UnSHc
UnSHc copied to clipboard
Published
20 hours ago •
yanncam
yanncam
Error on my Project
Hi have see error on test in project.
bash -x unshc.sh mytest
+ VERSION=0.8
++ which objdump
+ OBJDUMP=/usr/bin/objdump
++ which grep
+ GREP=/usr/bin/grep
++ which cut
+ CUT=/usr/bin/cut
++ which shred
+ SHRED=/usr/bin/shred
++ which uniq
+ UNIQ=/usr/bin/uniq
++ which sort
+ SORT=/usr/bin/sort
++ which gcc
+ GCC=/usr/bin/gcc
++ which wc
+ WC=/usr/bin/wc
++ which awk
+ AWK=/usr/bin/awk
++ which sed
+ SED=/usr/bin/sed
++ which tr
+ TR=/usr/bin/tr
++ which head
+ HEAD=/usr/bin/head
++ which tail
+ TAIL=/usr/bin/tail
+ BINARY=
++ mktemp /tmp/XXXXXX
+ TMPBINARY=/tmp/XbLH3c
+ DUMPFILE=
+ STRINGFILE=
++ mktemp /tmp/XXXXXX
+ CALLFILE=/tmp/toqAgr
++ mktemp /tmp/XXXXXX
+ CALLADDRFILE=/tmp/iPrMJZ
++ mktemp /tmp/XXXXXX
+ CALLSIZEFILE=/tmp/DXRuaq
+ declare -A LISTOFCALL
+ j=0
+ echo ' _ _ _____ _ _ '
_ _ _____ _ _
+ echo '| | | | / ___| | | | '
| | | | / ___| | | |
+ echo '| | | |_ __ \ `--.| |_| | ___ '
| | | |_ __ \ `--.| |_| | ___
+ echo '| | | | '\''_ \ `--. \ _ |/ __|'
| | | | '_ \ `--. \ _ |/ __|
+ echo '| |_| | | | /\__/ / | | | (__ '
| |_| | | | /\__/ / | | | (__
+ echo ' \___/|_| |_\____/\_| |_/\___|'
\___/|_| |_\____/\_| |_/\___|
+ echo
+ echo '--- UnSHc - The shc decrypter.'
--- UnSHc - The shc decrypter.
+ echo '--- Version: 0.8'
--- Version: 0.8
+ echo ------------------------------
------------------------------
+ echo 'UnSHc is used to decrypt script encrypted with SHc'
UnSHc is used to decrypt script encrypted with SHc
+ echo 'Original idea from Luiz Octavio Duarte (LOD)'
Original idea from Luiz Octavio Duarte (LOD)
+ echo 'Updated and modernized by Yann CAM'
Updated and modernized by Yann CAM
+ echo '- SHc : [http://www.datsi.fi.upm.es/~frosal/]'
- SHc : [http://www.datsi.fi.upm.es/~frosal/]
+ echo '- UnSHc : [https://www.asafety.fr/unshc-the-shc-decrypter/]'
- UnSHc : [https://www.asafety.fr/unshc-the-shc-decrypter/]
+ echo ------------------------------
------------------------------
+ echo
+ '[' 1 -lt 1 ']'
+ check_binaries
+ '[' '!' -x /usr/bin/objdump ']'
+ '[' '!' -x /usr/bin/grep ']'
+ '[' '!' -x /usr/bin/cut ']'
+ '[' '!' -x /usr/bin/shred ']'
+ '[' '!' -x /usr/bin/uniq ']'
+ '[' '!' -x /usr/bin/sort ']'
+ '[' '!' -x /usr/bin/gcc ']'
+ '[' '!' -x /usr/bin/wc ']'
++ getopt -o h,a:,d:,s:,o: -l help,arc4:,dumpfile:,stringfile:,outputfile: -- mytest
+ OPTS=' -- '\''mytest'\'''
+ '[' 0 '!=' 0 ']'
+ '[' 1 -gt 0 ']'
+ case "$1" in
+ echo '[*] Input file name to decrypt [mytest]'
[*] Input file name to decrypt [mytest]
+ BINARY=mytest
+ shift 1
+ '[' 0 -gt 0 ']'
+ '[' '!' -e mytest ']'
+ '[' -z '' ']'
++ mktemp /tmp/XXXXXX
+ DUMPFILE=/tmp/A21aQo
+ '[' -z '' ']'
++ mktemp /tmp/XXXXXX
+ STRINGFILE=/tmp/5XRbi5
+ generate_dump
+ /usr/bin/objdump -D mytest
+ /usr/bin/objdump -s mytest
+ c=1
+ '[' -z '' ']'
++ /usr/bin/wc -l
+ [[ 0 -ne 14 ]]
+ extract_arc4_call_addr 1
+ TAILNUMBER=1
++ /usr/bin/grep -Eo 'call.*[0-9a-f]{6,}' /tmp/A21aQo
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/uniq -c
++ /usr/bin/sort
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/grep -Eo '(14).*[0-9a-f]{6,}'
++ /usr/bin/sort
+ CALLADDRS='14425f0e
