Won't work :-( #14
Comments
|
Hello, Can you send to me the orignal *.sh and encrypted files *.sh.x in attachment ? What is your distribution version (Ubuntu, Debian, CentOS ?) and architrecture (x86 / x64) ? It seems to be a problem with the grep command arround the line 309 in the latest version. Keep me informed, |
|
Of course, I attached all items for test. Arch is x86 and this is blackpanther-distro. |
|
Ok, I check on my side and I return to you as soon as possible. Sincerely, |
|
Hi yanncam, I saw the same issue. did shc change the algorithm? Thanks |
Yes i did lol ... it's open for new easy exploit search if any one find... :) |
|
Hello, Can you try again with the relaxed option of SHc (before using UnSHc) ? The Then retry to decrypt it with UnSHc. Sincerely, |
|
Hai yanncam can you help me decrypt this file |
and others
I made a testfile with echo "CRYPT/DECRYPT TEST"
`shc -f test.sh
Tested binary
./test.sh.x
CRYPT/DECRYPT TEST
`
Run unshc
`./unshc.sh test.sh.x
...
[] Input file name to decrypt [test.sh.x]
[+] ARC4 address call candidate : [0x804894e]
[] Extracting each args address and size for the 14 arc4() calls with address [0x804894e]...
[0] Working with var address at offset [0x804b09c] (0x8 bytes)
[1] Working with var address at offset [0x804b2c8] (0x8 bytes)
[2] Working with var address at offset [0x804b2c9] (0x8 bytes)
[3] Working with var address at offset [0x804b0de] (0x8 bytes)
[4] Working with var address at offset [0x804b0e2] (0x8 bytes)
[5] Working with var address at offset [0x804b0f4] (0x8 bytes)
[6] Working with var address at offset [0x804b123] (0x8 bytes)
[7] Working with var address at offset [0x804b13e] (0x8 bytes)
[8] Working with var address at offset [0x804b082] (0x8 bytes)
[9] Working with var address at offset [0x804b157] (0x8 bytes)
[10] Working with var address at offset [0x804b158] (0x8 bytes)
[11] Working with var address at offset [0x804b0f7] (0x8 bytes)
[12] Working with var address at offset [0x804b159] (0x8 bytes)
[13] Working with var address at offset [0x804b2b1] (0x8 bytes)
[*] Extracting password...
Usage: /usr/bin/grep [OPTION]... PATTERN [FILE]...
Try '/usr/bin/grep --help' for more information.
Usage: /usr/bin/grep [OPTION]... PATTERN [FILE]...
Try '/usr/bin/grep --help' for more information.
Usage: /usr/bin/grep [OPTION]... PATTERN [FILE]...
Try '/usr/bin/grep --help' for more information.
Usage: /usr/bin/grep [OPTION]... PATTERN [FILE]...
Try '/usr/bin/grep --help' for more information.
Usage: /usr/bin/grep [OPTION]... PATTERN [FILE]...
Try '/usr/bin/grep --help' for more information.
[-] Error, function call previous first call of arc4() hasn't been identified...
`
Callfile content:
`
[*] Extracting password...
8048cad: e8 cf fb ff ff call 8048881 <gmon_start@plt+0x161>
8048cb2: 83 c4 10 add $0x10,%esp
8048cb5: 83 ec 08 sub $0x8,%esp
8048cb8: 6a 41 push $0x41
8048cba: 68 9c b0 04 08 push $0x804b09c
Usage: /usr/bin/grep [OPTION]... PATTERN [FILE]...
Try '/usr/bin/grep --help' for more information.
8048ca8: 68 9e b1 04 08 push $0x804b19e
8048cad: e8 cf fb ff ff call 8048881 <gmon_start@plt+0x161>
8048cb2: 83 c4 10 add $0x10,%esp
8048cb5: 83 ec 08 sub $0x8,%esp
8048cb8: 6a 41 push $0x41
8048cba: 68 9c b0 04 08 push $0x804b09c
Usage: /usr/bin/grep [OPTION]... PATTERN [FILE]...
Try '/usr/bin/grep --help' for more information.
8048ca3: 68 00 01 00 00 push $0x100
8048ca8: 68 9e b1 04 08 push $0x804b19e
8048cad: e8 cf fb ff ff call 8048881 <gmon_start@plt+0x161>
8048cb2: 83 c4 10 add $0x10,%esp
8048cb5: 83 ec 08 sub $0x8,%esp
8048cb8: 6a 41 push $0x41
8048cba: 68 9c b0 04 08 push $0x804b09c
Usage: /usr/bin/grep [OPTION]... PATTERN [FILE]...
Try '/usr/bin/grep --help' for more information.
8048ca0: 83 ec 08 sub $0x8,%esp
8048ca3: 68 00 01 00 00 push $0x100
8048ca8: 68 9e b1 04 08 push $0x804b19e
8048cad: e8 cf fb ff ff call 8048881 <gmon_start@plt+0x161>
8048cb2: 83 c4 10 add $0x10,%esp
8048cb5: 83 ec 08 sub $0x8,%esp
8048cb8: 6a 41 push $0x41
8048cba: 68 9c b0 04 08 push $0x804b09c
Usage: /usr/bin/grep [OPTION]... PATTERN [FILE]...
Try '/usr/bin/grep --help' for more information.
8048c9b: e8 8b fb ff ff call 804882b <gmon_start@plt+0x10b>
8048ca0: 83 ec 08 sub $0x8,%esp
8048ca3: 68 00 01 00 00 push $0x100
8048ca8: 68 9e b1 04 08 push $0x804b19e
8048cad: e8 cf fb ff ff call 8048881 <gmon_start@plt+0x161>
8048cb2: 83 c4 10 add $0x10,%esp
8048cb5: 83 ec 08 sub $0x8,%esp
8048cb8: 6a 41 push $0x41
8048cba: 68 9c b0 04 08 push $0x804b09c
Usage: /usr/bin/grep [OPTION]... PATTERN [FILE]...
Try '/usr/bin/grep --help' for more information.
[-] Error, function call previous first call of arc4() hasn't been identified...
`
The text was updated successfully, but these errors were encountered: