Git Product home page Git Product logo

misc-code's Introduction

Miscellaenous code

Android/Flubot v3.6/v3.7 reverse engineering

  • ./flubot/CryptaxRocks.java: string de-obfuscation
  • ./flubot/flubot.js: Frida hook to display plaintext communication with C&C
  • ./frida-hook/michaelrocks.js: Frida hook to display de-obfuscated strings
  • ./flubot/DGA.java: standalone implementation of Flubot's DGA algorithm

Android/Ztorg reverse engineering

  • string-decode.py: standalone Python script to de-obfuscate Ztorg strings
  • DeobfuscateZtorg.py: JEB2 script to de-obfuscate Ztorg strings
  • r2ztorg.py : Radare2 r2pipe script to de-obfuscated Android/Ztorg strings

Android/MysteryBot reverse engineering

  • ReplaceAllatori.py: replace the ALLATORIxDEMO obfuscated string
  • JEBAllatori.py: de-obfuscation but not replacing

c1dd9c26671fddc83c9923493236d210d7461b29dd066f743bd4794c1d647549 (malicious Tous Anti Covid)

  • tous_anti.py: decrypt selected Base64+encrypted strings and put the result as comment

Android/Alien reverse engineering

  • aka Bankbot
  • sha256: ec3a10b4f38b45b7551807ba4342b111772c712c198e6a1a971dd043020f39a2
  • De-obfuscate strings: AlienBankbotDecrypt.py. Script for JEB4.

Android reverse engineering (general)

  • b64script.py: decode selected Base64 strings and put the result as comment

NFC Glucose sensor tools

See ./glucose-tools directory

Android/SpyAgent reverse engineering

  • spyserv.py: Dummy server to display uncompressed messages for Android malware for malware sha256: 885d07d1532dcce08ae8e0751793ec30ed0152eee3c1321e2d051b2f0e3fa3d7

Android/Oji.G!worm

  • grab-oji.py: Script to automatically grab fresh samples. This can be used to upload the samples to your favorite malware database for detection. Works as of May 7, 2021.

Android/MoqHao

Malware sha256: aad80d2ad20fe318f19b6197b76937bf7177dbb1746b7849dd7f05aab84e6724

  • MoqHaoUnpacker.java: program to unpack the sample. Provide as argument the encrypted asset. e.g. efl15a

Android/Bahamut

Malware sha256: fd1aac87399ad22234c503d8adb2ae9f0d950b6edf4456b1515a30100b5656a7

  • bahamutDecrypt.py: decrypts files or strings encrypted by the malware

Android/BianLian

Malware sha256: 5b9049c392eaf83b12b98419f14ece1b00042592b003a17e4e6f0fb466281368

misc-code's People

Contributors

cryptax avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.