乐胖代购免代理版

#!/usr/bin/env python # # LICENSE # the GNU General Public License version 2 # import sys import pefile import re import argparse from struct import unpack, unpack_from # MZ Header MZ_HEADER = b"\x4D\x5A\x90\x00" RC4_KEY_LENGTH = 0x80 KEY_END = b"\x92\x5A\x76\x5D" # Config pattern CONFIG_PATTERNS = [re.compile("\x68(....)\xE8(....)\x59\x6A\x01\x58\xC3", re.DOTALL), re.compile("\x68(....)\xE8(....)\x59", re.DOTALL)] CONFIG_SIZE = 0xBF0 CONNECT_MODE = {0 : 'TCP' , 1 : 'HTTP with Credentials' , 2 : 'HTTP with Credentials', 3 : 'HTTP with Credentials', 5 : 'HTTP', 6 : 'HTTPS' , 7 : 'HTTPS' , 8 : 'HTTPS' ,} PROXY_MODE = {0 : 'Detect proxy settings' , 1 : 'Use config'} INJECTION_MODE = {0 : 'Create process' , 1 : 'Injection running process'} PROCESS_NAME = {0 : 'svchost.exe', 1 : 'iexplorer.exe', 2 : 'explorer.exe', 3 : 'Default browser' , 4: 'Setting process'} parser = argparse.ArgumentParser(description="TSCookie Data Config Parser") parser.add_argument("file", type=str, metavar="FILE", help="TSCookie Data file") args = parser.parse_args() # RC4 def rc4(data, key): x = 0 box = range(256) for i in range(256): x = (x + box[i] + ord(key[i % len(key)])) % 256 box[i], box[x] = box[x], box[i] x = 0 y = 0 out = [] for char in data: x = (x + 1) % 256 y = (y + box[x]) % 256 box[x], box[y] = box[y], box[x] out.append(chr(ord(char) ^ box[(box[x] + box[y]) % 256])) return ''.join(out) # helper function for formatting string def __format_string(data): return data.split("\x00")[0] # Parse config def parse_config(config): print("\n[Config data]") print("{0}\n".format("-" * 50)) print("Server name : {0}".format(__format_string(unpack_from("<1024s", config, 0)[0]))) print("KEY : 0x{0:X}".format(unpack_from(">I", config, 0x400)[0])) print("Sleep count : {0}".format(unpack_from("