30 lines
899 B
Python
30 lines
899 B
Python
#! /usr/bin/env python3
|
|
|
|
import sys
|
|
import pefile
|
|
import re
|
|
|
|
"""
|
|
Usage: cat <file> | python3 decoder_jaska_go.py
|
|
"""
|
|
|
|
binary_data = sys.stdin.buffer.read().decode("ISO-8859-1")
|
|
|
|
cert_regex = re.compile(r"\x2d\x2d\x42\x45\x47\x49\x4e\x20...\x00(?P<IP>([0-9]{1,3}\.){3}[0-9]{1,3})", re.DOTALL)
|
|
|
|
matches = cert_regex.search(binary_data)
|
|
print("IP", matches.group("IP"))
|
|
|
|
port_regex = re.compile(r"\x26\x5e\x3d\x76\x61\x72(?P<PORT>([0-9]{1,5}))\x6f\x70\x65\x6e", re.DOTALL)
|
|
matches = port_regex.search(binary_data)
|
|
print("PORT", matches.group("PORT"))
|
|
|
|
id_regex = re.compile(r"\x00\x00\x00\x00(?P<ID>[a-zA-Z0-9]{25})\x00\x00", re.DOTALL)
|
|
#matches = id_regex.search(binary_data)
|
|
#if matches:
|
|
# print(matches.group("ID"))
|
|
|
|
regkey_regex = re.compile(r"\x48\x4b\x4c\x4d(\\[A-Za-z0-9\-_\\]+)+", re.DOTALL)
|
|
matches = regkey_regex.findall(binary_data)
|
|
for match in matches:
|
|
print("HLKM REGKEY", match)
|