{ "cells": [ { "cell_type": "code", "execution_count": 1, "metadata": { "colab": { "base_uri": "https://localhost:8080/" }, "id": "gGLYuEJ-TV3V", "outputId": "7e3d22cc-11fe-4763-860b-c599e19c58c8" }, "outputs": [ { "output_type": "stream", "name": "stdout", "text": [ "Collecting pycryptodome\n", " Downloading pycryptodome-3.23.0-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (3.4 kB)\n", "Collecting python-magic\n", " Downloading python_magic-0.4.27-py2.py3-none-any.whl.metadata (5.8 kB)\n", "Downloading pycryptodome-3.23.0-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.3 MB)\n", "\u001b[2K \u001b[90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\u001b[0m \u001b[32m2.3/2.3 MB\u001b[0m \u001b[31m19.8 MB/s\u001b[0m eta \u001b[36m0:00:00\u001b[0m\n", "\u001b[?25hDownloading python_magic-0.4.27-py2.py3-none-any.whl (13 kB)\n", "Installing collected packages: python-magic, pycryptodome\n", "Successfully installed pycryptodome-3.23.0 python-magic-0.4.27\n" ] } ], "source": [ "!pip install pycryptodome python-magic" ] }, { "cell_type": "code", "source": [ "import struct\n", "\n", "def write_dword(mem, offset, value):\n", " mem[offset:offset+4] = struct.pack('= 0x80000000 else value\n", "\n", "# Initialize memory\n", "mem = bytearray(64)\n", "a1 = 0 # Base address\n", "\n", "# Step 1: Assign initial values\n", "write_dword(mem, a1 + 32, 2106603520) # *(_DWORD *)(a1 + 32)\n", "write_dword(mem, a1 + 52, -813114951) # *(_DWORD *)(a1 + 52)\n", "\n", "# Step 2: Compute v1\n", "val_32 = signed_to_unsigned(read_dword(mem, a1 + 32))\n", "val_52 = signed_to_unsigned(read_dword(mem, a1 + 52))\n", "v1_unsigned = val_32 ^ val_52\n", "v1 = unsigned_to_signed(v1_unsigned)\n", "write_dword(mem, a1 + 16, v1) # *(_DWORD *)(a1 + 16)\n", "\n", "# Step 3: Continue assignments\n", "write_dword(mem, a1 + 36, -1277206859) # *(_DWORD *)(a1 + 36)\n", "write_dword(mem, a1 + 24, -1133814092) # *(_DWORD *)(a1 + 24)\n", "write_dword(mem, a1 + 44, -1046888086) # *(_DWORD *)(a1 + 44)\n", "write_dword(mem, a1 + 28, -568416319) # *(_DWORD *)(a1 + 28)\n", "write_dword(mem, a1 + 48, 1917069896) # *(_DWORD *)(a1 + 48)\n", "write_dword(mem, a1 + 40, 6015474) # *(_DWORD *)(a1 + 40)\n", "\n", "# Step 4: Compute more XOR operations\n", "val_36 = signed_to_unsigned(read_dword(mem, a1 + 36))\n", "tmp_unsigned = val_36 ^ 0x72442A48\n", "tmp = unsigned_to_signed(tmp_unsigned)\n", "write_dword(mem, a1 + 20, tmp) # *(_DWORD *)(a1 + 20)\n", "\n", "val_24 = signed_to_unsigned(read_dword(mem, a1 + 24))\n", "val_44 = signed_to_unsigned(read_dword(mem, a1 + 44))\n", "tmp_unsigned = val_24 ^ val_44\n", "tmp = unsigned_to_signed(tmp_unsigned)\n", "write_dword(mem, a1 + 8, tmp) # *(_DWORD *)(a1 + 8)\n", "\n", "val_28 = signed_to_unsigned(read_dword(mem, a1 + 28))\n", "tmp_unsigned = val_28 ^ 0x5BC9F2\n", "tmp = unsigned_to_signed(tmp_unsigned)\n", "write_dword(mem, a1 + 12, tmp) # *(_DWORD *)(a1 + 12)\n", "\n", "# Step 5: Extract the key bytes\n", "key_bytes = mem[a1 + 8:a1 + 24]\n", "key_hex = key_bytes.hex()\n", "\n", "print(f\"The hardcoded key is: {key_hex.upper()}\")\n" ], "metadata": { "colab": { "base_uri": "https://localhost:8080/" }, "id": "jCeZq5X5TSwR", "outputId": "785af5fd-a9f0-44a2-b74d-62c13768e8db" }, "execution_count": 2, "outputs": [ { "output_type": "stream", "name": "stdout", "text": [ "The hardcoded key is: DE9FF27D336E45DEB9E118B2FD749BC1\n" ] } ] }, { "cell_type": "code", "source": [ "import sys\n", "import zlib\n", "from Crypto.Cipher import AES\n", "from Crypto.Util.Padding import unpad\n", "import re\n", "\n", "def read_all_bytes(filename):\n", " \"\"\"Reads all bytes from a file.\"\"\"\n", " with open(filename, 'rb') as file:\n", " return file.read()\n", "\n", "def main():\n", " filename = \"/content/ScoringResource.dat\"\n", " file_bytes = read_all_bytes(filename)\n", "\n", " # Extract IV (first 12 bytes of the file)\n", " iv = file_bytes[:12]\n", "\n", " # Hardcoded key (same as in the C++ code)\n", " key = bytes([0xDE,0x9F, 0xF2, 0x7D, 0x33, 0x6E, 0x45, 0xDE, 0xB9, 0xE1, 0x18, 0xB2, 0xFD, 0x74, 0x9B, 0xC1])\n", "\n", " # Set up AES decryption in GCM mode\n", " cipher = AES.new(key, AES.MODE_GCM, nonce=iv)\n", "\n", " # Decrypt the data (everything after the IV)\n", " encrypted_data = file_bytes[12:]\n", " try:\n", " decrypted_data = cipher.decrypt(encrypted_data)\n", "\n", " # Decompress the data using zlib\n", " decompressed_data = zlib.decompress(decrypted_data)\n", "\n", " # Print the decompressed text\n", " x = decompressed_data.decode('utf-8')\n", " # Remove empty lines\n", " x = re.sub(r'\\n\\s*\\n', '\\n', x)\n", " print(\"Saving output to ScoringResource.xml\")\n", " with open('/content/ScoringResource.xml', 'w') as f:\n", " f.write(x)\n", " except Exception as e:\n", " print(f\"An error occurred: {e}\")\n", "\n", "if __name__ == \"__main__\":\n", " main()\n" ], "metadata": { "colab": { "base_uri": "https://localhost:8080/" }, "id": "PWc_jlrAXW8d", "outputId": "53991763-e886-4b4c-8c54-10c232c04b47" }, "execution_count": 7, "outputs": [ { "output_type": "stream", "name": "stdout", "text": [ "Saving output to ScoringResource.xml\n" ] } ] } ], "metadata": { "colab": { "provenance": [] }, "kernelspec": { "display_name": "Python 3", "name": "python3" }, "language_info": { "name": "python" } }, "nbformat": 4, "nbformat_minor": 0 }