Aloxaf · March 24, 2025 15:19
diff --git a/apate_recovery.py b/apate_recovery.py
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-

 import os
 import sys
 import struct

 def reverse_byte_array(buffer):
    """将字节数组逆序排列"""
    result = bytearray(buffer)
    result.reverse()
    return bytes(result)

 def bytes_to_int(byte_length):
    """将字节数组转换为 int"""
    return struct.unpack("<I", byte_length)[0]

 def reveal(file_path):
    """
    还原伪装后的文件
    
    参数:
        file_path: 伪装文件的路径
    
    返回:
        成功返回 1，失败返回 -1
    """
    try:
        # 获取文件信息
        file_size = os.path.getsize(file_path)
        
        # 伪装文件长度指示器长度 (固定为 4 字节)
        mask_length_indicator_length = 4
        
        with open(file_path, 'rb+') as f:
            # 读取伪装标头长度
            f.seek(file_size - mask_length_indicator_length)
            mask_head_length_bytes = f.read(mask_length_indicator_length)
            mask_head_length = bytes_to_int(mask_head_length_bytes)
            
            # 读取原始文件头
            if mask_head_length <= (file_size - mask_length_indicator_length - mask_head_length):
                # 正常情况: 面具长度小于真实文件长度
                f.seek(file_size - mask_length_indicator_length - mask_head_length)
                original_head = f.read(mask_head_length)
            else:
                # 非正常情况: 面具长度大于真实文件长度
                f.seek(mask_head_length)
                original_head = f.read(int(file_size - mask_length_indicator_length - mask_head_length))
            
            # 将原始头反转回来
            original_head = reverse_byte_array(original_head)
            
            # 写回原始文件头
            f.seek(0)
            f.write(original_head)
            
            # 截断文件，移除末尾的附加数据
            f.truncate(file_size - mask_head_length - mask_length_indicator_length)
        
        # 删除伪装文件扩展名
        if '.' in file_path:
            new_file_path = file_path.rsplit('.', 1)[0]
            os.rename(file_path, new_file_path)
            
        return 1
    except Exception as e:
        print(f"还原文件时出错: {e}")
        return -1

 def main():
    if len(sys.argv) < 2:
        print("用法: python apate_recovery.py <文件路径> [文件路径 ...]")
        return
    
    success_count = 0
    fail_count = 0
    
    for file_path in sys.argv[1:]:
        if os.path.isfile(file_path):
            print(f"正在还原文件: {file_path}")
            result = reveal(file_path)
            if result == 1:
                success_count += 1
            else:
                fail_count += 1
        else:
            print(f"错误: {file_path} 不是有效的文件")
            fail_count += 1
    
    print(f"完成！成功: {success_count} 个，失败: {fail_count} 个")

 if __name__ == "__main__":
    main()
	#!/usr/bin/env python3
	# -- coding: utf-8 --

	import os
	import sys
	import struct

	def reverse_byte_array(buffer):
	"""将字节数组逆序排列"""
	result = bytearray(buffer)
	result.reverse()
	return bytes(result)

	def bytes_to_int(byte_length):
	"""将字节数组转换为 int"""
	return struct.unpack("<I", byte_length)[0]

	def reveal(file_path):
	"""
	还原伪装后的文件

	参数:
	file_path: 伪装文件的路径

	返回:
	成功返回 1，失败返回 -1
	"""
	try:
	# 获取文件信息
	file_size = os.path.getsize(file_path)

	# 伪装文件长度指示器长度 (固定为 4 字节)
	mask_length_indicator_length = 4

	with open(file_path, 'rb+') as f:
	# 读取伪装标头长度
	f.seek(file_size - mask_length_indicator_length)
	mask_head_length_bytes = f.read(mask_length_indicator_length)
	mask_head_length = bytes_to_int(mask_head_length_bytes)

	# 读取原始文件头
	if mask_head_length <= (file_size - mask_length_indicator_length - mask_head_length):
	# 正常情况: 面具长度小于真实文件长度
	f.seek(file_size - mask_length_indicator_length - mask_head_length)
	original_head = f.read(mask_head_length)
	else:
	# 非正常情况: 面具长度大于真实文件长度
	f.seek(mask_head_length)
	original_head = f.read(int(file_size - mask_length_indicator_length - mask_head_length))

	# 将原始头反转回来
	original_head = reverse_byte_array(original_head)

	# 写回原始文件头
	f.seek(0)
	f.write(original_head)

	# 截断文件，移除末尾的附加数据
	f.truncate(file_size - mask_head_length - mask_length_indicator_length)

	# 删除伪装文件扩展名
	if '.' in file_path:
	new_file_path = file_path.rsplit('.', 1)[0]
	os.rename(file_path, new_file_path)

	return 1
	except Exception as e:
	print(f"还原文件时出错: {e}")
	return -1

	def main():
	if len(sys.argv) < 2:
	print("用法: python apate_recovery.py <文件路径> [文件路径 ...]")
	return

	success_count = 0
	fail_count = 0

	for file_path in sys.argv[1:]:
	if os.path.isfile(file_path):
	print(f"正在还原文件: {file_path}")
	result = reveal(file_path)
	if result == 1:
	success_count += 1
	else:
	fail_count += 1
	else:
	print(f"错误: {file_path} 不是有效的文件")
	fail_count += 1

	print(f"完成！成功: {success_count} 个，失败: {fail_count} 个")

	if __name__ == "__main__":
	main()