├── flawedammy
    ├── ammy_crypt
    │   ├── Makefile
    │   ├── wrap.cpp
    │   ├── main.cpp
    │   ├── RLEncryptor02.h
    │   └── RLEncryptor02.cpp
    ├── howto.txt
    ├── ammycrypt.py
    └── decoder.py
├── README.md
├── gozi
    ├── gozi_version.py
    ├── isfb_joiner.py
    ├── iap_joiner.py
    ├── dreambot_joiner.py
    ├── all_joiner.py
    └── aplib.py
├── goziv3
    ├── gozi_version.py
    ├── decoder.py
    ├── dream_decoder.py
    ├── allv3_decoder.py
    ├── aplib.py
    └── serpent2.py
├── vidar
    └── decoder.py
├── LICENSE
├── quant
    └── quant_decoder.py
├── sample_hashes.txt
├── satanransom
    ├── satan_embed.py
    ├── nrv2b.py
    └── satan_loader.py
├── marcher
    └── decoder.py
├── sageransom
    ├── sage.py
    └── chacha.py
├── loki
    └── loki.py
└── cs_beacon
    └── proper_beacon_decoder.py


/flawedammy/ammy_crypt/Makefile:
--------------------------------------------------------------------------------
1 | all: RLEncryptor02.cpp
2 | 	g++ -c -Wall -fpic RLEncryptor02.cpp
3 | 	g++ -shared -o rlcrypt.so RLEncryptor02.o
4 | 


--------------------------------------------------------------------------------
/flawedammy/howto.txt:
--------------------------------------------------------------------------------
1 | Build the shared object in ammy_crypt which is basically just the RLDecryptor from ammyadmin leaked source code which gets wrapped in a python API and used by the python decode script.
2 | 
3 | 
4 | 
5 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # malware_decoders
2 | Static based decoders for malware samples
3 | 
4 | 
5 | Attribution is important, if I've failed to attribute some code from you then shoot me a message so I can correct it. If you end up using some of my code feel free to, just attribute appropriately.
6 | 
7 | Want to say thanks? Donate to charity: water (https://www.charitywater.org/)
8 | 


--------------------------------------------------------------------------------
/flawedammy/ammy_crypt/wrap.cpp:
--------------------------------------------------------------------------------
 1 | #include "RLEncryptor02.h"
 2 | #include <iostream>
 3 | #include <fstream>
 4 | 
 5 | using namespace std;
 6 | 
 7 | typedef unsigned char BYTE;
 8 | 
 9 | extern "C" int decode(unsigned char *key, int size, unsigned char *data);
10 | 
11 | extern "C" int decode(unsigned char *key, int size, unsigned char *data)
12 | {
13 | 	RLEncryptor02 enc;
14 | 	enc.SetKey(key, false);
15 | 	enc.Decrypt(data, size);
16 | 
17 | 
18 | 	return 0;
19 | }
20 | 


--------------------------------------------------------------------------------
/flawedammy/ammycrypt.py:
--------------------------------------------------------------------------------
 1 | '''
 2 | Written by Jason Reaves - @sysopfb
 3 | Free to use, attribute properly.
 4 | '''
 5 | from ctypes import *
 6 | import binascii
 7 | import sys
 8 | 
 9 | 
10 | rlcrypt = cdll.LoadLibrary('./rlcrypt.so')
11 | 
12 | def ammy_decrypt(key, data):
13 | 	buf = create_string_buffer(data)
14 | 	cb = c_int(len(buf))
15 | 	keybuf = create_string_buffer(key)
16 | 	retval = rlcrypt.decode(byref(buf), cb, keybuf)
17 | 	return buf.raw
18 | 
19 | if __name__ == "__main__":
20 | 	data = open(sys.argv[1], 'rb').read()
21 | 	key = binascii.unhexlify('6b2f3da798926116a63f187b9891e0d4bc5a6382')
22 | 	t = ammy_decrypt(key,data)
23 | 
24 | 
25 | 


