Skip to content

Instantly share code, notes, and snippets.

@hasherezade

hasherezade/msil_dec.py

Last active July 11, 2020 13:06
Show Gist options
  • Save hasherezade/685bf3ef5857cadf05e0aeba4fd8061f to your computer and use it in GitHub Desktop.
Save hasherezade/685bf3ef5857cadf05e0aeba4fd8061f to your computer and use it in GitHub Desktop.
Download ZIP
Helper script for decoding some .NET cryptor
Raw
msil_dec.py
#!/usr/bin/python2.7
import argparse
def decode(data, key, offset, extra_rounds):
maxlen = len(data)
keylen = len(key)
j = 0 #key index
num2 = (maxlen - 1) * (extra_rounds + 1)
decoded = bytearray()
for i in range(offset, num2):
dec = ((data[i % maxlen] ^ key[j % keylen]) - (data[(i + 1) % maxlen] + 0x100)) % 0x100
j += 1
decoded.append(dec)
return decoded
def main():
parser = argparse.ArgumentParser(description="Helper script for decoding some .NET cryptor")
parser.add_argument('--file', dest="file", default=None, help="Input file (dumped from resources)", required=True)
parser.add_argument('--rounds', dest="rounds", default=0, help="Extra rounds", required=False, type=int)
parser.add_argument('--key', dest="key", default=None, help="Key")
parser.add_argument('--keyfile', dest="keyfile", default=None, help="File containing key (alternative to Key)")
parser.add_argument('--offset',dest="offset", default=0,type=int, help="Offset in file from which XOR should start")
args = parser.parse_args()
data = bytearray(open(args.file, 'rb').read())
if (args.key == None and args.keyfile == None):
print "Supply key or keyfile"
exit (-1)
if args.keyfile:
key = bytearray(open(args.keyfile, 'rb').read())
else:
key = bytearray(args.key)
offset = args.offset
print decode(data, key, offset, args.rounds)
if __name__ == "__main__":
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment