|
"""
Python 2.7 pseudo-code
Present by FORE
http://foreblog.tistory.com/
"""
class neko(Structure):
_fields_ = [ ('Signature',c_uint), # "neko"
('ullStructSize',c_ulonglong),
('dwAdlr32',c_uint),
('wFileName',c_ushort),
('FileName',c_wchar_p) ]
def get_key(adlr):
adlr ^= 0x1548E29C
first_one_byte_key = adlr & 0x000000FF
default_key = ((adlr) ^ (adlr>>0x18) ^ (adlr>>0x10) ^ (adlr>>0x08)) & 0x000000FF
if first_one_byte_key == 0:
first_one_byte_key = 0x9C
if default_key == 0:
default_key = 0xD7
return first_one_byte_key, default_key
def decode(buf,adlr):
first_key, def_key = get_key(adlr)
buf = list(struct.unpack('B'*len(buf),buf))
buf[0] ^= first_key
for i in range(len(buf)):
buf[i] ^= def_key
buf = struct.pack('B'*len(buf),*buf)
return buf
|
