Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error on my Project #28

Open
liberodark opened this issue May 22, 2020 · 1 comment
Open

Error on my Project #28

liberodark opened this issue May 22, 2020 · 1 comment

Comments

@liberodark
Copy link

Hi have see error on test in project.

bash -x unshc.sh mytest
+ VERSION=0.8
++ which objdump
+ OBJDUMP=/usr/bin/objdump
++ which grep
+ GREP=/usr/bin/grep
++ which cut
+ CUT=/usr/bin/cut
++ which shred
+ SHRED=/usr/bin/shred
++ which uniq
+ UNIQ=/usr/bin/uniq
++ which sort
+ SORT=/usr/bin/sort
++ which gcc
+ GCC=/usr/bin/gcc
++ which wc
+ WC=/usr/bin/wc
++ which awk
+ AWK=/usr/bin/awk
++ which sed
+ SED=/usr/bin/sed
++ which tr
+ TR=/usr/bin/tr
++ which head
+ HEAD=/usr/bin/head
++ which tail
+ TAIL=/usr/bin/tail
+ BINARY=
++ mktemp /tmp/XXXXXX
+ TMPBINARY=/tmp/XbLH3c
+ DUMPFILE=
+ STRINGFILE=
++ mktemp /tmp/XXXXXX
+ CALLFILE=/tmp/toqAgr
++ mktemp /tmp/XXXXXX
+ CALLADDRFILE=/tmp/iPrMJZ
++ mktemp /tmp/XXXXXX
+ CALLSIZEFILE=/tmp/DXRuaq
+ declare -A LISTOFCALL
+ j=0
+ echo ' _   _       _____ _   _      '
 _   _       _____ _   _      
+ echo '| | | |     /  ___| | | |     '
| | | |     /  ___| | | |     
+ echo '| | | |_ __ \ `--.| |_| | ___ '
| | | |_ __ \ `--.| |_| | ___ 
+ echo '| | | | '\''_ \ `--. \  _  |/ __|'
| | | | '_ \ `--. \  _  |/ __|
+ echo '| |_| | | | /\__/ / | | | (__ '
| |_| | | | /\__/ / | | | (__ 
+ echo ' \___/|_| |_\____/\_| |_/\___|'
 \___/|_| |_\____/\_| |_/\___|
+ echo

+ echo '--- UnSHc - The shc decrypter.'
--- UnSHc - The shc decrypter.
+ echo '--- Version: 0.8'
--- Version: 0.8
+ echo ------------------------------
------------------------------
+ echo 'UnSHc is used to decrypt script encrypted with SHc'
UnSHc is used to decrypt script encrypted with SHc
+ echo 'Original idea from Luiz Octavio Duarte (LOD)'
Original idea from Luiz Octavio Duarte (LOD)
+ echo 'Updated and modernized by Yann CAM'
Updated and modernized by Yann CAM
+ echo '- SHc   : [http://www.datsi.fi.upm.es/~frosal/]'
- SHc   : [http://www.datsi.fi.upm.es/~frosal/]
+ echo '- UnSHc : [https://www.asafety.fr/unshc-the-shc-decrypter/]'
- UnSHc : [https://www.asafety.fr/unshc-the-shc-decrypter/]
+ echo ------------------------------
------------------------------
+ echo

+ '[' 1 -lt 1 ']'
+ check_binaries
+ '[' '!' -x /usr/bin/objdump ']'
+ '[' '!' -x /usr/bin/grep ']'
+ '[' '!' -x /usr/bin/cut ']'
+ '[' '!' -x /usr/bin/shred ']'
+ '[' '!' -x /usr/bin/uniq ']'
+ '[' '!' -x /usr/bin/sort ']'
+ '[' '!' -x /usr/bin/gcc ']'
+ '[' '!' -x /usr/bin/wc ']'
++ getopt -o h,a:,d:,s:,o: -l help,arc4:,dumpfile:,stringfile:,outputfile: -- mytest
+ OPTS=' -- '\''mytest'\'''
+ '[' 0 '!=' 0 ']'
+ '[' 1 -gt 0 ']'
+ case "$1" in
+ echo '[*] Input file name to decrypt [mytest]'
[*] Input file name to decrypt [mytest]
+ BINARY=mytest
+ shift 1
+ '[' 0 -gt 0 ']'
+ '[' '!' -e mytest ']'
+ '[' -z '' ']'
++ mktemp /tmp/XXXXXX
+ DUMPFILE=/tmp/A21aQo
+ '[' -z '' ']'
++ mktemp /tmp/XXXXXX
+ STRINGFILE=/tmp/5XRbi5
+ generate_dump
+ /usr/bin/objdump -D mytest
+ /usr/bin/objdump -s mytest
+ c=1
+ '[' -z '' ']'
++ /usr/bin/wc -l
+ [[ 0 -ne 14 ]]
+ extract_arc4_call_addr 1
+ TAILNUMBER=1
++ /usr/bin/grep -Eo 'call.*[0-9a-f]{6,}' /tmp/A21aQo
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/uniq -c
++ /usr/bin/sort
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/grep -Eo '(14).*[0-9a-f]{6,}'
++ /usr/bin/sort
+ CALLADDRS='14425f0e
403310
403780
409fb6
407b50
407799'
++ wc -l
+ TAILMAX=6
++ echo '14425f0e
403310
403780
409fb6
407b50
407799'
++ /usr/bin/sed 's/ /\n/g'
++ /usr/bin/head -n 1
++ /usr/bin/tail -n 1
+ CALLADDR=407799
+ [[ -z 407799 ]]
+ [[ 1 -gt 6 ]]
+ echo '[+] ARC4 address call candidate : [0x407799]'
[+] ARC4 address call candidate : [0x407799]
+ extract_variables_from_binary
+ echo '[*] Extracting each args address and size for the 14 arc4() calls with address [0x407799]...'
[*] Extracting each args address and size for the 14 arc4() calls with address [0x407799]...
+ i=2
++ /usr/bin/wc -l
+ [[ 0 -ne 14 ]]
+ /usr/bin/grep -B 2 'call.*407799' /tmp/A21aQo
+ /usr/bin/grep -v 407799
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=3
+ '[' 3 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 299 -ne 14 ]]
+ /usr/bin/grep -B 3 'call.*407799' /tmp/A21aQo
+ /usr/bin/grep -v 407799
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=4
+ '[' 4 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 300 -ne 14 ]]
+ /usr/bin/grep -B 4 'call.*407799' /tmp/A21aQo
+ /usr/bin/grep -v 407799
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=5
+ '[' 5 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 310 -ne 14 ]]
+ /usr/bin/grep -B 5 'call.*407799' /tmp/A21aQo
+ /usr/bin/grep -v 407799
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=6
+ '[' 6 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 316 -ne 14 ]]
+ /usr/bin/grep -B 6 'call.*407799' /tmp/A21aQo
+ /usr/bin/grep -v 407799
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=7
+ '[' 7 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 328 -ne 14 ]]
+ /usr/bin/grep -B 7 'call.*407799' /tmp/A21aQo
+ /usr/bin/grep -v 407799
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=8
+ '[' 8 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 343 -ne 14 ]]
+ /usr/bin/grep -B 8 'call.*407799' /tmp/A21aQo
+ /usr/bin/grep -v 407799
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=9
+ '[' 9 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 374 -ne 14 ]]
+ /usr/bin/grep -B 9 'call.*407799' /tmp/A21aQo
+ /usr/bin/grep -v 407799
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=10
+ '[' 10 -eq 10 ']'
+ echo '[-] Unable to extract addresses of 14 arc4 args with ARC4 address call [0x407799]...'
[-] Unable to extract addresses of 14 arc4 args with ARC4 address call [0x407799]...
+ return
+ c=2
++ /usr/bin/wc -l
+ [[ 0 -ne 14 ]]
+ extract_arc4_call_addr 2
+ TAILNUMBER=2
++ /usr/bin/grep -Eo 'call.*[0-9a-f]{6,}' /tmp/A21aQo
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/uniq -c
++ /usr/bin/sort
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/grep -Eo '(14).*[0-9a-f]{6,}'
++ /usr/bin/sort
+ CALLADDRS='14425f0e
403310
403780
409fb6
407b50
407799'
++ wc -l
+ TAILMAX=6
++ echo '14425f0e
403310
403780
409fb6
407b50
407799'
++ /usr/bin/sed 's/ /\n/g'
++ /usr/bin/tail -n 2
++ /usr/bin/head -n 1
+ CALLADDR=407b50
+ [[ -z 407b50 ]]
+ [[ 2 -gt 6 ]]
+ echo '[+] ARC4 address call candidate : [0x407b50]'
[+] ARC4 address call candidate : [0x407b50]
+ extract_variables_from_binary
+ echo '[*] Extracting each args address and size for the 14 arc4() calls with address [0x407b50]...'
[*] Extracting each args address and size for the 14 arc4() calls with address [0x407b50]...
+ i=2
++ /usr/bin/wc -l
+ [[ 394 -ne 14 ]]
+ /usr/bin/grep -B 2 'call.*407b50' /tmp/A21aQo
+ /usr/bin/grep -v 407b50
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=3
+ '[' 3 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 148 -ne 14 ]]
+ /usr/bin/grep -B 3 'call.*407b50' /tmp/A21aQo
+ /usr/bin/grep -v 407b50
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=4
+ '[' 4 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 148 -ne 14 ]]
+ /usr/bin/grep -B 4 'call.*407b50' /tmp/A21aQo
+ /usr/bin/grep -v 407b50
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=5
+ '[' 5 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 148 -ne 14 ]]
+ /usr/bin/grep -B 5 'call.*407b50' /tmp/A21aQo
+ /usr/bin/grep -v 407b50
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=6
+ '[' 6 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 148 -ne 14 ]]
+ /usr/bin/grep -B 6 'call.*407b50' /tmp/A21aQo
+ /usr/bin/grep -v 407b50
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=7
+ '[' 7 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 148 -ne 14 ]]
+ /usr/bin/grep -B 7 'call.*407b50' /tmp/A21aQo
+ /usr/bin/grep -v 407b50
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=8
+ '[' 8 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 148 -ne 14 ]]
+ /usr/bin/grep -B 8 'call.*407b50' /tmp/A21aQo
+ /usr/bin/grep -v 407b50
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=9
+ '[' 9 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 148 -ne 14 ]]
+ /usr/bin/grep -B 9 'call.*407b50' /tmp/A21aQo
+ /usr/bin/grep -v 407b50
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=10
+ '[' 10 -eq 10 ']'
+ echo '[-] Unable to extract addresses of 14 arc4 args with ARC4 address call [0x407b50]...'
[-] Unable to extract addresses of 14 arc4 args with ARC4 address call [0x407b50]...
+ return
+ c=3
++ /usr/bin/wc -l
+ [[ 0 -ne 14 ]]
+ extract_arc4_call_addr 3
+ TAILNUMBER=3
++ /usr/bin/grep -Eo 'call.*[0-9a-f]{6,}' /tmp/A21aQo
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/sort
++ /usr/bin/sort
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/uniq -c
++ /usr/bin/grep -Eo '(14).*[0-9a-f]{6,}'
+ CALLADDRS='14425f0e
403310
403780
409fb6
407b50
407799'
++ wc -l
+ TAILMAX=6
++ echo '14425f0e
403310
403780
409fb6
407b50
407799'
++ /usr/bin/sed 's/ /\n/g'
++ /usr/bin/tail -n 3
++ /usr/bin/head -n 1
+ CALLADDR=409fb6
+ [[ -z 409fb6 ]]
+ [[ 3 -gt 6 ]]
+ echo '[+] ARC4 address call candidate : [0x409fb6]'
[+] ARC4 address call candidate : [0x409fb6]
+ extract_variables_from_binary
+ echo '[*] Extracting each args address and size for the 14 arc4() calls with address [0x409fb6]...'
[*] Extracting each args address and size for the 14 arc4() calls with address [0x409fb6]...
+ i=2
++ /usr/bin/wc -l
+ [[ 148 -ne 14 ]]
+ /usr/bin/grep -B 2 'call.*409fb6' /tmp/A21aQo
+ /usr/bin/grep -v 409fb6