403310
403780
409fb6
407b50
407799'
++ wc -l
+ TAILMAX=6
++ echo '14425f0e
403310
403780
409fb6
407b50
407799'
++ /usr/bin/sed 's/ /\n/g'
++ /usr/bin/head -n 1
++ /usr/bin/tail -n 1
+ CALLADDR=407799
+ [[ -z 407799 ]]
+ [[ 1 -gt 6 ]]
+ echo '[+] ARC4 address call candidate : [0x407799]'
[+] ARC4 address call candidate : [0x407799]
+ extract_variables_from_binary
+ echo '[*] Extracting each args address and size for the 14 arc4() calls with address [0x407799]...'
[*] Extracting each args address and size for the 14 arc4() calls with address [0x407799]...
+ i=2
++ /usr/bin/wc -l
+ [[ 0 -ne 14 ]]
+ /usr/bin/grep -B 2 'call.*407799' /tmp/A21aQo
+ /usr/bin/grep -v 407799
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=3
+ '[' 3 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 299 -ne 14 ]]
+ /usr/bin/grep -B 3 'call.*407799' /tmp/A21aQo
+ /usr/bin/grep -v 407799
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=4
+ '[' 4 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 300 -ne 14 ]]
+ /usr/bin/grep -B 4 'call.*407799' /tmp/A21aQo
+ /usr/bin/grep -v 407799
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=5
+ '[' 5 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 310 -ne 14 ]]
+ /usr/bin/grep -B 5 'call.*407799' /tmp/A21aQo
+ /usr/bin/grep -v 407799
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=6
+ '[' 6 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 316 -ne 14 ]]
+ /usr/bin/grep -B 6 'call.*407799' /tmp/A21aQo
+ /usr/bin/grep -v 407799
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=7
+ '[' 7 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 328 -ne 14 ]]
+ /usr/bin/grep -B 7 'call.*407799' /tmp/A21aQo
+ /usr/bin/grep -v 407799
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=8
+ '[' 8 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 343 -ne 14 ]]
+ /usr/bin/grep -B 8 'call.*407799' /tmp/A21aQo
+ /usr/bin/grep -v 407799
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=9
+ '[' 9 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 374 -ne 14 ]]
+ /usr/bin/grep -B 9 'call.*407799' /tmp/A21aQo
+ /usr/bin/grep -v 407799
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=10
+ '[' 10 -eq 10 ']'
+ echo '[-] Unable to extract addresses of 14 arc4 args with ARC4 address call [0x407799]...'
[-] Unable to extract addresses of 14 arc4 args with ARC4 address call [0x407799]...
+ return
+ c=2
++ /usr/bin/wc -l
+ [[ 0 -ne 14 ]]
+ extract_arc4_call_addr 2
+ TAILNUMBER=2
++ /usr/bin/grep -Eo 'call.*[0-9a-f]{6,}' /tmp/A21aQo
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/uniq -c
++ /usr/bin/sort
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/grep -Eo '(14).*[0-9a-f]{6,}'
++ /usr/bin/sort
+ CALLADDRS='14425f0e
403310
403780
409fb6
407b50
407799'
++ wc -l
+ TAILMAX=6
++ echo '14425f0e
403310
403780
409fb6
407b50
407799'
++ /usr/bin/sed 's/ /\n/g'
++ /usr/bin/tail -n 2
++ /usr/bin/head -n 1
+ CALLADDR=407b50
+ [[ -z 407b50 ]]
+ [[ 2 -gt 6 ]]
+ echo '[+] ARC4 address call candidate : [0x407b50]'
[+] ARC4 address call candidate : [0x407b50]
+ extract_variables_from_binary
+ echo '[*] Extracting each args address and size for the 14 arc4() calls with address [0x407b50]...'
[*] Extracting each args address and size for the 14 arc4() calls with address [0x407b50]...
+ i=2
++ /usr/bin/wc -l
+ [[ 394 -ne 14 ]]
+ /usr/bin/grep -B 2 'call.*407b50' /tmp/A21aQo
+ /usr/bin/grep -v 407b50
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=3
+ '[' 3 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 148 -ne 14 ]]
+ /usr/bin/grep -B 3 'call.*407b50' /tmp/A21aQo
+ /usr/bin/grep -v 407b50
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=4
+ '[' 4 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 148 -ne 14 ]]
+ /usr/bin/grep -B 4 'call.*407b50' /tmp/A21aQo
+ /usr/bin/grep -v 407b50
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=5
+ '[' 5 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 148 -ne 14 ]]
+ /usr/bin/grep -B 5 'call.*407b50' /tmp/A21aQo
+ /usr/bin/grep -v 407b50
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=6
+ '[' 6 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 148 -ne 14 ]]
+ /usr/bin/grep -B 6 'call.*407b50' /tmp/A21aQo
+ /usr/bin/grep -v 407b50
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=7
+ '[' 7 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 148 -ne 14 ]]
+ /usr/bin/grep -B 7 'call.*407b50' /tmp/A21aQo
+ /usr/bin/grep -v 407b50
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=8
+ '[' 8 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 148 -ne 14 ]]
+ /usr/bin/grep -B 8 'call.*407b50' /tmp/A21aQo
+ /usr/bin/grep -v 407b50
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=9
+ '[' 9 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 148 -ne 14 ]]
+ /usr/bin/grep -B 9 'call.*407b50' /tmp/A21aQo
+ /usr/bin/grep -v 407b50
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=10
+ '[' 10 -eq 10 ']'
+ echo '[-] Unable to extract addresses of 14 arc4 args with ARC4 address call [0x407b50]...'
[-] Unable to extract addresses of 14 arc4 args with ARC4 address call [0x407b50]...
+ return
+ c=3
++ /usr/bin/wc -l
+ [[ 0 -ne 14 ]]
+ extract_arc4_call_addr 3
+ TAILNUMBER=3
++ /usr/bin/grep -Eo 'call.*[0-9a-f]{6,}' /tmp/A21aQo
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/sort
++ /usr/bin/sort
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/uniq -c
++ /usr/bin/grep -Eo '(14).*[0-9a-f]{6,}'
+ CALLADDRS='14425f0e
403310
403780
409fb6
407b50
407799'
++ wc -l
+ TAILMAX=6
++ echo '14425f0e
403310
403780
409fb6
407b50
407799'
++ /usr/bin/sed 's/ /\n/g'
++ /usr/bin/tail -n 3
++ /usr/bin/head -n 1
+ CALLADDR=409fb6
+ [[ -z 409fb6 ]]
+ [[ 3 -gt 6 ]]
+ echo '[+] ARC4 address call candidate : [0x409fb6]'
[+] ARC4 address call candidate : [0x409fb6]
+ extract_variables_from_binary
+ echo '[*] Extracting each args address and size for the 14 arc4() calls with address [0x409fb6]...'
[*] Extracting each args address and size for the 14 arc4() calls with address [0x409fb6]...
