why is PWD size zero ? is it a bug?
chenmin1992 opened this issue · 4 comments
[] Input file name to decrypt [lpz]
[+] ARC4 address call candidate : [0x400e20]
[] Extracting each args address and size for the 14 arc4() calls with address [0x400e20]...
[0] Working with var address at offset [0x6022be] (0x2a bytes)
[1] Working with var address at offset [0x6022b0] (0x1 bytes)
[2] Working with var address at offset [0x6022b3] (0xa bytes)
[3] Working with var address at offset [0x6022ee] (0x3 bytes)
[4] Working with var address at offset [0x6022f1] (0xf bytes)
[5] Working with var address at offset [0x61571f] (0x1 bytes)
[6] Working with var address at offset [0x602297] (0x16 bytes)
[7] Working with var address at offset [0x60224d] (0x16 bytes)
[8] Working with var address at offset [0x60227e] (0x13 bytes)
[9] Working with var address at offset [0x60224a] (0x1 bytes)
[10] Working with var address at offset [0x602294] (0x1 bytes)
[11] Working with var address at offset [0x6057b8] (0xec4f bytes)
[12] Working with var address at offset [0x615724] (0x13 bytes)
[13] Working with var address at offset [0x602266] (0x13 bytes)
[] Extracting password...
[+] PWD address found : [0x602149]
[+] PWD size found : [0x0]
[] Executing [/tmp/UyrIjP] to decrypt [lpz]
[] Retrieving initial source code in [lpz.sh]
[] All done!
the result file lpz.sh is empty
Hello,
Thanks for these information.
To check if it's a real bug in UnSHc, can you provide me the original "lpz.sh" dans your encrypted version "lpz" please ?
Sincerely,
I have not the original script, and the encrypted one can be downloaded from here https://transfer.sh/wF6EM/lpz
Hello,
Sorry for the delay.
I have analyzed your "lpz" file and found why the PWD SIZE was "0".
A patch has been applied to UnSHc, so a new version was commited.
The UnSHc v0.8 works with your file. Can you try it and inform me if it works ?
Thank you for this use case and the "sample" script, the bug is now fixed.
Sincerely,