def _helper_test_encrypt_decrypt(self, key: bytes, key_stream: bytes,
plaintext: bytes, ciphertext: bytes):
encryptor = rc4.RC4(key)
decryptor = rc4.RC4(key)
encrypted = encryptor.encrypt(plaintext)
decrypted = decryptor.decrypt(encrypted)
self.assertEqual(ciphertext, encrypted)
self.assertEqual(plaintext, decrypted)
print(f'\ndecrypted: {decrypted.decode("utf-8")}')
def opciones(opcion):
try:
if opcion == '1':
base = menu_base()
v_base = get_base(base)
print(f"{bc.azul}Cifrado de un mensaje en base {v_base}. {bc.end}")
mensaje = input("Introduzca el mensaje a cifrar: ")
clave = input("Introduzca la clave: ")
elif opcion == '2':
base = menu_base()
v_base = get_base(base)
print(
f"{bc.verde}Descifrado de un mensaje en base {v_base}. {bc.end}\n"
)
mensaje = input("Introduzca el mensaje cifrado: ")
clave = input("Introduzca la clave: ")
elif opcion == '3':
print(f"{bc.amarillo} Saliendo... {bc.end}")
return
else:
print(f"{bc.rojo} Opción no reconocida. {bc.end}\n")
menu_inicio()
os.system('clear')
cripto = rc4.RC4(mensaje, clave, base)
cripto.crear_cifrado()
cripto.cifrar_texto()
cripto.imprimir_salida()
menu_inicio()
except:
print(
f"{bc.rojo} ERROR: Formato de clave no válido para la base seleccionada. {bc.end}"
)
def decrypt():
print("请输入从平台复制得到的字符串: ")
str = input()
bhindex = str.find("密图哈希:")
ehindex = str.find(',', bhindex)
bkeyindex = str.find("密钥:")
ekeyindex = str.find(",", bkeyindex)
ehash = str[bhindex + 5:ehindex]
rawkey = str[bkeyindex + 3:ekeyindex]
url = "https://ipfs.io/ipfs/" + ehash
imgpath = "enc.png"
deimgpath = "output.png"
# with request.urlopen(url) as web:
# # 为保险起见使用二进制写文件模式,防止编码错误
# with open(imgpath, 'wb') as outfile:
# outfile.write(web.read())
print("请输入您的私钥文件路径:")
keypath = input()
if os.path.isfile(keypath):
with open(keypath, 'r') as f:
prikey = f.read()
imgkey = SM2Python.SM2Decrypt(rawkey, prikey)
rc = rc4.RC4(imgkey, imgpath, deimgpath)
rc.encrypted()
# sm4_d = sm4.Sm4()
# sm4_d.sm4_set_key(imgkey, 1) # 解密
# sm4_d.sm4_crypt_ecb(imgpath, deimgpath)
os.remove(imgpath)
print("图片解密完成,您的原图为output.png")
else:
print("您输入的文件不存在")
def Rc4Show(self):
Key = self.Rc4Input.get() or ''
plaintext = self.Input.get() or ''
key = [ord(c) for c in Key]
keystream = rc4.RC4(key)
cipher = ''
import sys
for c in plaintext:
k = "%02X" % (ord(c) ^ keystream.__next__())
cipher += k
self.Rc4Decrypted = plaintext
self.Rc4Text.set(cipher)
def decrypt(data):
key = 'NetStag'
decryptlist = []
data = HexToByte(data)
def convert_key(key):
return [ord(c) for c in key]
key = convert_key(key)
keystream = rc4.RC4(key)
for c in data:
decryptlist.append(chr(ord(c) ^ keystream.next()))
ans = "".join(decryptlist)
return ans
def get_bot_information(self, file_data):
results = {}
offset = file_data.find(
b'\x00\x00\x00\x00\xc0\x00\x00\x00\xfc\x00\x00\x00\xfe\x00\x00\x01\xfe\x00\x00\x01\xfc\x01\xf8\x03\xfc\x01\xfc\x03\xfc\x03\xfe\x07\xfe\x03\xff\xff'
)
offset = offset + 0x24
key_len = ord(file_data[offset:offset + 0x01])
keyoffset = key_len + 1
key = rc4.convert_key(file_data[offset + 0x01:offset + keyoffset])
keystream = rc4.RC4(key)
padoffset = file_data.find(b'\x50\x41\x44\x44\x49\x4e\x47\x58\x58')
encrypted_data = file_data[offset + keyoffset:padoffset]
decrypted = ''
for item in encrypted_data:
decrypted += chr(ord(item) ^ keystream.next())
urls = decrypted.split('|')[:-1]
results['c2s'] = []
for url in urls:
