Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import sys, re, os
- from sys import argv
- def Decode(tmpString):
- string = ''
- for byte in range(len(tmpString)/2):
- string += chr(int(tmpString[byte*2:byte*2 + 2],16))
- return string
- def deobfuscate(auFile, tblFile, separator, decodeFuncName):
- s = open(tblFile).read()
- t = open(auFile).read()
- l = s.split(separator)
- i=1
- for c in l:
- reStr = '(\$[A-Z,0-9]{11}) = %s\(\$OS\[%d\]\)' % (decodeFuncName, i)
- matchObj = re.search(reStr,t)
- if matchObj is None:
- continue
- tmp = matchObj.group(1)
- tmpStr = '"' + Decode(c) + '"'
- t = t.replace(tmp, tmpStr)
- i+=1
- return t
- if __name__ == '__main__':
- if len(argv) < 6:
- print "Usage: %s auPath tblPath separator decodeFuncName outputPath" % os.path.split(argv[0])[-1]
- print 'Sample: %s test.au3 jguyxxkdfgiuru84.au3.tbl oB8CO A5F00005963 new.au3' % os.path.split(argv[0])[-1]
- sys.exit(1)
- tmp = deobfuscate(argv[1], argv[2], argv[3], argv[4])
- open(argv[5],'wb').write(tmp)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement