Comments (4)
Anyone?
from unshc.
Hello,
Sorry for the late response.
I haven't any good solution for this case where the -r
option was missing initialy.
UnSHc doesn't seem to be able to recover this kind of encrypted file not-relaxed.
Unfortunately I do not have time right now to dig into this problem.
But I encourage you to try to reverse manually your binary, to understand precisly "what do SHc without the -r
parameter ?".
Recently I've written an article in a french-cybersecurity oriented magazine about UnSHc, with all the detailled process to do it manually. You can try this way :
- Part 1 : https://www.miscmag.com/unshc-dechiffrer-des-scripts-sh-compiles-et-chiffres-par-shc-partie-12/
- Part 2 : https://www.miscmag.com/unshc-dechiffrer-des-scripts-sh-compiles-et-chiffres-par-shc-partie-22/
Sincerely,
from unshc.
from unshc.
SHC relax feature (variable rlax
on the sources) does use as an encryption/decryption the attributes of the file (/usr/bin/sh
or /usr/bin/bash
or else is your system use a different shell), by attributes i mean file size, date etc.
memset(control, 0, sizeof(control));
control->st_ino = statf->st_ino;
control->st_dev = statf->st_dev;
control->st_rdev = statf->st_rdev;
control->st_uid = statf->st_uid;
control->st_gid = statf->st_gid;
control->st_size = statf->st_size;
control->st_mtime = statf->st_mtime;
control->st_ctime = statf->st_ctime;
Control variable is then used to generate the key... so if you enable the the -r
option that key won't be used otherwise your shell executable need to be the exact same while you built your sh script (even ctime
, not just the file version)
In short in order for you to recover your file you need to restore /usr/bin/bash
or /usr/bin/sh
with the exact same attributes as the time you built your sh script on.
Additional note.
from unshc.
Related Issues (20)
- unshc on Mac doesn´t seem to work HOT 7
- Won't work :-( HOT 7
- ARM64 Can not run. HOT 1
- PLEASE HELP ME I GOT THIS ERROR HOT 1
- Error on debian and centos6 unshc.sh: line 713: /tmp/ALoyWM: Permission denied HOT 7
- problem with raspberry pi HOT 1
- Hello, I can't decrypt arc4. I tried two versions of decryption script with almost the same tips. How can I solve this problem? HOT 5
- syntax error near unexpected token `newline' HOT 1
- Unable to decrypt - files attached HOT 3
- not working with HOT 3
- unshc Stuck at [11] Working with var address at offset [0x6025e2] (0x187f8 bytes) HOT 1
- Can´t encrypt HOT 1
- Error on my Project HOT 1
- Unable to unshc a simple encrypted script HOT 2
- nable to extract addresses of 14 arc4 args with ARC4 address call [0x4005d0]... HOT 3
- Important Note HOT 1
- descrypt file
- Unable to define arc4() call address HOT 4
- ELF-64bit shared object Unable to define arc4() call address HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from unshc.