results['c2s'].append({"c2_uri": "tcp://" + url})
return results
def crypt(data):
key = 'NetStag'
cryptlist = []
def convert_key(key):
return [ord(c) for c in key]
key = convert_key(key)
#print(key)
keystream = rc4.RC4(key)
"""
import sys
for c in data:
sys.stdout.write("%02X" % (ord(c) ^ keystream.next()))
print
"""
for c in data:
cryptlist.append(chr((ord(c) ^ keystream.next())))
ans = ByteToHex("".join(cryptlist))
return ans
return [ord(c) for c in key]
key = convert_key(key)
keystream = rc4.RC4(key)
for c in data:
decryptlist.append(chr(ord(c) ^ keystream.next()))
ans = "".join(decryptlist)
return ans
if __name__ == '__main__':
key = 'NetStag'
data = str(raw_input("Enter the data to decrypt: "))
data = HexToByte(data)
def convert_key(s):
return [ord(c) for c in s]
key = convert_key(key)
keystream = rc4.RC4(key)
lst = []
for c in data:
lst.append(chr(ord(c) ^ keystream.next()))
#ans = ByteToHex("".join(lst))
ans = "".join(lst)
print ans
def makerc4(nonce):
rc = rc4.RC4(rc4key + nonce)
# skip keylen bytes
for i in range(len(rc4key) + len(nonce)):
next(rc)
return rc
ax = arg_2[::-1]
socket[2] = arg_2[0]
socket[3] = arg_2[1]
arg_1 = arg_1[::-1]
socket[4] = arg_1[0]
socket[5] = arg_1[1]
socket[6] = arg_1[2]
socket[7] = arg_1[3]
family = socket[:2]
data = socket[2:]
port = data[:2]
addr = data[2:2 + 4]
print(family)
print(data, len(data))
# print(b2l(port))
print(addr[0], addr[1], addr[2], addr[3])
print(
"{_coconut_format_0}.{_coconut_format_1}.{_coconut_format_2}.{_coconut_format_3}:{_coconut_format_4}"
.format(_coconut_format_0=(addr[0]),
_coconut_format_1=(addr[1]),
_coconut_format_2=(addr[2]),
_coconut_format_3=(addr[3]),
_coconut_format_4=(int.from_bytes(port, byteorder='little'))))
data = b"\x43\x66\x57\x83\xa5\x23\x89\x77\xbe\xac\x1b\x1f\x87\x8f\x58\x93\x3f\x24\xcf\x2c\xd3\x9a\xa8\xd1\x11\xc4\xbc\xa6\x7f\xcd\x38\xdb\xb3\x3c\x03\x4b\xab\xf5\x60\xc5\x60\xd2\x0d\x1d\x18\x88\x41\x5b\x4f\x06\x17\x6c\x9e\x0b\x01\x73\x9d\x83\x60\x18\xfa\x8b\xff\xf8\x4d\x78\xb2\xa4\x24\x6f\xae\xbd\x92\xd1\xec\xcc\x2d\x7c\x8b\xbf\xd0\x8c\xbd\xe2\x45\xef\x15\xb2\x88\xbc\xa4\x59\xbe\x20\xac\xf9\x57\xdf\x10\xba\xbc\xd9\x11\x93\x41\x19\x00\x9c\x02\x25\xef\xc4\x4a\x26\xfd\x25\xca\x9b\x85\x19\x64\x4e\xc5\x84\x9f\xa1\x00\x18\x2c\x68\x30\xdc\x70\x4c\xfe\x83\xf1\xc7\x00\x2b\x49\x7a\x83\x09\x05\x77\x6e\x0a\x08\x8d\x56\xe4\x38\x7e\x88\x0f\x2c\x41\xe4\x33\x66\xc9\xbc\x06\xaa\x2a\xa1\x96\x2d\x94\xc0\x08\x16\x1e\xa4\xf2\x81\x1a\x83\xf7\x7c\xb5\x7d\x63\x13\x00\x41\x96\xca\x69\x80\xae\x49\xe9\x5d\x0f\x7d\x89\x43\xd4\x89\x1a\x01\xb4\x61\x61"
print(rc4.RC4(b'intrepidmango').crypt(data))
addr = data[2:2+4]
print(family)
print(data, len(data))
print(b2l(port))
print(addr[0], addr[1], addr[2], addr[3])
print(f"{addr[0]}.{addr[1]}.{addr[2]}.{addr[3]}:{b2l(port)}")
encrypted = "9c5c4f52a4b1037390e4c88e97b0c95bc630dc6abdf4203886f93026afedd0881b924fe509cd5c2ef5e168f8082b48daf7599ad4bb9219ae107b6eed7b6db1854d1031d28a4e7f268b10fdf41cc17fab5a739202c0cb49d953d6df6c0381a021016e875f09fe9a699435844f01966e77eca3f3f52f6a3636ab4775b580cb47bd9f7638a54048579c36ad8e7945a320faed1f1849b88918482b5b6feef4c3d6dccc84eab10109b1314ba4055098b073ae9c14101b65bd93826c57b9757a2aeede10fb39ba96d0361fc2312cc54f33a513e1595692c51fa54e0e626edb5be87f8d01a67d012b02431f54b9bcd5ef2db3daef3dd068fedade60b117feea204a2ca1bba1b5c51292a9dbf111e38c58badc3d288666c86d0eabfa83d5246010681dc7afc7ac4513a3d972e7cc5179f567417cae7fc87e954609f6ef4b4502745210501cb76a7ceb00d759c3290237d0472e1e3af7e6ac821474eb4f6b572213f6f248d66bcbb4eda73268cbd06642d3c5f2c537df7d9f9f28c0743abeb8c0a773d0bbfa507c101edab123d6c481a5d3b62229096b21a65c38c6803dbe0823c7b11f6de6646695dc10a71342cd3bfadcda148dd05ac88135542fb5dc61d6287788c55870b52fcfea4f4d85560407f39074ce5d3c8a2b06b49fe66d79c06e3dd83e2008b7743d3699cd7f607d9cc9b3ad0c8e456dea3ddd091dda0b3a1cfccb8148ed5afacef8c623b01e2644a3d9ab0ed598b133655ded6ad3237f024ab3a2f81d7ed12f5fbe89615e2ce4b89619e549764e7ae892a370556f7d3cf9c1364469337ddf7937b8e0aae86a5dc93b180f4e283a31a87fefb819ac3663e889214d83a77e5703489be1279306e43b675fe56950003e8b01b7efa6b54b3682d4fb9fde8b27cca457ce2537445042f77ea2bf4fdf0f72d8664a3ef5c8262ac5887b97ab235b2b61d83f00370e7e14fafd7df78149c2a1851bd028bea524fd60b278274eace8793b3b7adc56d076c5010fcf43b5d45f4870bdac6576db113b5bcf9c528b001e83f1fa925b7779076ae0d4339a71ba24a5a5c8eb4c01b3d3cd2c228c0b4ccd2d5a8c9ab167707f7596e256c11dff057e77a2bae59aaef9f8b2f178d2b1dce903c2d4ff1f66cdb047f0b4d1f672fa1eb7f14de76e4210ec5d9430dd7f751c014546b6146cf7453658eceff337049c21eb9454a3fe23cbbb315c6275bded2790fe9117e2ae429b7904d15cefcd4b86934a74412dad0b351d81fd102c8efd8c681df5450ab5b409be0efafad2f74e58d83c1a1b113d992553ab78ac5449bb2a42b38066b563e290f8a58f37af97132be8fc5d4b718b4d9fc8ec07281fcb30921e6ddcb9de94b8e9cb5af7a2b0bb0fc338b727331be9bf452d863e346d12f6051227c528e4d261267e992b3f1f034d7972b983566d8e8233c209eb214a0c13adea291b58da10164320557df4b7fc2634688ba054af07d5d523b523b8fb07c6644a567fa06d867c333b23b79d9ca822b1799f00e776e9c768ae5c23ae9fc6459148836fbf0ad8c977ab2c2d8547bfe9818013d9dc1c210ff4c7790752a8068c576353b2fb7dbe6c1aae2ebdc6fd970a04edc0a30545db9b62bd34a9082553009036cfd96315a5f7f8e0d869fd7924607ba2aebdf2b4b9c2088465a96deba5d872a7b65921b9f411125d391d15756d8a2f58c2fc80025178a9fc7dde0d85a55718f8f0cc8e4c5ed76558744e8a4433a224e3565768babbf2b23298f1882ec3"
encrypted = bytearray.fromhex(encrypted)
size, encrypted = encrypted[:4][::-1], encrypted[4:]
key = b"killervulture123"
decrypted = rc4.RC4(key).crypt(encrypted)
print(decrypted)
open('shell_2.bin', 'wb').write(decrypted)
# PEWPEW = [0 for i in range(0x100)] # 0x184
# PEWPEW += encrypted
# print(PEWPEW)
# temp = 0
# for i in range(0x100):
# temp = (PEWPEW[i] + key[i & 0xf])
# PEWPEW[i], PEWPEW[temp] = PEWPEW[temp], PEWPEW[i]
# print(PEWPEW[:0x100])
# ecx = b2l(pp) ^ 0x524f584b
# dec_data contains chunks
offset = 0
chunk_index = 0
while offset < len(dec_data):
chunck_length = struct.unpack('<I', dec_data[offset:offset + 4])[0]
rc4_key = dec_data[offset + 4:offset + 0x14]
payload_md5 = dec_data[offset + 0x14:offset + 0x24]
enc_payload = dec_data[offset + 0x24:offset + 0x24 + chunck_length]
print("Chunk {} at {:#x}: {:#x} bytes".format(chunk_index, offset,
chunck_length))
if chunck_length == 0:
break
keystream = rc4.RC4(rc4_key)
dec_payload = bytearray(e ^ k for e, k in zip(enc_payload, keystream))
with open('decrypted_chunk_{}.bin'.format(chunk_index), 'wb') as f:
f.write(dec_payload)
print(" {}".format(binascii.hexlify(payload_md5).decode('ascii')))
print(" {}".format(hashlib.md5(dec_payload).hexdigest()))
assert payload_md5 == hashlib.md5(dec_payload).digest()
offset += 0x24 + chunck_length
chunk_index += 1
"""
Chunk 0 at 0x0: 0x39 bytes
a83bd78eaf49903dfd64447fcd35831a
a83bd78eaf49903dfd64447fcd35831a
Chunk 1 at 0x5d: 0xc15 bytes