Binary Source: OST on "Malware Reverse Engineering"
Problem: Often, malware writers employ various encoding and encryption techniques to avoid detection and complicate malware analysis. Solution: The below-referenced Python programs decode standard and custom Base64 encoded strings. Implementation: I. Sample Python 2.7 Standard Base64 Decoder (see analysis of APT1 WEBC2-CSON) #!/usr/bin/env python # -*- coding: iso-8859-15 -*- # created by Vitali Kremez import string import base64 encoded_string = raw_input("Enter your standard Base64 encoded string: ") print base64.decodestring(encoded_string) II. Sample Python 2.7 Custom Base64 Decoder #!/usr/bin/env python # -*- coding: iso-8859-15 -*- # created by Vitali Kremez import string import base64 temp_string = "" # string custom_b64 = "9ZABCDEFGHIJKLMNOPQRSTUVWXYabcdefghijklmnopqrstuvwxyz012345678+/" # Example of custom Base64 algorithm above Base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" cipher = raw_input("Enter your custom Base64 encoded string: ") for ch in cipher: if (ch in Base64): temp_string = temp_string + Base64[string.find(custom_b64, str(ch))] elif (ch == "="): temp_string += "=" decoded_string = base64.decodestring(temp_string) print(decoded_string) Preferred Usage: (1) Create a .py file using the above-referenced source code (2) Make this Python file executable in terminal: $ chmod +x [file path] (3) Edit any custom Base64 algorithm set in custom_b64 string variable (4) Run the file as an executable
0 Comments
Leave a Reply. |
AuthorVitali Kremez Archives
September 2016
Categories |