--------------------------------------------------------------------------------
/gozi/gozi_version.py:
--------------------------------------------------------------------------------
 1 | '''
 2 | Written by Jason Reaves - @sysopfb
 3 | Free to use, attribute properly.
 4 | 
 5 | '''
 6 | import yara
 7 | import sys
 8 | import struct
 9 | 
10 | rules = yara.compile(source='rule gozi_ver {strings: $a1 = {50 68 ?? ?? ?? 00 6a 0?} condition: all of them }')
11 | 
12 | 
13 | def get_gozi_ver(data):
14 | 	ver = None
15 | 	matches = rules.match(data=data)
16 | 	if matches != []:
17 | 		matches = matches[0].strings
18 | 		temp = matches[0][2]
19 | 		(dc,dc,ver) = struct.unpack_from('<BBI', temp)
20 | 	return ver
21 | 
22 | if __name__ == "__main__":
23 | 	data = open(sys.argv[1], 'rb').read()
24 | 	t = get_gozi_ver(data)
25 | 	print(t)
26 | 


--------------------------------------------------------------------------------
/goziv3/gozi_version.py:
--------------------------------------------------------------------------------
 1 | '''
 2 | Written by Jason Reaves - @sysopfb
 3 | Free to use, attribute properly.
 4 | 
 5 | '''
 6 | 
 7 | import yara
 8 | import sys
 9 | import struct
10 | 
11 | rules = yara.compile(source='rule gozi_ver {strings: $a1 = {50 68 ?? ?? ?? 00 6a 0?} condition: all of them }')
12 | 
13 | 
14 | def get_gozi_ver(data):
15 | 	ver = None
16 | 	matches = rules.match(data=data)
17 | 	if matches != []:
18 | 		matches = matches[0].strings
19 | 		temp = matches[0][2]
20 | 		(dc,dc,ver) = struct.unpack_from('<BBI', temp)
21 | 	return ver
22 | 
23 | if __name__ == "__main__":
24 | 	data = open(sys.argv[1], 'rb').read()
25 | 	t = get_gozi_ver(data)
26 | 	print(t)
27 | 


