valkheim · December 27, 2020 16:16 · valkheim · Dec 27, 2020
diff --git a/debup.py b/debup.py
 #!/usr/bin/env python

 # Extract and decode McAfee quarantine BUP files
 # See https://kc.mcafee.com/corporate/index?page=content&id=KB72755

 import sys
 import zipfile


 def decode(filename):
    contents = bytes(open(filename, 'rb').read())
    decoded = bytes([byte ^ 0x6a for byte in contents])
    ext = 'txt' if filename == 'Details' else 'out'
    decoded_filename = f'{filename}.{ext}'
    with open(decoded_filename, 'wb') as fh:
        fh.write(decoded)

    print(f'> {decoded_filename}')


 def extract_bup_files(filename):
    names = []
    with zipfile.ZipFile(filename, 'r') as fh:
        names = fh.namelist()
        fh.extractall()

    return names


 def usage():
    print(f'{sys.argv[0]}: <filename.bup>', file=sys.stderr)
    sys.exit(2)


 if __name__ == '__main__':
    if len(sys.argv) < 2:
        usage()

    extracted_files = extract_bup_files(sys.argv[1])
    for extracted_file in extracted_files:
        decode(extracted_file)

    sys.exit(0)
	#!/usr/bin/env python

	# Extract and decode McAfee quarantine BUP files
	# See https://kc.mcafee.com/corporate/index?page=content&id=KB72755

	import sys
	import zipfile


	def decode(filename):
	contents = bytes(open(filename, 'rb').read())
	decoded = bytes([byte ^ 0x6a for byte in contents])
	ext = 'txt' if filename == 'Details' else 'out'
	decoded_filename = f'{filename}.{ext}'
	with open(decoded_filename, 'wb') as fh:
	fh.write(decoded)

	print(f'> {decoded_filename}')


	def extract_bup_files(filename):
	names = []
	with zipfile.ZipFile(filename, 'r') as fh:
	names = fh.namelist()
	fh.extractall()

	return names


	def usage():
	print(f'{sys.argv[0]}: <filename.bup>', file=sys.stderr)
	sys.exit(2)


	if __name__ == '__main__':
	if len(sys.argv) < 2:
	usage()

	extracted_files = extract_bup_files(sys.argv[1])
	for extracted_file in extracted_files:
	decode(extracted_file)

	sys.exit(0)