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=3
+ '[' 3 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 0 -ne 14 ]]
+ /usr/bin/grep -B 3 'call.*409fb6' /tmp/A21aQo
+ /usr/bin/grep -v 409fb6
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=4
+ '[' 4 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 0 -ne 14 ]]
+ /usr/bin/grep -B 4 'call.*409fb6' /tmp/A21aQo
+ /usr/bin/grep -v 409fb6
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=5
+ '[' 5 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 0 -ne 14 ]]
+ /usr/bin/grep -B 5 'call.*409fb6' /tmp/A21aQo
+ /usr/bin/grep -v 409fb6
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=6
+ '[' 6 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 1 -ne 14 ]]
+ /usr/bin/grep -B 6 'call.*409fb6' /tmp/A21aQo
+ /usr/bin/grep -v 409fb6
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=7
+ '[' 7 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 4 -ne 14 ]]
+ /usr/bin/grep -B 7 'call.*409fb6' /tmp/A21aQo
+ /usr/bin/grep -v 409fb6
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=8
+ '[' 8 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 5 -ne 14 ]]
+ /usr/bin/grep -B 8 'call.*409fb6' /tmp/A21aQo
+ /usr/bin/grep -v 409fb6
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=9
+ '[' 9 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 7 -ne 14 ]]
+ /usr/bin/grep -B 9 'call.*409fb6' /tmp/A21aQo
+ /usr/bin/grep -v 409fb6
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=10
+ '[' 10 -eq 10 ']'
+ echo '[-] Unable to extract addresses of 14 arc4 args with ARC4 address call [0x409fb6]...'
[-] Unable to extract addresses of 14 arc4 args with ARC4 address call [0x409fb6]...
+ return
+ c=4
++ /usr/bin/wc -l
+ [[ 0 -ne 14 ]]
+ extract_arc4_call_addr 4
+ TAILNUMBER=4
++ /usr/bin/grep -Eo 'call.*[0-9a-f]{6,}' /tmp/A21aQo
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/sort
++ /usr/bin/sort
++ /usr/bin/grep -Eo '(14).*[0-9a-f]{6,}'
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/uniq -c
+ CALLADDRS='14425f0e
403310
403780
409fb6
407b50
407799'
++ wc -l
+ TAILMAX=6
++ echo '14425f0e
403310
403780
409fb6
407b50
407799'
++ /usr/bin/sed 's/ /\n/g'
++ /usr/bin/head -n 1
++ /usr/bin/tail -n 4
+ CALLADDR=403780
+ [[ -z 403780 ]]
+ [[ 4 -gt 6 ]]
+ echo '[+] ARC4 address call candidate : [0x403780]'
[+] ARC4 address call candidate : [0x403780]
+ extract_variables_from_binary
+ echo '[*] Extracting each args address and size for the 14 arc4() calls with address [0x403780]...'
[*] Extracting each args address and size for the 14 arc4() calls with address [0x403780]...
+ i=2
++ /usr/bin/wc -l
+ [[ 7 -ne 14 ]]
+ /usr/bin/grep -B 2 'call.*403780' /tmp/A21aQo
+ /usr/bin/grep -v 403780
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=3
+ '[' 3 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 14 -ne 14 ]]
+ i=3
++ /usr/bin/wc -l
+ [[ 0 -ne 14 ]]
+ /usr/bin/grep -B 3 'call.*403780' /tmp/A21aQo
+ /usr/bin/grep -v 403780
+ /usr/bin/grep -Ev '0x[0-9a-f]{6,}'
+ /usr/bin/grep -Eo '(0x[0-9a-f]+,)'
+ /usr/bin/grep -Eo '(0x[0-9a-f]+)'
+ i=4
+ '[' 4 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 5 -ne 14 ]]
+ /usr/bin/grep -B 4 'call.*403780' /tmp/A21aQo
+ /usr/bin/grep -v 403780
+ /usr/bin/grep -Eo '(0x[0-9a-f]+)'
+ /usr/bin/grep -Eo '(0x[0-9a-f]+,)'
+ /usr/bin/grep -Ev '0x[0-9a-f]{6,}'
+ i=5
+ '[' 5 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 6 -ne 14 ]]
+ /usr/bin/grep -B 5 'call.*403780' /tmp/A21aQo
+ /usr/bin/grep -v 403780
+ /usr/bin/grep -Eo '(0x[0-9a-f]+)'
+ /usr/bin/grep -Ev '0x[0-9a-f]{6,}'
+ /usr/bin/grep -Eo '(0x[0-9a-f]+,)'
+ i=6
+ '[' 6 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 7 -ne 14 ]]
+ /usr/bin/grep -B 6 'call.*403780' /tmp/A21aQo
+ /usr/bin/grep -v 403780
+ /usr/bin/grep -Eo '(0x[0-9a-f]+)'
+ /usr/bin/grep -Ev '0x[0-9a-f]{6,}'
+ /usr/bin/grep -Eo '(0x[0-9a-f]+,)'
+ i=7
+ '[' 7 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 11 -ne 14 ]]
+ /usr/bin/grep -B 7 'call.*403780' /tmp/A21aQo
+ /usr/bin/grep -v 403780
+ /usr/bin/grep -Eo '(0x[0-9a-f]+)'
+ /usr/bin/grep -Eo '(0x[0-9a-f]+,)'
+ /usr/bin/grep -Ev '0x[0-9a-f]{6,}'
+ i=8
+ '[' 8 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 12 -ne 14 ]]
+ /usr/bin/grep -B 8 'call.*403780' /tmp/A21aQo
+ /usr/bin/grep -v 403780
+ /usr/bin/grep -Eo '(0x[0-9a-f]+,)'
+ /usr/bin/grep -Ev '0x[0-9a-f]{6,}'
+ /usr/bin/grep -Eo '(0x[0-9a-f]+)'
+ i=9
+ '[' 9 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 16 -ne 14 ]]
+ /usr/bin/grep -B 9 'call.*403780' /tmp/A21aQo
+ /usr/bin/grep -v 403780
+ /usr/bin/grep -Eo '(0x[0-9a-f]+,)'
+ /usr/bin/grep -Eo '(0x[0-9a-f]+)'
+ /usr/bin/grep -Ev '0x[0-9a-f]{6,}'
+ i=10
+ '[' 10 -eq 10 ']'
+ echo '[-] Unable to extract sizes of 14 arc4 args with ARC4 address call [0x403780]...'
[-] Unable to extract sizes of 14 arc4 args with ARC4 address call [0x403780]...
+ return
+ c=5
++ /usr/bin/wc -l
+ [[ 17 -ne 14 ]]
+ extract_arc4_call_addr 5
+ TAILNUMBER=5
++ /usr/bin/grep -Eo 'call.*[0-9a-f]{6,}' /tmp/A21aQo
++ /usr/bin/sort
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/sort
++ /usr/bin/grep -Eo '(14).*[0-9a-f]{6,}'
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/uniq -c
+ CALLADDRS='14425f0e
403310
403780
409fb6
407b50
407799'
++ wc -l
+ TAILMAX=6
++ echo '14425f0e
403310
403780
409fb6
407b50
407799'
++ /usr/bin/sed 's/ /\n/g'
++ /usr/bin/tail -n 5
++ /usr/bin/head -n 1
+ CALLADDR=403310
+ [[ -z 403310 ]]
+ [[ 5 -gt 6 ]]
+ echo '[+] ARC4 address call candidate : [0x403310]'
[+] ARC4 address call candidate : [0x403310]
+ extract_variables_from_binary
+ echo '[*] Extracting each args address and size for the 14 arc4() calls with address [0x403310]...'
[*] Extracting each args address and size for the 14 arc4() calls with address [0x403310]...
+ i=2
++ /usr/bin/wc -l
+ [[ 14 -ne 14 ]]
+ i=3
++ /usr/bin/wc -l
+ [[ 17 -ne 14 ]]
+ /usr/bin/grep -B 3 'call.*403310' /tmp/A21aQo
+ /usr/bin/grep -v 403310
+ /usr/bin/grep -Eo '(0x[0-9a-f]+)'
+ /usr/bin/grep -Eo '(0x[0-9a-f]+,)'
+ /usr/bin/grep -Ev '0x[0-9a-f]{6,}'
+ i=4
+ '[' 4 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 14 -ne 14 ]]
+ IFS='
'
+ read -d '' -r -a LISTOFADDR
+ IFS='
'
+ read -d '' -r -a LISTOFSIZE
+ (( x = 0 ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x1
+ echo -e '\t[0] Working with var address at offset [0x470040] (0x1 bytes)'
	[0] Working with var address at offset [0x470040] (0x1 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=2
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 1 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_MSG1=
+ VAR_MSG1_Z=0x1
+ j=1
+ (( x = x+1  ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x0
+ echo -e '\t[1] Working with var address at offset [0x470040] (0x0 bytes)'
	[1] Working with var address at offset [0x470040] (0x0 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=2
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 1 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_DATE=
+ VAR_DATE_Z=0x0
+ j=2
+ (( x = x+1  ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x1
+ echo -e '\t[2] Working with var address at offset [0x470040] (0x1 bytes)'
	[2] Working with var address at offset [0x470040] (0x1 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=2
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 1 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_SHLL=