+ i=2
++ /usr/bin/wc -l
+ [[ 148 -ne 14 ]]
+ /usr/bin/grep -B 2 'call.*409fb6' /tmp/A21aQo
+ /usr/bin/grep -v 409fb6
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=3
+ '[' 3 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 0 -ne 14 ]]
+ /usr/bin/grep -B 3 'call.*409fb6' /tmp/A21aQo
+ /usr/bin/grep -v 409fb6
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=4
+ '[' 4 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 0 -ne 14 ]]
+ /usr/bin/grep -B 4 'call.*409fb6' /tmp/A21aQo
+ /usr/bin/grep -v 409fb6
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=5
+ '[' 5 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 0 -ne 14 ]]
+ /usr/bin/grep -B 5 'call.*409fb6' /tmp/A21aQo
+ /usr/bin/grep -v 409fb6
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=6
+ '[' 6 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 1 -ne 14 ]]
+ /usr/bin/grep -B 6 'call.*409fb6' /tmp/A21aQo
+ /usr/bin/grep -v 409fb6
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=7
+ '[' 7 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 4 -ne 14 ]]
+ /usr/bin/grep -B 7 'call.*409fb6' /tmp/A21aQo
+ /usr/bin/grep -v 409fb6
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=8
+ '[' 8 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 5 -ne 14 ]]
+ /usr/bin/grep -B 8 'call.*409fb6' /tmp/A21aQo
+ /usr/bin/grep -v 409fb6
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=9
+ '[' 9 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 7 -ne 14 ]]
+ /usr/bin/grep -B 9 'call.*409fb6' /tmp/A21aQo
+ /usr/bin/grep -v 409fb6
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=10
+ '[' 10 -eq 10 ']'
+ echo '[-] Unable to extract addresses of 14 arc4 args with ARC4 address call [0x409fb6]...'
[-] Unable to extract addresses of 14 arc4 args with ARC4 address call [0x409fb6]...
+ return
+ c=4
++ /usr/bin/wc -l
+ [[ 0 -ne 14 ]]
+ extract_arc4_call_addr 4
+ TAILNUMBER=4
++ /usr/bin/grep -Eo 'call.*[0-9a-f]{6,}' /tmp/A21aQo
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/sort
++ /usr/bin/sort
++ /usr/bin/grep -Eo '(14).*[0-9a-f]{6,}'
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/uniq -c
+ CALLADDRS='14425f0e
403310
403780
409fb6
407b50
407799'
++ wc -l
+ TAILMAX=6
++ echo '14425f0e
403310
403780
409fb6
407b50
407799'
++ /usr/bin/sed 's/ /\n/g'
++ /usr/bin/head -n 1
++ /usr/bin/tail -n 4
+ CALLADDR=403780
+ [[ -z 403780 ]]
+ [[ 4 -gt 6 ]]
+ echo '[+] ARC4 address call candidate : [0x403780]'
[+] ARC4 address call candidate : [0x403780]
+ extract_variables_from_binary
+ echo '[*] Extracting each args address and size for the 14 arc4() calls with address [0x403780]...'
[*] Extracting each args address and size for the 14 arc4() calls with address [0x403780]...
+ i=2
++ /usr/bin/wc -l
+ [[ 7 -ne 14 ]]
+ /usr/bin/grep -B 2 'call.*403780' /tmp/A21aQo
+ /usr/bin/grep -v 403780
+ /usr/bin/grep -Eo '(0x[0-9a-f]{6,})'
+ i=3
+ '[' 3 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 14 -ne 14 ]]