--------------------------------------------------------------------------------
/vidar/decoder.py:
--------------------------------------------------------------------------------
 1 | '''
 2 | Written by Jason Reaves - @sysopfb
 3 | Free to use, attribute properly.
 4 | 
 5 | '''
 6 | import re
 7 | import yara
 8 | import sys
 9 | 
10 | 
11 | def decoder(data):
12 | 	doms = []
13 | 	version = None
14 | 	post_val = None
15 | 	t = re.findall('''AZ\x00\x00KZ\x00\x00UZ\x00\x00BY\x00\x00RU\x00\x00[\x00-\xff]{50}''', data)
16 | 	test = t[0].split('\x00')
17 | 	test = [x for x in test if len(x) >2]
18 | 	if len(test) > 1:
19 | 		dom1 = bytearray(test[0])
20 | 		key1 = bytearray(test[1])
21 | 		for i in range(len(dom1)):
22 | 			dom1[i] ^= key1[i%len(key1)]
23 | 		doms.append(str(dom1))
24 | 		test = test[2:]
25 | 		for val in test:
26 | 			if len(val) > 2 and '.' in val:
27 | 				version = val
28 | 			elif re.match('''^\d+$''', val):
29 | 				post_val = val
30 | 
31 | 	return({'c2s': ','.join(doms), 'version': str(version), 'uri': str(post_val)})
32 | 
33 | 
34 | if __name__ == "__main__":
35 | 	data = open(sys.argv[1], 'rb').read()
36 | 	t = decoder(data)
37 | 	print(t)
38 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2019 
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/flawedammy/ammy_crypt/main.cpp:
--------------------------------------------------------------------------------
 1 | #include "RLEncryptor02.h"
 2 | #include <iostream>
 3 | #include <fstream>
 4 | 
 5 | using namespace std;
 6 | 
 7 | typedef unsigned char BYTE;
 8 | 
 9 | static UINT8 Settings_key_v3[20] = { 0x6b,0x2f,0x3d,0xa7, 0x98,0x92,0x61,0x16, 0xa6,0x3f,0x18,0x7b, 0x98,0x91,0xe0,0xd4, 0xbc,0x5a,0x63,0x82};
10 | //static UINT8 Settings_key_v3[20] = { 0x5B,0x2f,0x1A,0xA7, 0x98,0x7E,0x43,0x16, 0xA6,0x05b,0x18,0x7B, 0x98,0x91,0xC0,0xD4, 0xBC,0x5A,0x95,0x73 };
11 | 
12 | int main()
13 | {
14 | 	streampos size;
15 | 	RLEncryptor02 enc;
16 | 	char *memblock;
17 | 	ifstream file("data.bin", ios::in|ios::binary|ios::ate);
18 | 	if(file.is_open())
19 | 	{
20 | 		size = file.tellg();
21 | 		memblock = new char [size];
22 | 		file.seekg(0,ios::beg);
23 | 		file.read(memblock, size);
24 | 		file.close();
25 | 		enc.SetKey(Settings_key_v3, false);
26 | 		enc.Decrypt((BYTE*)memblock, size);
27 | 
28 | 		ofstream outfile("out.bin", ios::out | ios::app | ios::binary);
29 | 		if(outfile.is_open())
30 | 		{
31 | 			outfile.write(memblock, size);
32 | 			outfile.close();
33 | 		} else cout << "Unable to open file for writing" << endl;
34 | 	} else cout << "Unable to open file for reading" << endl;
35 | 
36 | 
37 | 	return 0;
38 | }
39 | 


--------------------------------------------------------------------------------
/quant/quant_decoder.py:
--------------------------------------------------------------------------------
 1 | '''
 2 | Written by Jason Reaves - @sysopfb
 3 | Free to use, attribute properly.
 4 | 
 5 | '''
 6 | import pefile
 7 | import sys
 8 | import re
 9 | 
10 | def is_printable_string(a1):
11 | 	return all(ord(char) < 128 for char in a1)
12 | 
13 | def s_decode(key, a1):
14 | 	ret = ""
15 | 	for i in range(len(a1)):
16 | 		ret += chr((a1[i] - key[i % len(key) ] & 0xff))
17 | 	return ret
18 | 		
19 | 
20 | def decoder(pe_data):
21 | 	pe = pefile.PE(data=pe_data)
22 | 	conf = {}
23 | 	data_sect = None
24 | 	urls = []
25 | 	strings = []
26 | 	for sect in pe.sections:
27 | 		if '.data' in sect.Name:
28 | 			data_sect = sect.get_data()
29 | 	if data_sect != None:
30 | 		matches = re.findall('''[a-f0-9]{32}''', data_sect)
31 | 		if matches == []:
32 | 			print("No key matches found")
33 | 		else:
34 | 			key = bytearray(matches[0][1:]+'\x00')
35 | 			items = re.split('\x00+', data_sect)
36 | 			items = filter(lambda x: len(x) > 1, items)
37 | 			for s in items:
38 | 				temp = s_decode(key,bytearray(s))
39 | 				strings.append(temp)
40 | 				if 'http://' in temp or 'https://' in temp:
41 | 					urls.append(temp)
42 | 	
43 | 	conf['strings'] = filter(is_printable_string, strings)
44 | 	conf['urls'] = urls
45 | 	return conf
46 | 	
47 | if __name__ == "__main__":
48 | 	data = open(sys.argv[1], 'rb').read()
49 | 	t = decoder(data)
50 | 	print(t)
51 | 	
52 | 


