAndReplace(sys.argv[1])

	if __name__ == "__main__":
	main()