Ken 905 Posted April 3, 2015 Share Posted April 3, 2015 (edited) import sys def rc4_crypt(data, key): S = list(range(256)) j = 0 out = [] for i in range(256): j = (j + S[i] + ord( key[i % len(key)] )) % 256 S[i] , S[j] = S[j] , S[i] i = j = 0 for char in data: i = ( i + 1 ) % 256 j = ( j + S[i] ) % 256 S[i] , S[j] = S[j] , S[i] out.append(chr(ord(char) ^ S[(S[i] + S[j]) % 256])) return ''.join(out) def dump_file(src, dst): src_file = open(src, 'rb') src_file.seek(16) file_content = src_file.read() src_file.close() if ord(file_content[0]) != 0x9F or ord(file_content[1]) != 0x54: print("Error: Not a valid Phase module") return decrypted_pe = rc4_crypt(file_content, "Phase") dst_file = open(dst, 'wb') dst_file.write(decrypted_pe) dst_file.close() if len(sys.argv) < 3: print("use %s input_file output_file" % sys.argv[0]); else: dump_file(sys.argv[1], sys.argv[2]) Description : Decrypting win32 phase modules.. Kind Regards Ken Edited April 3, 2015 by Ken 1 3 Do not be sorry, be better. Link to comment Share on other sites More sharing options...
Premium Galet 515 Posted April 3, 2015 Premium Share Posted April 3, 2015 Thanks, do you have some example of using for this code ? Link to comment Share on other sites More sharing options...
Ken 905 Posted April 3, 2015 Author Share Posted April 3, 2015 Thanks, do you have some example of using for this code ? print("use %s input_file output_file" % sys.argv[0]); Kind Regards Ken 1 Do not be sorry, be better. Link to comment Share on other sites More sharing options...
Think 117 Posted April 4, 2015 Share Posted April 4, 2015 Yeah, but what would you use it for? What are win32 phase modules even? All I find are virus/trojan descriptions. btw, credits? This is the hidden content, please Sign In or Sign Up Which, ahem, "MalwareTech", this definitely sounds malware-y. 3 5 Link to comment Share on other sites More sharing options...
Ken 905 Posted April 4, 2015 Author Share Posted April 4, 2015 Yeah, but what would you use it for? What are win32 phase modules even? All I find are virus/trojan descriptions. btw, credits? This is the hidden content, please Sign In or Sign Up Which, ahem, "MalwareTech", this definitely sounds malware-y. I don't say this mine. You should be read something as carefull. Kind Regards Ken Do not be sorry, be better. Link to comment Share on other sites More sharing options...
Bot Metin2 Dev 4947 Posted April 4, 2015 Bot Share Posted April 4, 2015 Add the link to github then xD And you should probably explain why you need this and in what way it benefits our community. Link to comment Share on other sites More sharing options...
dreammaker 3 Posted February 3, 2016 Share Posted February 3, 2016 So what is it for ? Link to comment Share on other sites More sharing options...
IceShiva 151 Posted February 4, 2016 Share Posted February 4, 2016 This tool is for decrypting modules in Win32/PhaseBot-A malware so is useless in metin2 xD Link to comment Share on other sites More sharing options...
IceShiva 151 Posted February 4, 2016 Share Posted February 4, 2016 This tool is for decrypting modules in Win32/PhaseBot-A malware so is useless in metin2 xD Link to comment Share on other sites More sharing options...
Recommended Posts