查壳
查看ida
完整exp:
import string
import base64
def reverse1():
old_table='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='
new_table='0123456789XYZabcdefghijklABCDEFGHIJKLMNOPQRSTUVWmnopqrstuvwxyz+/='
s1='3pn1Ek92hmAEg38EXMn99J9YBf8='
print(base64.b64decode(s1.translate(str.maketrans(new_table,old_table))))
return base64.b64decode(s1.translate(str.maketrans(new_table,old_table)))
def RC4_init(s,aThi51sKey,len):
v8=0
k=[0]*128
for i in range(128):
s[i]=i
k[i]=aThi51sKey[i%len]
for i in range(128):
v8=(v8+s[i]+ord(k[i]))%128
#v8=(v3>>32)>>25+v8+s[i]+ord(k[i])&0x7f-(v3>>32)>>25
v5=s[i]
s[i]=s[v8]
s[v8]=v5
return s
def cry(s,inputs,len):
v6=0
v7=0
for i in range(len):
v6=(v6+1)%128
v7=(s[v6]+v7)%128
#v7=(v3>>32)>>25+s[v6]+v7&0x7f-(v3>>32)>>25
v5=s[v6]
s[v6]=s[v7]
s[v7]=v5
t=(s[v6]+s[v7])%128
inputs[i]=chr(s[t]^inputs[i])
return inputs
aThi51sKey='Thi5_1S_key?'
s=[0]*128
inputs=list(reverse1())
RC4_init(s,aThi51sKey,len(aThi51sKey))
inputs=cry(s,inputs,len(inputs))
inputs=''.join(inputs)
print(inputs)
补充点1:这里的类似#v8=(v3>>32)>>25+v8+s[i]+ord(k[i])&0x7f-(v3>>32)>>25要注释,用不着,应该改为s[]相关的数据取余128。