-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathanubis_manual.py
29 lines (23 loc) · 1.14 KB
/
anubis_manual.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#!/usr/bin/python
from Crypto.Cipher import ARC4
import re
import sys
s = sys.argv[1]
#s = ' (byte) -65, (byte) -48, (byte) 33, (byte) 100, (byte) 26, (byte) -76, (byte) -117, (byte) -10, (byte) -90, (byte) 8, (byte) 125, (byte) 56, (byte) 83, (byte) -15, (byte) -104, (byte) -2, (byte) 78, (byte) 63, (byte) -24, (byte) 74, (byte) -21, (byte) -62, (byte) -35, (byte) -6, (byte) 95, (byte) 52, (byte) 64, (byte) -6, (byte) -116, (byte) 119, (byte) 68, (byte) 27, (byte) 102, (byte) -79, (byte) 48'
s = s.replace("Byte.MIN_VALUE","-128")
s = s.replace("Byte.MAX_VALUE","127")
key = re.findall(" (-?[0-9]+),?",s)
key = list(map(lambda x: int(x)&0xff,key))
key = b''.join(list(map(bytes,[key])))
print("\nKey = : {}".format(key))
#key = b'\xbf\xd0!d\x1a\xb4\x8b\xf6\xa6\x08}8S\xf1\x98\xfeN?\xe8J\xeb\xc2\xdd\xfa_4@\xfa\x8cwD\x1bf\xb10'
rc4 = ARC4.new(key)
f = open(sys.argv[2],"rb")
data = f.read()
filesize = int.from_bytes(data[0:4],byteorder='little') #length of file
f.close()
dec = rc4.decrypt(data[4:])
if dec[:2] == b'PK':
print("Zip header found : writing decrypted data to decryted.dex")
f = open("decrypted.dex","wb")
f.write(dec[:filesize])