Last active
May 16, 2020 18:35
-
-
Save raw-data/14915eca4e5e2963a9056f935442358d to your computer and use it in GitHub Desktop.
CTF Loader strings decryptor for md5: 7cc0b212d1b8ceb808c250495d83bae4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
############################################################################ | |
# link https://twitter.com/malwrhunterteam/status/1075454863008382976 | |
# Ref sample: | |
# file name: winsvc | |
# md5: 7cc0b212d1b8ceb808c250495d83bae4 | |
# sha1: d2c161ce52240b61d632607a2262890327d82502 | |
# sha256: ef0cb0a1a29bcdf2b36622f72734aec8d38326fc8f7270f78bd956e706a5fd57 | |
# | |
# Author: raw-data | |
############################################################################ | |
# { | |
# const char *v1; // edi | |
# signed int v2; // esi | |
# _BYTE *result; // eax | |
# _BYTE *v4; // ecx | |
# int v5; // edi | |
# signed int v6; // ebp | |
# v1 = a1; | |
# v2 = strlen(a1); | |
# result = malloc(v2 + 1); | |
# if ( v2 <= 0 ) | |
# { | |
# *result = 0; | |
# } | |
# else | |
# { | |
# v4 = result; | |
# v5 = v1 - result; | |
# v6 = v2; | |
# do | |
# { | |
# *v4 = v4[v5] - 1; | |
# ++v4; | |
# --v6; | |
# } | |
# while ( v6 ); | |
# result[v2] = 0; | |
# } | |
# return result; | |
# } | |
words = [ 'qfsgd', 'dugnpo/fyf', 'ifxmf/ljfmtptfswjdf/ofu', | |
'Tpguxbsf]Njdsptpgu', ']Xjoepxt]Dvssfouwfstjpo]Svo', | |
'KJUEgcvh', 'Fowjsponfou', 'Rsq', 'dne', '!0d!tubsu!&Rsq&!', | |
'\'\'!fyju' ] | |
print("%-40s %-40s" % ("Encrypted", "Decrypted")) | |
print("="*72) | |
for word in words: | |
mapping = (word, ''.join([chr(ord(char) - 1) for char in word])) | |
print("%-40s %-40s" % (mapping[0], mapping[1])) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment