Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- version=v1.0.1
- # sanity checks
- if [ -z "$1" ]
- then
- echo "Usage: ./chk_cf_oopsie.sh <filename>"
- exit 1
- fi
- if [ ! -f "$1" ] && [[ ! -d "$1" ]]
- then
- echo "File $1 does not exist!"
- exit 1
- fi
- if ! command -v unzip &> /dev/null
- then
- echo "Please install 'unzip' via your favorite package manager!"
- fi
- echo "Check CurseForge Oopsies $version"
- # match this (the IP)
- sequence="\u38\u54\u59\u04\u10\u35\u54\u59\u05\u10\u2E\u54\u59\u06\u10\u32\u54\u59\u07\u10\u31\u54\u59\u08\u10\u37\u54\u59\u10\u06\u10\u2E\u54\u59\u10\u07\u10\u31\u54\u59\u10\u08\u10\u34\u54\u59\u10\u09\u10\u34\u54\u59\u10\u0A\u10\u2E\u54\u59\u10\u0B\u10\u31\u54\u59\u10\u0C\u10\u33\u54\u59\u10\u0D\u10\u30\u54\uB7"
- # this has null bytes in it so we slice it off and ignore it
- #rest_of_sequence_ignore_this="\u00\u5D\u11\u1F\u90\uBB\u00\u5A\u59\u06\uBC\u08\u59\u03\u10\u2F\u54\u59\u04\u10\u64\u54\u59\u05\u10\u6C"
- # base64 IP
- sequence2="\u68\u54\u59\u04\u10\u74\u54\u59\u05\u10\u74\u54\u59\u06\u10\u70\u54\u59\u07\u10\u3a\u54\u59\u08\u10\u2f\u54\u59\u10\u06\u10\u2f\u54\u59\u10\u07\u10\u66\u54\u59\u10\u08\u10\u69\u54\u59\u10\u09\u10\u6c\u54\u59\u10\u0a\u10\u65\u54\u59\u10\u0b\u10\u73\u54\u59\u10\u0c\u10\u2e\u54\u59\u10\u0a\u10\u73\u54\u59\u10\u0e\u10\u6b\u54\u59\u10\u0f\u10\u79\u54\u59\u10\u10\u10\u72\u54\u59\u10\u11\u10\u61\u54\u59\u10\u12\u10\u67\u54\u59\u10\u13\u10\u65\u54\u59\u10\u14\u10\u2e\u54\u59\u10\u15\u10\u64"
- # something? idk what this is but it's present in the Bukkit ones
- sequence3="\u2d\u54\u59\u04\u10\u6a\u54\u59\u05\u10\u61\u54\u59\u06\u10\u72"
- chk_file() {
- unzipped="$1.unzipped"
- rm -rf "./$unzipped"
- mkdir $unzipped
- unzip $1 -d $unzipped > /dev/null
- # grep entire thing
- if grep -q -r --include "*.class" "$(printf %b "$sequence")" $unzipped || grep -q -r --include "*.class" "$(printf %b "$sequence2")" $unzipped || grep -q -r --include "*.class" -- "$(printf %b "$sequence3")" $unzipped; then
- echo "$1 is infected!"
- rm -rf $unzipped
- return 1
- fi
- rm -rf $unzipped
- }
- for entry in "$1"/*
- do
- if [[ $entry = *.jar ]]; then
- chk_file $entry
- fi
- if [[ $entry = "$1/*" ]]; then
- chk_file $1
- fi
- done
Comments
-
- i dont know how to use the script... Can anyone help me?
-
- https://pastebin.com/MAY7czcj
-
- hello, i also have no clue how to use this! more detailed instructions would be very nice as i am. not the brightest tool in the shed :)
-
- https://github.com/MCRcortex/nekodetector/releases/tag/Version-1.0-pre try this out
Add Comment
Please, Sign In to add comment