--------------------------------------------------------------------------------
/flawedammy/ammy_crypt/RLEncryptor02.h:
--------------------------------------------------------------------------------
 1 | #if !defined(_RL_ENCRYPTOR_02_H__B72364868609__INCLUDED_)
 2 | #define _RL_ENCRYPTOR_02_H__B72364868609__INCLUDED_
 3 | 
 4 | #define RLEncryptor02_L 4   // the same in SEAL L=32768
 5 | typedef unsigned char UINT8;
 6 | typedef unsigned int UINT32;
 7 | typedef unsigned int UINT;
 8 | 
 9 | class RLEncryptor02
10 | {
11 | public:
12 | 	RLEncryptor02();
13 | 	~RLEncryptor02();
14 | 
15 | 	void Copy(const RLEncryptor02& src);
16 | 	void FastCopy(const RLEncryptor02& src);
17 | 
18 | 	void Encrypt(UINT8 *input, int count);
19 | 	void Decrypt(UINT8 *input, int count);
20 | 	void SetKey(const UINT8 *key, bool encryption);
21 | 
22 | private:
23 | 	inline void RotateEncr(UINT8 *input, int count);
24 | 	inline void RotateDecr(UINT8 *input, int count);
25 | 	inline void XORCrypt  (UINT8 *input, int count);
26 | 	static void SHATransform(UINT32 *digest, const UINT32 *data);
27 | 
28 | 	inline void   Gamma(const UINT32 *key);
29 | 	inline UINT32 GammaApply(UINT32 i);
30 | 	inline void   IncrementCounter();
31 | 	       void   Generate();
32 | 
33 | private:
34 | 	UINT   m_counter;
35 | 	UINT   m_position;
36 | 	UINT32 m_lastIndex;
37 | 	UINT32 H[5], Z[5], D[16], S[256], T[512], R[4*RLEncryptor02_L];
38 | 	UINT8  m_buffer[4096];
39 | 	
40 | 	UINT8  m_rotation[256];
41 | 	int    m_prevByte; // should be UINT8, but int works faster, it's needed for Rotate() - input depended
42 | };
43 | 
44 | #endif // !defined(_RL_ENCRYPTOR_02_H__B72364868609__INCLUDED_)
45 | 


--------------------------------------------------------------------------------
/sample_hashes.txt:
--------------------------------------------------------------------------------
 1 | flawedammy
 2 |  ba431f41b83a5f12198f8eb3007e28fb6d726ff415fd08f8c4477d674b4557dc	
 3 |  268a486985bf2400d5087b2f3f3a895e18e1820c2d6712a545e73e1198ebcd83	
 4 | 
 5 | 
 6 | loki
 7 |  04481a0f4959b656b5632b7e52dceb4ce964ff04e78d92c3d8df7f19868fe8d5	
 8 |  e07b9b7255b5b78b29dc6133ef00c19e51b79e34db7a27edf32d24164a43e7d0	
 9 | 
10 | sageransom
11 |  626e9de4d3b7fce2a01913474fe86b0a78431ae9dbac4fd56d6ae2c3b964d95a	
12 |  9a21f0e3298fde72bb7e35b765e7700e1e25545bd8ab7e07d43fde81f047b363	
13 | 
14 | 
15 | gozi
16 |  3442154fb7cc920557e1ed837a4ea9ae7b622a60bacf75669630c4f3ee98a814	
17 |  a9a245a6581b9eeff7ac5122ddd05f42f978f25b93e7a8ec78be9e92cc50835a	
18 | 
19 | goziv3
20 |  99146cd4d31df0f8f76aab7a7f78992140ead8d7ff847b9c56707335d81d96e4	
21 |  5711537db95c80cabfb4ec3e65e7ad43a68141ea3718a0d71fa191130723c15b	
22 | 
23 | 
24 | marcher
25 |  dfc419e99120564ba981f4f60a787ca73c395207fea264e52e57ed69e46c2fa4	
26 |  dbd892f5cfb613c26e5d8612e86d7ecb4e60a5cfc0873c1eeb0f2ec257f83325	
27 | 
28 | satanransom
29 |  35c0dce5a6eec0acdbd7f5d35b5900c8bd307095cda62d6cbf9da51d9bd92dfa	
30 |  a27e68e871d3ab622b8843d1d2b38b51c3a44724d529ac945084f771c205a534	
31 | 
32 | cs_beacon
33 |  1b13e6282776c327e933b4fd2b7b244ccb0baebe1c0697b148b96a204da3e91e	
34 |  65fb105a0ef601db9d2cd9149833fc21c12cb23797085998cb108a9e669d9232	
35 | 
36 | quant
37 |  3e4d594e2dd901ce472c003426c7fd66f38510346fbd262f0fe86c874f13c62d	
38 |  355b3f71fff781afc33f937abe8072f76b5589c9719cf37f4cf107260ec10e45	
39 | 
40 | vidar
41 |  d4c6ccf1ad1fae47d0a6bb812983f7afea9e684b0a1e0db27e9093718d3287eb	
42 |  22d4fc482bcc4118267ef5dec980de12c96b5911249b3b2b954358ccdd99c02c	
43 | 


--------------------------------------------------------------------------------
/satanransom/satan_embed.py:
--------------------------------------------------------------------------------
 1 | '''
 2 | Written by Jason Reaves - @sysopfb
 3 | Free to use, attribute properly.
 4 | 
 5 | '''
 6 | import sys
 7 | import pefile
 8 | import struct
 9 | import re
10 | 
11 | def decrypt(keystream, blob):
12 | 	for i in range(len(blob)):
13 | 		blob[i] ^= keystream[i%len(keystream)]
14 | 
15 | def rc4_crypt(data, sbox):
16 | 	S = list(sbox)
17 | 	out = []
18 |  
19 | 	i = j = 0
20 | 	for char in data:
21 | 		i = ( i + 1 ) % 256
22 | 		j = ( j + S[i] ) % 256
23 | 		S[i] , S[j] = S[j] , S[i]
24 | 		out.append(chr(ord(char) ^ S[(S[i] + S[j]) % 256]))    
25 | 	return ''.join(out)
26 | 
27 | 
28 | 
29 | def decoder(data):
30 | 	conf = None
31 | 	#m = re.findall('''\x8a[\x82\x86]([\x00-\xff]{3}\x00)''', data)
32 | 	blob = None
33 | 	pe = pefile.PE(data=data)
34 | 	for section in pe.sections:
35 | 		if '.rdata' in section.Name:
36 | 			blob = section.get_data()
37 | 	if blob != None:
38 | 		temp = re.split('[\x00]{3,}', blob)
39 | 		temp = filter(lambda x: len(x) > 254, temp)
40 | 		found = None
41 | 		for val in temp:
42 | 			testdata = val[:-0x100]
43 | 			testkey = val[-0x100:]
44 | 			test = rc4_crypt(testdata, bytearray(testkey))
45 | 			if 'http' in test:
46 | 				found = test
47 | 				break
48 | 
49 | 		if found == None:
50 | 			possible_keys = filter(lambda x: len(x) == 256, temp)
51 | 			possible_data = filter(lambda x: len(x) != 256, temp)
52 | 			for testkey in possible_keys:
53 | 				for testdata in possible_data:
54 | 					test = rc4_crypt(testdata, bytearray(testkey))
55 | 					if 'http' in test:
56 | 						found = test
57 | 						break
58 | 				if found != None:
59 | 					break
60 | 		if found != None:
61 | 			print("Found embed config!")
62 | 			urls = re.findall('https?:\/\/[a-zA-Z0-9\-\/\._]+', found)
63 | 			conf ={'urls': urls}
64 | 
65 | 
66 | 	return conf
67 | 
68 | if __name__ == "__main__":
69 | 	data = open(sys.argv[1],'rb').read()
70 | 	t = decoder(data)
71 | 	print(t)
72 | 
73 | 


