Skip to content

Instantly share code, notes, and snippets.

@brad-anton

brad-anton/WildFire XOR

Created July 13, 2016 01:39
Show Gist options
  • Save brad-anton/880d4af60b762f484fee59969b239024 to your computer and use it in GitHub Desktop.
Save brad-anton/880d4af60b762f484fee59969b239024 to your computer and use it in GitHub Desktop.
Download ZIP
Deobfuscate the WildFire Stage something payload :)
Raw
WildFire XOR
"""
Quick binary xor for WildFire
@brad_anton
Bigrmkwhrr.png 645e7f63886d74c5edd149caac1b41cd
Bigrmkwhrr.png.exe (output) ec5921b64581a7c6414680c36d50805c
"""
from itertools import cycle
key='Xlghooxwxclesvxa'
xor = cycle([ord(l) for l in key])
with open('Bigrmkwhrr.png', 'rb') as f:
with open('Bigrmkwhrr.png.exe', 'wb') as o:
o.write(bytearray([ord(b) ^ xor.next() for b in f.read()]))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment