package mainimport ( "bufio" "bytes" "container/ring" "encoding/hex" "fla

1. package main
2.  
3. import (
4. "bufio"
5. "bytes"
6. "container/ring"
7. "encoding/hex"
8. "flag"
9. "fmt"
10. "io/ioutil"
11. "log"
12. "os"
13. )
14.  
15. var inFile string
16.  
17. func init() {
18. flag.StringVar(&inFile, "in", "", "path to input file")
19. }
20.  
21. func check(err error) {
22. if err != nil {
23. log.Fatal(err)
24. }
25. }
26.  
27. func main() {
28. // parse flags
29. flag.Parse()
30. // check if inputFile is given
31. if inFile == "" {
32. err := fmt.Errorf("no input file given")
33. check(err)
34. }
35. // determine fileSize of inputFile
36. var fileSize int64
37. file, err := os.Open(inFile)
38. check(err)
39. fi, err := file.Stat()
40. check(err)
41. fileSize = fi.Size()
42.  
43. var offset int64
44. var bytesRead int
45.  
46. // extract XOR key
47. keyBuf := make([]byte, 256)
48. offset, err = file.Seek(10, 0)
49. check(err)
50. bytesRead, err = file.Read(keyBuf)
51. check(err)
52. log.Printf("read %d at offset %d into keyBuf\n", bytesRead, offset)
53. log.Println("Key extracted is:")
54. d := hex.Dumper(os.Stdout)
55. defer d.Close()
56. d.Write(keyBuf)
57. err = ioutil.WriteFile("key", keyBuf, 0755)
58. check(err)
59. log.Printf("key was written to the file 'key'\n")
60.  
61. // extract encrypted EXE from inFile
62. encBlockSize := fileSize - 10 - 256 - 266
63. encBlockBuf := make([]byte, encBlockSize)
64. offset, err = file.Seek(266, 0)
65. check(err)
66. bytesRead, err = file.Read(encBlockBuf)
67. check(err)
68. log.Printf("read %d at offset %d into encBlockBuf\n", bytesRead, offset)
69.  
70. // extract last block from inFile
71. lastBlockBuf := make([]byte, 266)
72. offset, err = file.Seek(-532, 2)
73. check(err)
74. bytesRead, err = file.Read(lastBlockBuf)
75. check(err)
76. log.Printf("read %d at offset %d into lastBlock\n", bytesRead, offset)
77. // xor encBlockBuf with XOR key
78. decBlock := XOR(encBlockBuf, keyBuf)
79. // decBlock = append(decBlock, lastBlockBuf)
80. var exeBuf bytes.Buffer
81. w := bufio.NewWriter(&exeBuf)
82. w.Write(decBlock)
83. w.Write(lastBlockBuf)
84. w.Flush()
85. // write exe file out
86. err = ioutil.WriteFile("exe", exeBuf.Bytes(), 0755)
87. check(err)
88. log.Printf("wrote output to file 'exe'\n")
89. }
90.  
91. // XOR implements a rolling xor where the key size is allowed not to be the same size as the data
92. func XOR(data, key []byte) []byte {
93. // setup ring buffer with key data
94. r := ring.New(len(key))
95. for i := 0; i < r.Len(); i++ {
96. r.Value = key[i]
97. r = r.Next()
98. }
99. // do the actual xor operation
100. for i := 0; i < len(data); i++ { // foreach byte of data
101. data[i] = r.Value.(byte) ^ data[i] // xor data byte with current ring element
102. r = r.Next() // move ring forward
103. }
104. return data
105. }