SHARE
TWEET

Untitled

a guest Sep 1st, 2016 216 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #Trustwave SpiderLabs
  2.  
  3. #A script that decodes the inner flash from the sundown flash wrapper for CVE-2016-4117
  4.  
  5. filename = '1_Go_var1.bin'
  6. f=open(filename,'rb')
  7. content=f.read()
  8. dataBytes = bytearray(content)
  9. f.close()
  10. key=dataBytes[-1]
  11. b=dataBytes[0]
  12. if key ^ b == 70:
  13.     #k9
  14.     for i in xrange(len(dataBytes)):
  15.         dataBytes[i]=dataBytes[i] ^ key
  16.         key = (key + 17) & 255
  17.     outfile = open(filename + "_2nd_flash", "wb")
  18.     outfile.write(dataBytes)
  19.     outfile.close()
  20.     print "Done"
  21. else:
  22.     print "ERROR: this does not appear to be a sundown flash file"
RAW Paste Data
Top