+ i=3
++ /usr/bin/wc -l
+ [[ 0 -ne 14 ]]
+ /usr/bin/grep -B 3 'call.*403780' /tmp/A21aQo
+ /usr/bin/grep -v 403780
+ /usr/bin/grep -Ev '0x[0-9a-f]{6,}'
+ /usr/bin/grep -Eo '(0x[0-9a-f]+,)'
+ /usr/bin/grep -Eo '(0x[0-9a-f]+)'
+ i=4
+ '[' 4 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 5 -ne 14 ]]
+ /usr/bin/grep -B 4 'call.*403780' /tmp/A21aQo
+ /usr/bin/grep -v 403780
+ /usr/bin/grep -Eo '(0x[0-9a-f]+)'
+ /usr/bin/grep -Eo '(0x[0-9a-f]+,)'
+ /usr/bin/grep -Ev '0x[0-9a-f]{6,}'
+ i=5
+ '[' 5 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 6 -ne 14 ]]
+ /usr/bin/grep -B 5 'call.*403780' /tmp/A21aQo
+ /usr/bin/grep -v 403780
+ /usr/bin/grep -Eo '(0x[0-9a-f]+)'
+ /usr/bin/grep -Ev '0x[0-9a-f]{6,}'
+ /usr/bin/grep -Eo '(0x[0-9a-f]+,)'
+ i=6
+ '[' 6 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 7 -ne 14 ]]
+ /usr/bin/grep -B 6 'call.*403780' /tmp/A21aQo
+ /usr/bin/grep -v 403780
+ /usr/bin/grep -Eo '(0x[0-9a-f]+)'
+ /usr/bin/grep -Ev '0x[0-9a-f]{6,}'
+ /usr/bin/grep -Eo '(0x[0-9a-f]+,)'
+ i=7
+ '[' 7 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 11 -ne 14 ]]
+ /usr/bin/grep -B 7 'call.*403780' /tmp/A21aQo
+ /usr/bin/grep -v 403780
+ /usr/bin/grep -Eo '(0x[0-9a-f]+)'
+ /usr/bin/grep -Eo '(0x[0-9a-f]+,)'
+ /usr/bin/grep -Ev '0x[0-9a-f]{6,}'
+ i=8
+ '[' 8 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 12 -ne 14 ]]
+ /usr/bin/grep -B 8 'call.*403780' /tmp/A21aQo
+ /usr/bin/grep -v 403780
+ /usr/bin/grep -Eo '(0x[0-9a-f]+,)'
+ /usr/bin/grep -Ev '0x[0-9a-f]{6,}'
+ /usr/bin/grep -Eo '(0x[0-9a-f]+)'
+ i=9
+ '[' 9 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 16 -ne 14 ]]
+ /usr/bin/grep -B 9 'call.*403780' /tmp/A21aQo
+ /usr/bin/grep -v 403780
+ /usr/bin/grep -Eo '(0x[0-9a-f]+,)'
+ /usr/bin/grep -Eo '(0x[0-9a-f]+)'
+ /usr/bin/grep -Ev '0x[0-9a-f]{6,}'
+ i=10
+ '[' 10 -eq 10 ']'
+ echo '[-] Unable to extract sizes of 14 arc4 args with ARC4 address call [0x403780]...'
[-] Unable to extract sizes of 14 arc4 args with ARC4 address call [0x403780]...
+ return
+ c=5
++ /usr/bin/wc -l
+ [[ 17 -ne 14 ]]
+ extract_arc4_call_addr 5
+ TAILNUMBER=5
++ /usr/bin/grep -Eo 'call.*[0-9a-f]{6,}' /tmp/A21aQo
++ /usr/bin/sort
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/sort
++ /usr/bin/grep -Eo '(14).*[0-9a-f]{6,}'
++ /usr/bin/grep -Eo '[0-9a-f]{6,}'
++ /usr/bin/uniq -c
+ CALLADDRS='14425f0e
403310
403780
409fb6
407b50
407799'
++ wc -l
+ TAILMAX=6
++ echo '14425f0e
403310
403780
409fb6
407b50
407799'
++ /usr/bin/sed 's/ /\n/g'
++ /usr/bin/tail -n 5
++ /usr/bin/head -n 1
+ CALLADDR=403310
+ [[ -z 403310 ]]
+ [[ 5 -gt 6 ]]
+ echo '[+] ARC4 address call candidate : [0x403310]'
[+] ARC4 address call candidate : [0x403310]
+ extract_variables_from_binary
+ echo '[*] Extracting each args address and size for the 14 arc4() calls with address [0x403310]...'
[*] Extracting each args address and size for the 14 arc4() calls with address [0x403310]...
