Jump to content

Phase Dump

Ken

By Ken,
in Miscellaneous

 Share

Recommended Posts

Ken Mentor

Ken 895

Posted
Posted (edited) 
import sys

def rc4_crypt(data, key):
	S = list(range(256))
	j = 0
	out = []
 
	for i in range(256):
		j = (j + S[i] + ord( key[i % len(key)] )) % 256
		S[i] , S[j] = S[j] , S[i]
 
	i = j = 0
	for char in data:
		i = ( i + 1 ) % 256
		j = ( j + S[i] ) % 256
		S[i] , S[j] = S[j] , S[i]
		out.append(chr(ord(char) ^ S[(S[i] + S[j]) % 256]))    
	return ''.join(out)
	
def dump_file(src, dst):
	src_file = open(src, 'rb')
	src_file.seek(16)
	file_content = src_file.read()
	src_file.close()
	
	if ord(file_content[0]) != 0x9F or ord(file_content[1]) != 0x54:
		print("Error: Not a valid Phase module")
		return
	
	decrypted_pe = rc4_crypt(file_content, "Phase")
	
	dst_file = open(dst, 'wb')
	dst_file.write(decrypted_pe)
	dst_file.close()
	
if len(sys.argv) < 3:
	print("use %s input_file output_file" % sys.argv[0]);
else:
	dump_file(sys.argv[1], sys.argv[2])

Description :

 

Decrypting win32 phase modules..

 

Kind Regards

Ken

Edited by Ken
  • Dislove 1
  • Love 3

Do not be sorry, be better.

Link to comment
Share on other sites
  • Replies 8
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Think
Think

Yeah, but what would you use it for? What are win32 phase modules even? All I find are virus/trojan descriptions.   btw, credits? This is the hidden content, please&#

Ken
Ken

import sys def rc4_crypt(data, key): S = list(range(256)) j = 0 out = [] for i in range(256): j = (j + S[i] + ord( key[i % len(key)] )) % 256 S[i] , S[j] = S[j] , S[i] i = j = 0 for cha

Ken
Ken

print("use %s input_file output_file" % sys.argv[0]); Kind Regards Ken

Ken Mentor

Ken 895

Posted
  • Author
Posted

Yeah, but what would you use it for? What are win32 phase modules even?

All I find are virus/trojan descriptions.

 

btw, credits?

This is the hidden content, please

Which, ahem, "MalwareTech", this definitely sounds malware-y.

 

I don't say this mine. You should be read something as carefull.

 

Kind Regards

Ken

Do not be sorry, be better.

Link to comment
Share on other sites
  • 9 months later...
 Share
Go to topic listing

Announcements



×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.