From 76d513935ffcd952c31bb09faa53fb31a9aa2cb7 Mon Sep 17 00:00:00 2001
From: chris <chris@noreply.postblue.info>
Date: Mon, 27 May 2024 09:56:56 +0200
Subject: [PATCH] Upload files to "/"

---
 decoder_jaska_go.py | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 decoder_jaska_go.py

diff --git a/decoder_jaska_go.py b/decoder_jaska_go.py
new file mode 100644
index 0000000..ae7cfe9
--- /dev/null
+++ b/decoder_jaska_go.py
@@ -0,0 +1,30 @@
+#! /usr/bin/env python3
+
+import sys
+import pefile
+import re 
+
+"""
+Usage: cat <file> | python3 decoder_jaska_go.py
+"""
+
+binary_data = sys.stdin.buffer.read().decode("ISO-8859-1")
+
+cert_regex = re.compile(r"\x2d\x2d\x42\x45\x47\x49\x4e\x20...\x00(?P<IP>([0-9]{1,3}\.){3}[0-9]{1,3})", re.DOTALL)
+
+matches = cert_regex.search(binary_data)
+print("IP", matches.group("IP"))
+
+port_regex = re.compile(r"\x26\x5e\x3d\x76\x61\x72(?P<PORT>([0-9]{1,5}))\x6f\x70\x65\x6e", re.DOTALL)
+matches = port_regex.search(binary_data)
+print("PORT", matches.group("PORT"))
+
+id_regex = re.compile(r"\x00\x00\x00\x00(?P<ID>[a-zA-Z0-9]{25})\x00\x00", re.DOTALL)
+#matches = id_regex.search(binary_data)
+#if matches:
+#    print(matches.group("ID"))
+
+regkey_regex = re.compile(r"\x48\x4b\x4c\x4d(\\[A-Za-z0-9\-_\\]+)+", re.DOTALL)
+matches = regkey_regex.findall(binary_data)
+for match in matches:
+    print("HLKM REGKEY", match)