+ i=2
++ /usr/bin/wc -l
+ [[ 14 -ne 14 ]]
+ i=3
++ /usr/bin/wc -l
+ [[ 17 -ne 14 ]]
+ /usr/bin/grep -B 3 'call.*403310' /tmp/A21aQo
+ /usr/bin/grep -v 403310
+ /usr/bin/grep -Eo '(0x[0-9a-f]+)'
+ /usr/bin/grep -Eo '(0x[0-9a-f]+,)'
+ /usr/bin/grep -Ev '0x[0-9a-f]{6,}'
+ i=4
+ '[' 4 -eq 10 ']'
++ /usr/bin/wc -l
+ [[ 14 -ne 14 ]]
+ IFS='
'
+ read -d '' -r -a LISTOFADDR
+ IFS='
'
+ read -d '' -r -a LISTOFSIZE
+ (( x = 0 ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x1
+ echo -e '\t[0] Working with var address at offset [0x470040] (0x1 bytes)'
[0] Working with var address at offset [0x470040] (0x1 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=2
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 1 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_MSG1=
+ VAR_MSG1_Z=0x1
+ j=1
+ (( x = x+1 ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x0
+ echo -e '\t[1] Working with var address at offset [0x470040] (0x0 bytes)'
[1] Working with var address at offset [0x470040] (0x0 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=2
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 1 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_DATE=
+ VAR_DATE_Z=0x0
+ j=2
+ (( x = x+1 ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x1
+ echo -e '\t[2] Working with var address at offset [0x470040] (0x1 bytes)'
[2] Working with var address at offset [0x470040] (0x1 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=2
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 1 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_SHLL=
+ VAR_SHLL_Z=0x1
+ j=3
+ (( x = x+1 ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x4
+ echo -e '\t[3] Working with var address at offset [0x470040] (0x4 bytes)'
[3] Working with var address at offset [0x470040] (0x4 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=2
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 1 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_INLO=
+ VAR_INLO_Z=0x4
+ j=4
+ (( x = x+1 ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x25
+ echo -e '\t[4] Working with var address at offset [0x470040] (0x25 bytes)'
[4] Working with var address at offset [0x470040] (0x25 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=4
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 3 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/sed -e s:T::g
++ /usr/bin/tr '\n' T
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_XECC=
+ VAR_XECC_Z=0x25
+ j=5
+ (( x = x+1 ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x1000
+ echo -e '\t[5] Working with var address at offset [0x470040] (0x1000 bytes)'
[5] Working with var address at offset [0x470040] (0x1000 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=258
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 257 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_LSTO=
+ VAR_LSTO_Z=0x1000
+ j=6
+ (( x = x+1 ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x1000
+ echo -e '\t[6] Working with var address at offset [0x470040] (0x1000 bytes)'
[6] Working with var address at offset [0x470040] (0x1000 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=258
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 257 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_TST1=
+ VAR_TST1_Z=0x1000
+ j=7
+ (( x = x+1 ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x30
+ echo -e '\t[7] Working with var address at offset [0x470040] (0x30 bytes)'
[7] Working with var address at offset [0x470040] (0x30 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=5
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 4 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_CHK1=
+ VAR_CHK1_Z=0x30
+ j=8
+ (( x = x+1 ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x57
+ echo -e '\t[8] Working with var address at offset [0x470040] (0x57 bytes)'
[8] Working with var address at offset [0x470040] (0x57 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=7
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 6 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_MSG2=
+ VAR_MSG2_Z=0x57
+ j=9
+ (( x = x+1 ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x4
+ echo -e '\t[9] Working with var address at offset [0x470040] (0x4 bytes)'
[9] Working with var address at offset [0x470040] (0x4 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=2
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 1 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_RLAX=
+ VAR_RLAX_Z=0x4
+ j=10
+ (( x = x+1 ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x30
+ echo -e '\t[10] Working with var address at offset [0x470040] (0x30 bytes)'
[10] Working with var address at offset [0x470040] (0x30 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=5
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 4 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/sed -e s:T::g
++ /usr/bin/tr '\n' T
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_OPTS=
+ VAR_OPTS_Z=0x30
+ j=11
+ (( x = x+1 ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x18
+ echo -e '\t[11] Working with var address at offset [0x470040] (0x18 bytes)'
[11] Working with var address at offset [0x470040] (0x18 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=3
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 2 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_TEXT=
+ VAR_TEXT_Z=0x18
+ j=12
+ (( x = x+1 ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x0
+ echo -e '\t[12] Working with var address at offset [0x470040] (0x0 bytes)'
[12] Working with var address at offset [0x470040] (0x0 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=2
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 1 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_TST2=
+ VAR_TST2_Z=0x0
+ j=13
+ (( x = x+1 ))
+ (( x < 14 ))
+ i=0x470040
+ NBYTES=0x0
+ echo -e '\t[13] Working with var address at offset [0x470040] (0x0 bytes)'
[13] Working with var address at offset [0x470040] (0x0 bytes)
++ echo 0x470040
++ /usr/bin/cut -d x -f 2
+ KEY=470040
+ NLINES=2
+ let LASTBYTE=0x0
++ /usr/bin/grep -A 1 -E '^ 470040 ' /tmp/5XRbi5
++ /usr/bin/awk '{ print $2$3$4$5}'
++ /usr/bin/tr '\n' T
++ /usr/bin/sed -e s:T::g
+ STRING=
+ STRING=
+ STRING=
+ FINALSTRING=
+ (( i = 0 ))
+ (( i < 0 ))
+ define_variable
+ case "$j" in
+ VAR_CHK2=
+ VAR_CHK2_Z=0x0
+ j=14
+ (( x = x+1 ))
+ (( x < 14 ))
+ c=6
++ /usr/bin/wc -l
+ [[ 14 -ne 14 ]]
+ extract_password_from_binary
+ echo '[*] Extracting password...'
[*] Extracting password...
+ KEY_ADDR=
+ KEY_SIZE=
+ i=5
+ [[ -z '' ]]
+ /usr/bin/grep -B 5 -m 1 'call.*403310' /tmp/A21aQo
+ /usr/bin/grep -v 403310
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -oE '0x[0-9a-z]{6,}+'
++ /usr/bin/head -n 1
+ KEY_ADDR=
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -v ''
++ /usr/bin/grep -oE '0x[0-9a-z]+'
++ /usr/bin/head -n 1
++ /usr/bin/grep -v movb
+ KEY_SIZE=
+ i=6
+ '[' 6 -eq 10 ']'
+ [[ -z '' ]]
+ /usr/bin/grep -B 6 -m 1 'call.*403310' /tmp/A21aQo
+ /usr/bin/grep -v 403310
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -oE '0x[0-9a-z]{6,}+'
++ /usr/bin/head -n 1
+ KEY_ADDR=
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -v ''
++ /usr/bin/grep -v movb
++ /usr/bin/grep -oE '0x[0-9a-z]+'
++ /usr/bin/head -n 1
+ KEY_SIZE=
+ i=7
+ '[' 7 -eq 10 ']'
+ [[ -z '' ]]
+ /usr/bin/grep -B 7 -m 1 'call.*403310' /tmp/A21aQo
+ /usr/bin/grep -v 403310
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -oE '0x[0-9a-z]{6,}+'
++ /usr/bin/head -n 1
+ KEY_ADDR=
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -v ''
++ /usr/bin/grep -v movb
++ /usr/bin/head -n 1
++ /usr/bin/grep -oE '0x[0-9a-z]+'
+ KEY_SIZE=
+ i=8
+ '[' 8 -eq 10 ']'
+ [[ -z '' ]]
+ /usr/bin/grep -B 8 -m 1 'call.*403310' /tmp/A21aQo
+ /usr/bin/grep -v 403310
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -oE '0x[0-9a-z]{6,}+'
++ /usr/bin/head -n 1
+ KEY_ADDR=
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -v movb
++ /usr/bin/grep -v ''
++ /usr/bin/head -n 1
++ /usr/bin/grep -oE '0x[0-9a-z]+'
+ KEY_SIZE=
+ i=9
+ '[' 9 -eq 10 ']'
+ [[ -z '' ]]
+ /usr/bin/grep -B 9 -m 1 'call.*403310' /tmp/A21aQo
+ /usr/bin/grep -v 403310
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -oE '0x[0-9a-z]{6,}+'
++ /usr/bin/head -n 1
+ KEY_ADDR=
++ /usr/bin/grep -B 3 -m 1 call /tmp/toqAgr
++ /usr/bin/grep mov
++ /usr/bin/grep -v movb
++ /usr/bin/grep -v ''
++ /usr/bin/grep -oE '0x[0-9a-z]+'
++ /usr/bin/head -n 1
+ KEY_SIZE=
+ i=10
+ '[' 10 -eq 10 ']'
+ echo '[-] Error, function call previous first call of arc4() hasn'\''t been identified...'
[-] Error, function call previous first call of arc4() hasn't been identified...
+ exit_error
+ clean
+ /usr/bin/shred -zu -n 1 /tmp/A21aQo /tmp/toqAgr /tmp/iPrMJZ /tmp/DXRuaq /tmp/5XRbi5 /tmp/XbLH3c /tmp/XbLH3c.c
+ exit 1
Hello,
Which version of shc do you use ? Please read : https://github.com/yanncam/UnSHc/issues/31
Sincerely,
