Skip to content

Instantly share code, notes, and snippets.

@raw-data

raw-data/ctf_loader_str_decryptor.py

Last active May 16, 2020 18:35
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save raw-data/14915eca4e5e2963a9056f935442358d to your computer and use it in GitHub Desktop.
Save raw-data/14915eca4e5e2963a9056f935442358d to your computer and use it in GitHub Desktop.
Download ZIP
CTF Loader strings decryptor for md5: 7cc0b212d1b8ceb808c250495d83bae4
Raw
ctf_loader_str_decryptor.py
#!/usr/bin/env python
############################################################################
# link https://twitter.com/malwrhunterteam/status/1075454863008382976
# Ref sample:
# file name: winsvc
# md5: 7cc0b212d1b8ceb808c250495d83bae4
# sha1: d2c161ce52240b61d632607a2262890327d82502
# sha256: ef0cb0a1a29bcdf2b36622f72734aec8d38326fc8f7270f78bd956e706a5fd57
#
# Author: raw-data
############################################################################
# {
# const char *v1; // edi
# signed int v2; // esi
# _BYTE *result; // eax
# _BYTE *v4; // ecx
# int v5; // edi
# signed int v6; // ebp
# v1 = a1;
# v2 = strlen(a1);
# result = malloc(v2 + 1);
# if ( v2 <= 0 )
# {
# *result = 0;
# }
# else
# {
# v4 = result;
# v5 = v1 - result;
# v6 = v2;
# do
# {
# *v4 = v4[v5] - 1;
# ++v4;
# --v6;
# }
# while ( v6 );
# result[v2] = 0;
# }
# return result;
# }
words = [ 'qfsgd', 'dugnpo/fyf', 'ifxmf/ljfmtptfswjdf/ofu',
'Tpguxbsf]Njdsptpgu', ']Xjoepxt]Dvssfouwfstjpo]Svo',
'KJUEgcvh', 'Fowjsponfou', 'Rsq', 'dne', '!0d!tubsu!&Rsq&!',
'\'\'!fyju' ]
print("%-40s %-40s" % ("Encrypted", "Decrypted"))
print("="*72)
for word in words:
mapping = (word, ''.join([chr(ord(char) - 1) for char in word]))
print("%-40s %-40s" % (mapping[0], mapping[1]))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment