eybisi · June 22, 2018 14:32 · eybisi · Jun 22, 2018
diff --git a/MysteryBot string decrypter b/MysteryBot string decrypter
 def socksl(strinput):
    length = len(strinput)
    arr = [0 for i in range(length)]
    i = length - 1
    while i >= 0:
        char1 = strinput[i]
        n = i - 1
        arr[i] = chr(ord(char1) ^ 0x5c)
        if n < 0:
            break
        i = n - 1
        arr[n] = chr(ord(strinput[n]) ^ 0x1e)

    return ''.join(arr)
    
 def get_string(addr):
  out = ""
  while True:
    if Byte(addr) != 0:
      out += chr(Byte(addr))
    else:
      break
    addr += 1
  return out
 def handle_function(func_start):
    for h in idautils.FuncItems(func_start):
 	    for xref in XrefsTo(h, 0):
 		    #print 'from', hex(xref.frm), 'to', hex(xref.to),
 		    inst = DecodePreviousInstruction(xref.frm)
 		    if(get_operand_type(inst.ea,1) != 9):
 			    continue
 		    st = get_string(get_name_ea(inst.ea,print_operand(inst.ea,1)))
 		    dec = socksl(st)
 		    print get_operand_type(inst.ea,1),c,st,"-->",dec
 		    set_cmt(xref.frm,dec,1)
	def socksl(strinput):
	length = len(strinput)
	arr = [0 for i in range(length)]
	i = length - 1
	while i >= 0:
	char1 = strinput[i]
	n = i - 1
	arr[i] = chr(ord(char1) ^ 0x5c)
	if n < 0:
	break
	i = n - 1
	arr[n] = chr(ord(strinput[n]) ^ 0x1e)

	return ''.join(arr)

	def get_string(addr):
	out = ""
	while True:
	if Byte(addr) != 0:
	out += chr(Byte(addr))
	else:
	break
	addr += 1
	return out
	def handle_function(func_start):
	for h in idautils.FuncItems(func_start):
	for xref in XrefsTo(h, 0):
	#print 'from', hex(xref.frm), 'to', hex(xref.to),
	inst = DecodePreviousInstruction(xref.frm)
	if(get_operand_type(inst.ea,1) != 9):
	continue
	st = get_string(get_name_ea(inst.ea,print_operand(inst.ea,1)))
	dec = socksl(st)
	print get_operand_type(inst.ea,1),c,st,"-->",dec
	set_cmt(xref.frm,dec,1)