def client_init_parse(keypub,data): bits = keypub.size()+1 encBlock = data[-(bits/8):] decBlock = keypub.encrypt(encBlock,0)[0] #Code converted from Gozi source decBlock = decBlock[2:] for i in range(len(decBlock)): if decBlock[i] != '\xff': decBlock = decBlock[i:] break #\x00 is separator if decBlock[0] == '\x00': decBlock=decBlock[1:] #New code stores a serp key 16 bytes in #checkval = ord(decBlock[0]) - 1 data_length = len(data[:-(bits/8)]) & 0xfffffff0 serpKey = decBlock[16:32] data = serpent2.serpent_cbc_decrypt(serpKey,data[:-128]) print("INI PARAMS:") count = struct.unpack_from('<I', data)[0] params = IniParams(count,[]) data = data[8:] for i in range(count): (hash,flag,offset,) = struct.unpack_from('<III', data) params.put_param(IniParam(hash,offset,data)) data = data[0x18:] print(params) return(params.get_jsonify())
def gozi_decode_sect(keypub, data): bits = keypub.size() + 1 encBlock = data[-(bits / 8):] decBlock = keypub.encrypt(encBlock, 0)[0] #Code converted from Gozi source decBlock = decBlock[2:] for i in range(len(decBlock)): if decBlock[i] != '\xff': decBlock = decBlock[i:] break #\x00 is separator if decBlock[0] == '\x00': decBlock = decBlock[1:] #New code stores a serp key 16 bytes in #checkval = ord(decBlock[0]) - 1 data_length = len(data[:-(bits / 8)]) & 0xfffffff0 serpKey = decBlock[16:32] data = serpent2.serpent_cbc_decrypt(serpKey, data[:-128]) return (data)