#!/usr/bin/env python
# encoding:utf-8
from socket import *
from ctypes import create_string_buffer
from struct import *
import sysconfig
import random
from ctypes.wintypes import byte
from msilib import datasizemask
from _ctypes import sizeof
from random import randint
from time import sleep
codec = ‘utf-8’
global recvbufsiz
global m_wrecvsize
global m_cbsendround #发送字节映射
global m_cbrecvround #接收字节映射
global m_dwsendxorkey #发送密钥
global m_dwrecvxorkey #接收密钥
m_cbsendround = 0
m_cbrecvround = 0
recvbufsiz = 16384
m_wrecvsize = 0
m_cbsendround = 0 #发送字节映射
m_cbrecvround = 0 #接收字节映射
m_dwsendxorkey = 0 #发送密钥
m_dwrecvxorkey = 0 #接收密钥
def sendlogonpacket(addr,sendbuff):
global recvbufsiz
cs = socket(af_inet, sock_stream)
cs.connect(addr)
cs.send(sendbuff)
lennum = len( cs.recv(recvbufsiz))
cs.close()
return lennum
def md5(str1):
import hashlib
m = hashlib.md5()
m.update(str1)
str1 = m.hexdigest()
return str1.upper()
def a2u(buff1,str1,start):
i=0
for letter in str1:
pack_into(“b”,buff1,start+i,ord(letter))
i += 2
def mapsendbyte (byte):
global m_cbsendround
index = byte + m_cbsendround
b = g_sendbytemap[index % 0x100]
m_cbsendround += 3
return b
def maprecvbyte (byte):
global m_cbrecvround
b = g_recvbytemap[byte] – m_cbrecvround
b = b % 0x100
m_cbrecvround += 3
return b
def seedrandmap(wseed):
num = int(wseed)
num = ( num * 241103 + 2533101 ) >> 16
return ((num | int(0xffff0000)) -0xffff0000) #返回一个word类型
def crevassebuffer(buff,wdatasize):
global dwxorkey
global m_dwsendxorkey
global m_dwrecvxorkey
i = 0
while i < wdatasize:
print hex(ord (buff[i])),
i += 1
dwxorkey = m_dwrecvxorkey
if (((wdatasize -4) % 4 ) != 0):
print "recv data error"
exit()
wencrypcount = (wdatasize - 4) /4
#解密数据
i = 0
j = 4 #排除cmd_info,从cmd_command起
k = 4
while i < (wencrypcount):
wseed = (unpack_from("h",buff,k)[0])
k += 2
dwxorkey = seedrandmap(wseed)
dwxorkey |= int( seedrandmap(unpack_from ("h", buff, k)[0]) )