I hereby claim:
- I am secrary on github.
- I am khasaia (https://keybase.io/khasaia) on keybase.
- I have a public key ASAjuCoCIVjI1bHCt9x2PxVs3GII5PbZIfzHA2xqpTsyewo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
#include <Windows.h> | |
#include <algorithm> | |
#include <iostream> | |
#include <ctime> | |
u_char TABLE_[] = { | |
0x00, 0x02, 0x04, 0x06, 0x08, 0x0A, 0x0C, 0x0E, 0x10, 0x12, 0x14, 0x16, 0x18, 0x1A, 0x1C, 0x1E, | |
0x20, 0x22, 0x24, 0x26, 0x28, 0x2A, 0x2C, 0x2E, 0x30, 0x32, 0x34, 0x36, 0x38, 0x3A, 0x3C, 0x3E, | |
0x40, 0x42, 0x44, 0x46, 0x48, 0x4A, 0x4C, 0x4E, 0x50, 0x52, 0x54, 0x56, 0x58, 0x5A, 0x5C, 0x5E, | |
0x60, 0x62, 0x64, 0x66, 0x68, 0x6A, 0x6C, 0x6E, 0x70, 0x72, 0x74, 0x76, 0x78, 0x7A, 0x7C, 0x7E, |
u_char middle_[17]{}; | |
u_char org_middle_[17]{}; | |
// Generate randomly | |
for (size_t i = 0; i < 17; i++) | |
{ | |
middle_[i] = 0x20 + rand() % (0x7F - 0x20); | |
} | |
std::copy(std::begin(middle_), std::end(middle_), org_middle_); |
u_char al, cl; | |
do { | |
key[0] = 0x20 + rand() % (0x7F - 0x20); | |
al = key[0]; | |
u_char bl = al; // key[0] | |
cl = bl; // key[0] | |
DWORD ebx = (DWORD)bl << 4; | |
al &= 0xF; | |
DWORD ecx = (DWORD)cl >> 4; | |
cl = ecx & 0xF; |
import base64 | |
my_base64chars = b"/+9876543210zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA" | |
STANDARD_ALPHABET = b'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/' | |
ENCODE_TRANS = bytes.maketrans(STANDARD_ALPHABET, my_base64chars) | |
DECODE_TRANS = bytes.maketrans(my_base64chars, STANDARD_ALPHABET) | |
def encode(clear): | |
return base64.b64encode(clear).translate(ENCODE_TRANS) |
def get_serial_number(enc2): | |
serial__number = [0 for n in range(0x400)] | |
i = 0 | |
j = 0 | |
done_1 = False | |
done_2 = False | |
done_3 = False | |
while j < len(enc2): | |
if done_1 or done_2 or done_3: |
def modify_cpuid_time(from_cpu_and_time): | |
alpha = mix_two_list() | |
index = 0 | |
edx = 0 | |
res = [] | |
for x in range(len(from_cpu_and_time)): | |
index += 1 | |
index = index & 0xFF | |
edx = (alpha[index] + edx) & 0xFF | |
tmp = alpha[index] |
def mix_two_list(): | |
nums = b"13337" | |
alpha = [n for n in range(256)] | |
edi = 0 | |
for n in range(256): | |
edi = (edi + alpha[n] + nums[n % 5]) % 256 | |
tmp = alpha[n] | |
alpha[n] = alpha[edi] | |
alpha[edi] = tmp | |
return alpha |
input_ = input("WMIGhost sample: ") | |
with open(input_, 'rb+') as file: | |
data = file.read()[0x3028: 0x3028 + 0x137A] | |
with open(input_ + "_func.txt", "w") as outfile: | |
for i, n in enumerate(data): | |
outfile.write(chr(data[i] ^ 0x63 ^ 0xe9)) |
import ctypes | |
import binascii | |
input_ = input("Upatre sample: ") | |
with open(input_, 'rb+') as file: | |
data = file.read()[0x66d: 0x66d + 0xe40] | |
uncompressed = ctypes.create_string_buffer(0x1200) | |
final_size = ctypes.c_ulong(0) |