好友
阅读权限10
听众
最后登录1970-1-1
|
杨辣子
发表于 2021-7-2 15:29
最近在搞手机刷机包, 用到一款工具写的不错,想看看脚本,notepad++打开后竟然是这个样子的
这东西阻碍了我学习的脚步,丢进 010 Editor 看看
看到了加密工具 BatchEncryption Build 201610
再次百度发现了这个 还原BatchEncryption(201610版本)混淆的批处理文件
尊重下作者转载注明下出处
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/Hunter98234/article/details/108672926
————————————————
文章中的py代码能解密脚本里的英文, 但是带中文就解不出来了,所以为了日后学习方便,自己简单的改造了一番, 再次向原作者致敬!!!
#!/usr/bin/python
# -*- coding:utf-8 -*-
#
# Batch Decryption 202009 (BatchEncryption Build 201610)
#
import os
import sys
encrypt_file = ''
encodeErrByteArray = [b'\xfe', b'\xff']
def decryption(data):
# 去除头部后的源代码下标开始位置
i = data.index(b'163.com\r\n') + 9
vars = {}
length = len(data)
source = ''
while i < length:
Data = run(vars, data, i)
i = Data.get('index')
source += Data.get('buf')
return source
def run(vars, data, i):
buf = ''
f = 0
t = 0
x = False
l = len(data)
while(True):
if data[i] == 0x0d and data[i+1] == 0x0a:
i += 2
break
# get %var:~x,y% %0
if data[i] == 0x25:
if not x:
x = True
f = i
else:
x = False
t = i
rst = var_percent(data[f:t+1], vars)
buf += rst
i += 1
else:
if not x:
try:
buf += str(data[i:i+1], encoding="utf-8")
i += 1
except Exception as err:
# 过滤掉无法解析的字节
if data[i:i+1] in encodeErrByteArray:
buf = ''
i += 1
else:
# 以ansi码解析中文
chinese = b''
temp = i
while (str(data[temp:temp+1]).find('x') >= 0):
chinese += data[temp:temp+1]
temp += 1
buf += chinese.decode('ansi', 'ignore')
i = temp
else:
if (f + 1 == i) and ((data[i] >= 0x30 and data[i] <= 0x39) or data[i] == 0x2a):
x = False
t = i
rst = str(data[f:t+1], encoding="utf-8")
buf += rst
i += 1
if i >= l:
break
#print(buf)
bufs = buf.split('&@')
for var in bufs:
if var[0:4] == 'set ':
var = var[4:]
b = var.find('=')
vars[var[0:b]] = var[b+1:].replace('^^^', '^')
buf += '\r\n'
return {'index':i, 'buf':buf}
"""
%':~-53,1%
':~-53,1
["'", '-53,1']
"""
def var_percent(data, vars):
full = str(data, encoding="utf-8")
buf = full[1:len(full)-1]
buf = buf.split(':~')
var = buf[0]
if not var in vars:
vars[var] = os.getenv(var)
ent = vars[var]
if (len(buf) > 1):
l = len(ent)
buf = buf[1].split(',')
f = int(buf[0])
t = int(buf[1])
if f < 0:
f, t = l + f, t
rst = ent[f: f+t]
else:
rst = full
return rst
def makeFile(path,content):
try:
encryptionFilePath = os.path.dirname(sys.argv[1])
encryptionFileName = os.path.basename(sys.argv[1])
encryptionFile = encryptionFileName.split('.')
decryptionFileName = encryptionFile[0] + '_denctyption.' + encryptionFile[1]
decryptionFile = encryptionFilePath + '/' + decryptionFileName
print(decryptionFile)
file = open(decryptionFile, 'w+')
file.write(content)
file.close()
except Exception as err:
print(err)
exit
if __name__ == '__main__':
try:
if len(sys.argv) < 2:
print('param len error\nuse: python dencrypt.py encrypt.bat')
exit
encrypt_file = sys.argv[1]
file = open(encrypt_file, "rb")
data = file.read()
file.close()
source = decryption(data)
makeFile(encrypt_file, source)
except Exception as err:
print(err)
exit
自己装的是python39,代码右键保存即可
使用起来也很简单 cmd 打开黑窗 python 保存的文件.py 然后把文件拖进窗口, 按下回车即可
由于样理有限,自己测试解过是没问题的,如果遇到问题欢迎大家在评论区讨论
最后说一点, 本人py小白,但是爱折腾,所以脚本写的一般,换应大佬斧正[抱拳了] |
免费评分
-
查看全部评分
|
发帖前要善用【论坛搜索】功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。 |
|
|
|
|
|
|
[复制链接]
|
发表于 2021-7-2 16:28
