Skip to content

Instantly share code, notes, and snippets.

@7h3rAm

7h3rAm/dga_tinba.py

Created May 20, 2015 04:18
Show Gist options
  • Save 7h3rAm/f2bf0ee0489875ac1a4e to your computer and use it in GitHub Desktop.
Save 7h3rAm/f2bf0ee0489875ac1a4e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
dga_tinba.py
'''
Filename : TinBaDGA.py
Developer : Garage4Hackers
Greets : b0nd, FB1H2S, "vinnu", l0rdDeathStorm, nightrover and all g4h team
'''
import os, time
utility = "TinBaDGA"
def tinbaDGA(idomain, seed):
print "[+] "+utility+" : Initiated"
suffix = ".com"
domains = []
count = 0x03E8
eax = 0
edx = 0
for i in range(count) :
buf = ''
esi = seed
ecx = 0x10
eax = 0
edx = 0
for s in range(len(seed)) :
eax = ord(seed[s])
edx += eax
edi = idomain
ecx = 0x0C
d = 0
while ( ecx > 0 ):
al = eax & 0xFF
dl = edx & 0xFF
#print "0 eax : %x edx : %x ecx : %x" % (eax, edx, ecx)
#print "0 al : %x dl : %x" % (al, dl)
al = al + ord(idomain[d])
al = al ^ dl
#print "1 al : %x dl : %x" % (al, dl)
al += ord(idomain[d+1])
al = al & 0xFF
#print "2 al : %x dl : %x" % (al, dl)
eax = (eax & 0xFFFFFF00)+al
edx = (edx & 0xFFFFFF00)+dl
if al > 0x61 :
if al < 0x7A :
#al = ord(idomain[d])
eax = (eax & 0xFFFFFF00) +al
buf += chr(al)
d += 1
ecx -= 1
#print "\tal : %x ecx : %x" % (al, ecx)
continue
#time.sleep(4)
dl += 1
dl = dl & 0xFF
edx = (edx & 0xFFFFFF00)+dl
domain = buf+suffix
print "[%d] %s" %(i, domain)
domains.append(domain)
idomain = domain
return domains
def init():
harddomain = "ssrgwnrmgrxe.com"
seed = "oGkS3w3sGGOGG7oc"
domains = tinbaDGA(harddomain, seed)
index = 0
fp = open(utility+".log", "wb")
for domain in domains :
index += 1
line = "[%d] %s" % (index, domain)
fp.write(line+'\n')
print line
fp.close()
init()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment