Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- import re , sys
- from argparse import ArgumentParser
- def bits6off( n , i ):
- return ( n >> i * 6 ) & 0x3f
- def rjust( s , n , c ):
- return c * ( n - len( s ) ) + s
- def p32( n ):
- return ''.join( chr( int( _ , 16 ) ) for _ in re.findall( '..' , rjust( hex( n )[2:] , 8 , '0' ) ) )[::-1]
- def _pad( s ):
- pad = '\t0'
- return s + ''.join( pad[ _ % 2 ] for _ in range( 3 * 2 - len( s ) % 3 ) )
- tbl = [ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xFF, 0xFF, 0x3F,
- 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF,
- 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
- 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
- 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0D]
- magic = p32( 0x56E03F12 ) + p32( 0x9B2AC90 ) + '\xc5\xff'
- def decrypt( e ):
- global tbl , magic
- e , l = map( ord , e ) , len( e )
- c , m , j , k = 0 , 0 , 3 , 0
- buf = [0] * l
- for i in range( l ):
- t = tbl[ e[ i ] ]
- if t == 0xff:
- continue
- if t == 0xfe: # =
- print '-2!!!'
- t = 0
- j -= 1
- c = t | ( c << 6 )
- m += 1
- if m != 4:
- continue
- if k + j > l:
- return 0
- buf[ k ] = ( c >> 0x10 ) & 0xff
- k += 1
- if j > 1:
- buf[ k ] = ( c >> 8 ) & 0xff
- k += 1
- if j > 2:
- buf[ k ] = c & 0xff
- k += 1
- c , m = 0 , 0
- p = [ buf[i] ^ ord( magic[ i % 0xa ] ) for i in range( l ) ]
- p = ''.join( map( chr , p ) )
- return p[ : p.index( '\t' ) ]
- def encrypt( p ):
- global tbl , magic
- p = _pad( p )
- p = [ ord( p[i] ) ^ ord( magic[ i % 0xa ] ) for i in range( len( p ) ) ]
- e = [0] * ( len( p ) / 3 * 4 )
- i = 0
- for s in zip( *[ iter(p) ] * 3 ):
- n = int( ''.join( rjust( hex( _ )[2:] , 2 , '0' ) for _ in s ) , 0x10 )
- for _ in xrange( 4 ):
- e[ i ] = tbl.index( bits6off( n , 4 - _ - 1 ) )
- i += 1
- return ''.join( map( chr , e ) )
- '''
- XVGFEuLFxGy5mycI0GamyYskpsomBs0wppuBJPKeJgbNbqme1zGhnnAN1jKi0P859cp2DdBjqIGCaPHHPwnQNPGB0z/wzD8K0makzYttpJ4hXoQq05buXqyRdlCXJczY12S1o0Zsv2aglIBK9tF2XpRW
- OneDrive|d57006e9-c549-f673-7a49-892e8dab26d2|M005d2058-0a48-60ba-a653-5204a9daa3ad|C:\Windows\temp\TS_0082C3.dat
- '''
- p = 'OneDrive|d57006e9-c549-f673-7a49-892e8dab26d2|M005d2058-0a48-60ba-a653-5204a9daa3ad|C:\Windows\\temp\TS_0082C3.dat'
- #p = 'GoogleDrive|bfb89a-5f2cafbac58d-a6ca70407e7329|f4f7c3470b399-190ba40d-7bd9cc1bfcd3f0e473c-9cc3e3143970fb86cba31042|U:\Windows\\temp\TS_666666.dat'
- #p = 'DropBox|2f8395-49c1001b1f-d1f3e277-989aa71d|0ee0a-142e95dc4f58-3d9697b2-de4642f|/home/yuawn/ctf/defcon/pwn.S'
- #e = encrypt( p )
- #print e
- #p = decrypt( e )
- #print p
- parser = ArgumentParser()
- parser.add_argument( '-e', '--encrypt', dest = 'plain_payload' , type = str )
- parser.add_argument( '-d', '--decrypt', dest = 'encrypted_payload' , type = str )
- args = parser.parse_args()
- if not args.plain_payload and not args.encrypted_payload:
- parser.print_help()
- else:
- if args.plain_payload:
- print '[+]Encrypted: ' , encrypt( args.plain_payload )
- elif args.encrypted_payload:
- print '[+]Decrypted: ' , decrypt( args.encrypted_payload )
- else:
- print 'Wrong arguments.'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement