Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # compute the RC4 key used to decrypt the last DLL. It simulates the discussion between the different IPs.
- from hashlib import md5
- from struct import pack
- # from https://github.com/bozhu/RC4-Python/blob/master/rc4.py
- def KSA(key):
- keylength = len(key)
- S = range(256)
- j = 0
- for i in range(256):
- j = (j + S[i] + key[i % keylength]) % 256
- S[i], S[j] = S[j], S[i] # swap
- return S
- def PRGA(S):
- i = 0
- j = 0
- while True:
- i = (i + 1) % 256
- j = (j + S[i]) % 256
- S[i], S[j] = S[j], S[i] # swap
- K = S[(S[i] + S[j]) % 256]
- yield K
- def RC4(key):
- S = KSA(key)
- return PRGA(S)
- #end
- IPs = [0x0A003C71, 0x0A006983, 0x0A005877, 0x0A00494C, 0x0A001D2B, 0x0A005029, 0x0A000650]
- MD5IPs = [md5(pack("<I", ip)).digest() for ip in IPs]
- secrets = ["850fcd3857dadb7266bfe468aedde5aa837601e6b76ee5bf9ee81768f34eaa470bd97985bac43103cd75159ec7ae9b309fd3561b7a7468d53fd5a1490c75cf9a45bf3ccfdded23ca9b350ef5e8ae14788d44b1cf4cfa89ca8f8e9ef9c81c9a90e91fec446961c58e1e79dad61b4c4c26".decode("hex")[i*0x10:(i+1)*0x10] for i in xrange(7)]
- xor = lambda a,b : "".join(chr(ord(x)^ord(y)) for x,y in zip(a,b))
- enc = "00 12 FF AA 7F 95 BE F9 5D 49 B9 93 34 83 A6 E1 1B 54 B5 7B 77 55 8B 64 FF 0E DA C7 41 A5 27 6D 81 CD 6E 43 E1 A8 3F 08 CD 8F 6F 82 A8 59 0C 23 3A 8A 97 66 5E 69 68 1F 76 A5 42 5E EE BB C8 78 85 E2 C0 14 91 45 0F B8 DB 82 40 FB D3 D2 0E A5 45 E8 CA 4F 17 35 11 FB 89 68 EC D7 13 1C B6 80 FC EA AC 58 60 E3 08 08".replace(" ", "").decode("hex")
- def hop(ip, msg) :
- msg = chr(ord(msg[0]) + 1) + msg[1:] + MD5IPs[ip]
- msg = msg[:4] + md5(msg).digest()
- if msg[0] == '\x07' :
- k = [ord(c) for c in xor(secrets[ip], msg[4:])]
- if xor(enc, "".join(chr(c) for c,_ in zip(RC4(k), xrange(2)))) == "MZ" :
- print "".join("%02X"%c for c in k)
- print xor(enc, "".join(chr(c) for c,_ in zip(RC4(k), xrange(0x40))))[0x3c:].encode("hex")
- return
- hop((ip+3) % 7, msg)
- for i in xrange(7) :
- msg = "\x00\x00\x00\x00" + MD5IPs[i]
- for j in xrange(7) :
- hop(j, msg)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
