I hereby claim:
- I am secrary on github.
- I am khasaia (https://keybase.io/khasaia) on keybase.
- I have a public key ASAjuCoCIVjI1bHCt9x2PxVs3GII5PbZIfzHA2xqpTsyewo
To claim this, I am signing this object:
secrary
/ keybase.md
Created
November 23, 2017 08:48
secrary
/ keyfile_generator.cpp
Created
August 28, 2017 14:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <algorithm> | |
| #include <iostream> | |
| #include <ctime> | |
| u_char TABLE_[] = { | |
| 0x00, 0x02, 0x04, 0x06, 0x08, 0x0A, 0x0C, 0x0E, 0x10, 0x12, 0x14, 0x16, 0x18, 0x1A, 0x1C, 0x1E, | |
| 0x20, 0x22, 0x24, 0x26, 0x28, 0x2A, 0x2C, 0x2E, 0x30, 0x32, 0x34, 0x36, 0x38, 0x3A, 0x3C, 0x3E, | |
| 0x40, 0x42, 0x44, 0x46, 0x48, 0x4A, 0x4C, 0x4E, 0x50, 0x52, 0x54, 0x56, 0x58, 0x5A, 0x5C, 0x5E, | |
| 0x60, 0x62, 0x64, 0x66, 0x68, 0x6A, 0x6C, 0x6E, 0x70, 0x72, 0x74, 0x76, 0x78, 0x7A, 0x7C, 0x7E, |
secrary
/ keyfile_loop_1.cpp
Created
August 28, 2017 14:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| u_char middle_[17]{}; | |
| u_char org_middle_[17]{}; | |
| // Generate randomly | |
| for (size_t i = 0; i < 17; i++) | |
| { | |
| middle_[i] = 0x20 + rand() % (0x7F - 0x20); | |
| } | |
| std::copy(std::begin(middle_), std::end(middle_), org_middle_); |
secrary
/ keyfile_first.cpp
Created
August 28, 2017 13:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| u_char al, cl; | |
| do { | |
| key[0] = 0x20 + rand() % (0x7F - 0x20); | |
| al = key[0]; | |
| u_char bl = al; // key[0] | |
| cl = bl; // key[0] | |
| DWORD ebx = (DWORD)bl << 4; | |
| al &= 0xF; | |
| DWORD ecx = (DWORD)cl >> 4; | |
| cl = ecx & 0xF; |
secrary
/ keygen1.py
Last active
August 21, 2017 12:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| my_base64chars = b"/+9876543210zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA" | |
| STANDARD_ALPHABET = b'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/' | |
| ENCODE_TRANS = bytes.maketrans(STANDARD_ALPHABET, my_base64chars) | |
| DECODE_TRANS = bytes.maketrans(my_base64chars, STANDARD_ALPHABET) | |
| def encode(clear): | |
| return base64.b64encode(clear).translate(ENCODE_TRANS) |
secrary
/ serial_reverse.py
Created
August 21, 2017 12:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def get_serial_number(enc2): | |
| serial__number = [0 for n in range(0x400)] | |
| i = 0 | |
| j = 0 | |
| done_1 = False | |
| done_2 = False | |
| done_3 = False | |
| while j < len(enc2): | |
| if done_1 or done_2 or done_3: |
secrary
/ modify_cpuid_time.py
Created
August 21, 2017 11:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def modify_cpuid_time(from_cpu_and_time): | |
| alpha = mix_two_list() | |
| index = 0 | |
| edx = 0 | |
| res = [] | |
| for x in range(len(from_cpu_and_time)): | |
| index += 1 | |
| index = index & 0xFF | |
| edx = (alpha[index] + edx) & 0xFF | |
| tmp = alpha[index] |
secrary
/ mix_two_list.py
Last active
August 21, 2017 11:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def mix_two_list(): | |
| nums = b"13337" | |
| alpha = [n for n in range(256)] | |
| edi = 0 | |
| for n in range(256): | |
| edi = (edi + alpha[n] + nums[n % 5]) % 256 | |
| tmp = alpha[n] | |
| alpha[n] = alpha[edi] | |
| alpha[edi] = tmp | |
| return alpha |
secrary
/ Extract_wmighost.py
Last active
August 2, 2017 06:09
sha256: a6ff8dfe654da70390cd71626cdca8a6f6a0d7980cd7d82269373737b04fd206
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input_ = input("WMIGhost sample: ") | |
| with open(input_, 'rb+') as file: | |
| data = file.read()[0x3028: 0x3028 + 0x137A] | |
| with open(input_ + "_func.txt", "w") as outfile: | |
| for i, n in enumerate(data): | |
| outfile.write(chr(data[i] ^ 0x63 ^ 0xe9)) |
secrary
/ UpatreExtr.py
Created
July 11, 2017 13:37
Extract payload from Upatre (sample: 1b893ca3b782679b1e5d1afecb75be7bcc145b5da21a30f6c18dbddc9c6de4e7)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import ctypes | |
| import binascii | |
| input_ = input("Upatre sample: ") | |
| with open(input_, 'rb+') as file: | |
| data = file.read()[0x66d: 0x66d + 0xe40] | |
| uncompressed = ctypes.create_string_buffer(0x1200) | |
| final_size = ctypes.c_ulong(0) |
NewerOlder