+ VAR_SHLL_Z=0x1
+ j=3
+ (( x = x+1  ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x4
+ echo -e '\t[3] Working with var address at offset [0x470040] (0x4 bytes)'
	[3] Working with var address at offset [0x470040] (0x4 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=2
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 1 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_INLO=
+ VAR_INLO_Z=0x4
+ j=4
+ (( x = x+1  ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x25
+ echo -e '\t[4] Working with var address at offset [0x470040] (0x25 bytes)'
	[4] Working with var address at offset [0x470040] (0x25 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=4
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 3 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/sed -e s:T::g
++ /usr/bin/tr '\n' T
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_XECC=
+ VAR_XECC_Z=0x25
+ j=5
+ (( x = x+1  ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x1000
+ echo -e '\t[5] Working with var address at offset [0x470040] (0x1000 bytes)'
	[5] Working with var address at offset [0x470040] (0x1000 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=258
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 257 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_LSTO=
+ VAR_LSTO_Z=0x1000
+ j=6
+ (( x = x+1  ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x1000
+ echo -e '\t[6] Working with var address at offset [0x470040] (0x1000 bytes)'
	[6] Working with var address at offset [0x470040] (0x1000 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=258
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 257 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_TST1=
+ VAR_TST1_Z=0x1000
+ j=7
+ (( x = x+1  ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x30
+ echo -e '\t[7] Working with var address at offset [0x470040] (0x30 bytes)'
	[7] Working with var address at offset [0x470040] (0x30 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=5
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 4 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_CHK1=
+ VAR_CHK1_Z=0x30
+ j=8
+ (( x = x+1  ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x57
+ echo -e '\t[8] Working with var address at offset [0x470040] (0x57 bytes)'
	[8] Working with var address at offset [0x470040] (0x57 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=7
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 6 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_MSG2=
+ VAR_MSG2_Z=0x57
+ j=9
+ (( x = x+1  ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x4
+ echo -e '\t[9] Working with var address at offset [0x470040] (0x4 bytes)'
	[9] Working with var address at offset [0x470040] (0x4 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=2
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 1 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_RLAX=
+ VAR_RLAX_Z=0x4
+ j=10
+ (( x = x+1  ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x30
+ echo -e '\t[10] Working with var address at offset [0x470040] (0x30 bytes)'
	[10] Working with var address at offset [0x470040] (0x30 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=5
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 4 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/sed -e s:T::g
++ /usr/bin/tr '\n' T
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_OPTS=
+ VAR_OPTS_Z=0x30
+ j=11
+ (( x = x+1  ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x18
+ echo -e '\t[11] Working with var address at offset [0x470040] (0x18 bytes)'
