API tools faq
paste
sylv256

chk_cf_oopsie.sh

sylv256
Jun 6th, 2023 (edited)
6,700
0
Never
4
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.13 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. version=v1.0.1
  4.  
  5. # sanity checks
  6.  
  7. if [ -z "$1" ]
  8. then
  9.     echo "Usage: ./chk_cf_oopsie.sh <filename>"
  10.     exit 1
  11. fi
  12.  
  13. if [ ! -f "$1" ] && [[ ! -d "$1" ]]
  14. then
  15.     echo "File $1 does not exist!"
  16.     exit 1
  17. fi
  18.  
  19. if ! command -v unzip &> /dev/null
  20. then
  21.     echo "Please install 'unzip' via your favorite package manager!"
  22. fi
  23.  
  24.  
  25. echo "Check CurseForge Oopsies $version"
  26.  
  27. # match this (the IP)
  28. sequence="\u38\u54\u59\u04\u10\u35\u54\u59\u05\u10\u2E\u54\u59\u06\u10\u32\u54\u59\u07\u10\u31\u54\u59\u08\u10\u37\u54\u59\u10\u06\u10\u2E\u54\u59\u10\u07\u10\u31\u54\u59\u10\u08\u10\u34\u54\u59\u10\u09\u10\u34\u54\u59\u10\u0A\u10\u2E\u54\u59\u10\u0B\u10\u31\u54\u59\u10\u0C\u10\u33\u54\u59\u10\u0D\u10\u30\u54\uB7"
  29. # this has null bytes in it so we slice it off and ignore it
  30. #rest_of_sequence_ignore_this="\u00\u5D\u11\u1F\u90\uBB\u00\u5A\u59\u06\uBC\u08\u59\u03\u10\u2F\u54\u59\u04\u10\u64\u54\u59\u05\u10\u6C"
  31. # base64 IP
  32. sequence2="\u68\u54\u59\u04\u10\u74\u54\u59\u05\u10\u74\u54\u59\u06\u10\u70\u54\u59\u07\u10\u3a\u54\u59\u08\u10\u2f\u54\u59\u10\u06\u10\u2f\u54\u59\u10\u07\u10\u66\u54\u59\u10\u08\u10\u69\u54\u59\u10\u09\u10\u6c\u54\u59\u10\u0a\u10\u65\u54\u59\u10\u0b\u10\u73\u54\u59\u10\u0c\u10\u2e\u54\u59\u10\u0a\u10\u73\u54\u59\u10\u0e\u10\u6b\u54\u59\u10\u0f\u10\u79\u54\u59\u10\u10\u10\u72\u54\u59\u10\u11\u10\u61\u54\u59\u10\u12\u10\u67\u54\u59\u10\u13\u10\u65\u54\u59\u10\u14\u10\u2e\u54\u59\u10\u15\u10\u64"
  33. # something? idk what this is but it's present in the Bukkit ones
  34. sequence3="\u2d\u54\u59\u04\u10\u6a\u54\u59\u05\u10\u61\u54\u59\u06\u10\u72"
  35.  
  36. chk_file() {
  37.     unzipped="$1.unzipped"
  38.     rm -rf "./$unzipped"
  39.     mkdir $unzipped
  40.     unzip $1 -d $unzipped > /dev/null
  41.  
  42.     # grep entire thing
  43.     if grep -q -r --include "*.class" "$(printf %b "$sequence")" $unzipped || grep -q -r --include "*.class" "$(printf %b "$sequence2")" $unzipped || grep -q -r --include "*.class" -- "$(printf %b "$sequence3")" $unzipped; then
  44.         echo "$1 is infected!"
  45.         rm -rf $unzipped
  46.         return 1
  47.     fi
  48.     rm -rf $unzipped
  49. }
  50.  
  51. for entry in "$1"/*
  52. do
  53.     if [[ $entry = *.jar ]]; then
  54.         chk_file $entry
  55.     fi
  56.     if [[ $entry = "$1/*" ]]; then
  57.         chk_file $1
  58.     fi
  59. done
  60.  
Tags: Script Curseforge
Comments
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!