SAS>> my_ida_python>> 返回
项目作者: kcufId

项目描述 :
My idapython decode data
高级语言: Python
项目地址: git://github.com/kcufId/my_ida_python.git
创建时间: 2017-05-11T12:11:05Z
项目社区:https://github.com/kcufId/my_ida_python
开源协议:
下载


my_ida_python

My idapython

driectory format: md5_[filename]

0f14d93ce98f70eefd502f1cf1384d7c_systempost.exe

  1. crypted data format: b4 d7 b8 d7 b0 d7 b3 d7 ca d7 cb d7 cb d7 b6 d7 c9 d7 bc d7
  2. Decryption every byte, will receive unicode string. I ignore 0xd7(even position),receive ascii string.
  3. The main algorithm:
  4. for i in xrange(size):
  5.     temp = ((data[i] - 0xF) & 0xFF) ^ 0xC8
  6.     data[i] = chr(temp)

9f022df0bcfded9377baf4da1fbe7b8c_Windows-KB271784-x86

  1. encryption algo: xor 0x15
  2. for i in xrange(size):
  3.     temp = (data[i] ^ 0x15)
  4.     data[i] = chr(temp)

68CF2070D8FB4963211CFA4F2DAA72E5

  1. encryption algo: similar base64. 
  2. when analyzing,coding a fucntion list_hex() to print the numer in the list:
  3. """print to hex form list, 
  4. eg: [11, 23, 33] to [0xB, 0x17, 0x21]"""
  5. hex_list = []
  6. for x in xrange(len(int_list)):
  7.     hex_str = hex(int_list[x])
  8.     hex_list.append(hex_str)
  9. return '[%s]' % ', '.join(hex_list)

978888892A1ED13E94D2FCB832A2A6B5_wtime32.dll

  1. encryption algo: xor 0x12
  2. for i in xrange(size):
  3.     temp = data[i] ^ 0x12
  4.     data[i] = chr(temp)