-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdecrypt.py
57 lines (51 loc) · 2.63 KB
/
decrypt.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#! /usr/bin/env python
# -*- coding: utf-8 -*-
import os
import zlib
import rotor
import marshal
import binascii
import argparse
import marshal
import pymarshal
class PYCEncryptor(object):
def __init__(self):
self.opcode_encrypt_map = {
1: 46, 2: 38, 3: 12, 4: 37, 5: 66, 10: 81, 11: 32, 12: 35, 13: 67, 15: 63, 19: 9, 20: 23, 21: 36, 22: 44, 23: 49, 24: 52, 25: 13, 26: 57, 28: 39, 30: 24, 31: 25, 32: 26, 33: 27, 40: 14, 41: 15, 42: 16, 43: 17, 50: 86, 51: 87, 52: 88, 53: 89, 54: 82, 55: 55, 56: 21, 57: 8, 58: 65, 59: 6, 60: 34, 61: 22, 62: 5, 63: 19, 64: 71, 65: 60, 66: 43, 67: 58, 68: 30, 71: 85, 72: 78, 73: 31, 74: 74, 75: 75, 76: 84, 77: 42, 78: 47, 79: 53, 80: 83, 81: 33, 83: 51, 84: 48, 85: 45, 87: 50, 88: 64, 89: 54, 90: 125, 91: 157, 93: 159, 94: 149, 96: 153, 97: 132, 99: 111, 101: 114, 102: 99, 103: 96, 104: 135, 105: 90, 106: 151, 107: 101, 108: 156, 109: 105, 110: 134, 111: 116, 112: 155, 113: 148, 114: 172, 115: 137, 116: 130, 119: 110, 120: 128, 121: 103, 122: 158, 130: 100, 131: 124, 132: 131, 133: 136, 140: 141, 141: 142, 142: 143, 143: 94
}
self.opcode_decrypt_map = {self.opcode_encrypt_map[key]: key for key in self.opcode_encrypt_map}
self.pyc27_header = "\x03\xf3\x0d\x0a\x00\x00\x00\x00"
def _decrypt_file(self, filename):
os.path.splitext(filename)
content = open(filename).read()
try:
m = pymarshal.loads(content)
except Exception as e:
print("[!] error: %s" % str(e))
try:
m = marshal.loads(content)
except Exception as e:
print("[!] error: %s" % str(e))
return None
return m.co_filename.replace('\\', '/'), pymarshal.dumps(m, self.opcode_decrypt_map)
def decrypt_file(self, input_file, output_file=None):
result = self._decrypt_file(input_file)
if not result:
return
pyc_filename, pyc_content = result
if not output_file:
output_file = os.path.basename(pyc_filename) + '.pyc'
with open(output_file, 'wb') as fd:
fd.write(self.pyc27_header + pyc_content)
output_file2 = output_file + '_noheader.pyc'
with open(output_file2, 'wb') as fd:
fd.write(pyc_content)
def main():
parser = argparse.ArgumentParser(description='onmyoji py decrypt tool')
parser.add_argument("INPUT_NAME", help='input file')
parser.add_argument("OUTPUT_NAME", help='output file')
args = parser.parse_args()
encryptor = PYCEncryptor()
encryptor.decrypt_file(args.INPUT_NAME, args.OUTPUT_NAME)
if __name__ == '__main__':
main()