dee

1. #!/usr/bin/env python
2. import re , sys
3. from argparse import ArgumentParser
4.  
5.  
6. def bits6off( n , i ):
7.     return ( n >> i * 6 ) & 0x3f
8.  
9. def rjust( s , n , c ):
10.     return c * ( n - len( s ) ) + s
11.  
12. def p32( n ):
13.     return ''.join( chr( int( _ , 16 ) ) for _ in re.findall( '..' , rjust( hex( n )[2:] , 8 , '0' ) ) )[::-1]
14.  
15. def _pad( s ):
16.     pad = '\t0'
17.     return s + ''.join( pad[ _ % 2 ]  for _ in range( 3 * 2 - len( s ) % 3 ) )
18.  
19.  
20. tbl = [ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
21.         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
22.         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xFF, 0xFF, 0x3F,
23.         0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF,
24.         0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
25.         0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
26.         0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
27.         0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
28.         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
29.         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
30.         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
31.         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
32.         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
33.         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
34.         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
35.         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0D]
36.  
37.  
38. magic = p32( 0x56E03F12 ) + p32( 0x9B2AC90 ) + '\xc5\xff'
39.  
40.  
41. def decrypt( e ):
42.  
43.     global tbl , magic
44.  
45.     e , l = map( ord , e ) , len( e )
46.     c , m , j , k = 0 , 0 , 3 , 0
47.  
48.     buf = [0] * l
49.  
50.     for i in range( l ):
51.         t = tbl[ e[ i ] ]
52.         if t == 0xff:
53.             continue
54.  
55.         if t == 0xfe:           # =
56.             print '-2!!!'
57.             t = 0
58.             j -= 1
59.  
60.         c = t | ( c << 6 )
61.  
62.         m += 1
63.         if m != 4:
64.             continue
65.  
66.         if k + j > l:
67.             return 0
68.  
69.         buf[ k ] = ( c >> 0x10 ) & 0xff
70.         k += 1
71.  
72.         if j > 1:
73.             buf[ k ] = ( c >> 8 ) & 0xff
74.             k += 1
75.        
76.         if j > 2:
77.             buf[ k ] = c & 0xff
78.             k += 1
79.  
80.         c , m = 0 , 0
81.  
82.     p = [ buf[i] ^ ord( magic[ i % 0xa ] ) for i in range( l ) ]
83.     p = ''.join( map( chr , p ) )
84.  
85.     return p[ : p.index( '\t' ) ]
86.  
87.  
88. def encrypt( p ):
89.  
90.     global tbl , magic
91.  
92.     p = _pad( p )
93.  
94.     p = [ ord( p[i] ) ^ ord( magic[ i % 0xa ] ) for i in range( len( p ) ) ]
95.  
96.     e = [0] * ( len( p ) / 3 * 4 )
97.    
98.     i = 0
99.     for s in zip( *[ iter(p) ] * 3 ):
100.        
101.         n = int( ''.join( rjust( hex( _ )[2:] , 2 , '0' ) for _ in s ) , 0x10 )
102.  
103.         for _ in xrange( 4 ):
104.             e[ i ] = tbl.index( bits6off( n , 4 - _ - 1 ) )
105.             i += 1
106.  
107.     return ''.join( map( chr , e ) )
108.  
109.  
110. '''
111. XVGFEuLFxGy5mycI0GamyYskpsomBs0wppuBJPKeJgbNbqme1zGhnnAN1jKi0P859cp2DdBjqIGCaPHHPwnQNPGB0z/wzD8K0makzYttpJ4hXoQq05buXqyRdlCXJczY12S1o0Zsv2aglIBK9tF2XpRW
112. OneDrive|d57006e9-c549-f673-7a49-892e8dab26d2|M005d2058-0a48-60ba-a653-5204a9daa3ad|C:\Windows\temp\TS_0082C3.dat
113. '''
114.  
115. p = 'OneDrive|d57006e9-c549-f673-7a49-892e8dab26d2|M005d2058-0a48-60ba-a653-5204a9daa3ad|C:\Windows\\temp\TS_0082C3.dat'
116. #p = 'GoogleDrive|bfb89a-5f2cafbac58d-a6ca70407e7329|f4f7c3470b399-190ba40d-7bd9cc1bfcd3f0e473c-9cc3e3143970fb86cba31042|U:\Windows\\temp\TS_666666.dat'
117. #p = 'DropBox|2f8395-49c1001b1f-d1f3e277-989aa71d|0ee0a-142e95dc4f58-3d9697b2-de4642f|/home/yuawn/ctf/defcon/pwn.S'
118.  
119. #e =  encrypt( p )
120. #print e
121.  
122. #p = decrypt( e )
123. #print p
124.  
125. parser = ArgumentParser()
126. parser.add_argument( '-e', '--encrypt', dest = 'plain_payload' , type = str )
127. parser.add_argument( '-d', '--decrypt', dest = 'encrypted_payload' , type = str )
128.  
129.  
130. args = parser.parse_args()
131.  
132. if not args.plain_payload and not args.encrypted_payload:
133.     parser.print_help()
134.  
135. else:
136.     if args.plain_payload:
137.         print '[+]Encrypted: ' , encrypt( args.plain_payload )
138.     elif args.encrypted_payload:
139.         print '[+]Decrypted: ' , decrypt( args.encrypted_payload )
140.  
141.     else:
142.         print 'Wrong arguments.'