	[11] Working with var address at offset [0x470040] (0x18 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=3
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 2 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_TEXT=
+ VAR_TEXT_Z=0x18
+ j=12
+ (( x = x+1  ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x0
+ echo -e '\t[12] Working with var address at offset [0x470040] (0x0 bytes)'
	[12] Working with var address at offset [0x470040] (0x0 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=2
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 1 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_TST2=
+ VAR_TST2_Z=0x0
+ j=13
+ (( x = x+1  ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x0
+ echo -e '\t[13] Working with var address at offset [0x470040] (0x0 bytes)'
	[13] Working with var address at offset [0x470040] (0x0 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=2
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 1 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_CHK2=
+ VAR_CHK2_Z=0x0
+ j=14
+ (( x = x+1  ))
+ (( x < 14 ))
+ c=6
++ /usr/bin/wc -l
+ [[ 14 -ne 14 ]]
+ extract_password_from_binary
+ echo '[*] Extracting password...'
[*] Extracting password...
+ KEY_ADDR=
+ KEY_SIZE=
+ i=5
+ [[ -z '' ]]
+ /usr/bin/grep -B 5 -m 1 'call.*403310' /tmp/A21aQo
+ /usr/bin/grep -v 403310
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -oE '0x[0-9a-z]{6,}+'
++ /usr/bin/head -n 1
+ KEY_ADDR=
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -v ''
++ /usr/bin/grep -oE '0x[0-9a-z]+'
++ /usr/bin/head -n 1
++ /usr/bin/grep -v movb
+ KEY_SIZE=
+ i=6
+ '[' 6 -eq 10 ']'
+ [[ -z '' ]]
+ /usr/bin/grep -B 6 -m 1 'call.*403310' /tmp/A21aQo
+ /usr/bin/grep -v 403310
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -oE '0x[0-9a-z]{6,}+'
++ /usr/bin/head -n 1
+ KEY_ADDR=
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -v ''
++ /usr/bin/grep -v movb
++ /usr/bin/grep -oE '0x[0-9a-z]+'
++ /usr/bin/head -n 1
+ KEY_SIZE=
+ i=7
+ '[' 7 -eq 10 ']'
+ [[ -z '' ]]
+ /usr/bin/grep -B 7 -m 1 'call.*403310' /tmp/A21aQo
+ /usr/bin/grep -v 403310
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -oE '0x[0-9a-z]{6,}+'
++ /usr/bin/head -n 1
+ KEY_ADDR=
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -v ''
++ /usr/bin/grep -v movb
++ /usr/bin/head -n 1
++ /usr/bin/grep -oE '0x[0-9a-z]+'
+ KEY_SIZE=
+ i=8
+ '[' 8 -eq 10 ']'
+ [[ -z '' ]]
+ /usr/bin/grep -B 8 -m 1 'call.*403310' /tmp/A21aQo
+ /usr/bin/grep -v 403310
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -oE '0x[0-9a-z]{6,}+'
++ /usr/bin/head -n 1
+ KEY_ADDR=
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -v movb
++ /usr/bin/grep -v ''
++ /usr/bin/head -n 1
++ /usr/bin/grep -oE '0x[0-9a-z]+'
+ KEY_SIZE=
+ i=9
+ '[' 9 -eq 10 ']'
+ [[ -z '' ]]
+ /usr/bin/grep -B 9 -m 1 'call.*403310' /tmp/A21aQo
+ /usr/bin/grep -v 403310
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -oE '0x[0-9a-z]{6,}+'
++ /usr/bin/head -n 1
+ KEY_ADDR=
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -v movb
++ /usr/bin/grep -v ''
++ /usr/bin/grep -oE '0x[0-9a-z]+'
++ /usr/bin/head -n 1
+ KEY_SIZE=
+ i=10
+ '[' 10 -eq 10 ']'
+ echo '[-] Error, function call previous first call of arc4() hasn'\''t been identified...'
[-] Error, function call previous first call of arc4() hasn't been identified...
+ exit_error
+ clean
+ /usr/bin/shred -zu -n 1 /tmp/A21aQo /tmp/toqAgr /tmp/iPrMJZ /tmp/DXRuaq /tmp/5XRbi5 /tmp/XbLH3c /tmp/XbLH3c.c
+ exit 1
@yanncam
Copy link
Owner

yanncam commented Oct 15, 2020

Hello,

Which version of shc do you use ?
Please read : #31

Sincerely,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@liberodark @yanncam