--------------------------------------------------------------------------------
/marcher/decoder.py:
--------------------------------------------------------------------------------
 1 | '''
 2 | Written by Jason Reaves - @sysopfb
 3 | Free to use, attribute properly.
 4 | 
 5 | '''
 6 | import sys
 7 | import re
 8 | import struct
 9 | 
10 | #credits to https://github.com/euske/pdfminer/blob/master/pdfminer/ascii85.py
11 | def ascii85decode(data):
12 |     """
13 |     In ASCII85 encoding, every four bytes are encoded with five ASCII
14 |     letters, using 85 different types of characters (as 256**4 < 85**5).
15 |     When the length of the original bytes is not a multiple of 4, a special
16 |     rule is used for round up.
17 |     The Adobe's ASCII85 implementation is slightly different from
18 |     its original in handling the last characters.
19 |     The sample string is taken from:
20 |       http://en.wikipedia.org/w/index.php?title=Ascii85
21 |     >>> ascii85decode(b'9jqo^BlbD-BleB1DJ+*+F(f,q')
22 |     'Man is distinguished'
23 |     >>> ascii85decode(b'E,9)oF*2M7/c~>')
24 |     'pleasure.'
25 |     """
26 |     n = b = 0
27 |     out = b''
28 |     for c in data:
29 |         if b'!' <= c and c <= b'u':
30 |             n += 1
31 |             b = b*85+(ord(c)-33)
32 |             if n == 5:
33 |                 out += struct.pack('>L', b)
34 |                 n = b = 0
35 |         elif c == b'z':
36 |             assert n == 0
37 |             out += b'\0\0\0\0'
38 |         elif c == b'~':
39 |             if n:
40 |                 for _ in range(5-n):
41 |                     b = b*85+84
42 |                 out += struct.pack('>L', b)[:n-1]
43 |             break
44 |     return out
45 | 
46 | def decoder(data):
47 | 	config = {}
48 | 	temp1 = re.findall('''BQS\?8[ -~]+''', data)
49 | 	if temp1 != []:
50 | 		urls = []
51 | 		for val in temp1:
52 | 			temp = ascii85decode(val)
53 | 			urls.append(temp)
54 | 	if urls != []:
55 | 		config['URLS'] = urls
56 | 	return config
57 | 
58 | if __name__ == "__main__":
59 | 	data = open(sys.argv[1], 'rb').read()
60 | 	t = decoder(data)
61 | 	print(t)
62 | 


--------------------------------------------------------------------------------
/satanransom/nrv2b.py:
--------------------------------------------------------------------------------
 1 | import struct
 2 | 
 3 | def getbit(src):
 4 |     global _bc, _ilen, bb
 5 | 
 6 |     if _bc > 0:
 7 |         _bc=_bc-1
 8 |         return ((bb >> _bc) & 0x1)
 9 |     else:
10 |         _bc=31
11 |         bb=struct.unpack("1I", src[_ilen:_ilen+4])[0]
12 |         _ilen=_ilen+4
13 |         return ((bb >> _bc) & 0x1)
14 | 
15 | def nrv2b(src):
16 |     global _bc, _ilen, bb
17 |     _bc=0
18 |     _ilen=0
19 |     bb=0
20 |     dst_len=struct.unpack("1I", src[:4])
21 |     src=src[4:]
22 |     olen=0
23 |     last_m_off=1
24 |     src_len=len(src)
25 |     dst=[]
26 | 
27 |     while True:
28 |         bit = getbit(src)
29 |         while bit!=0:
30 |             dst.append(src[_ilen])
31 |             olen=olen+1
32 |             _ilen=_ilen+1
33 |             bit = getbit(src)
34 |         m_off=1
35 |         bit=0
36 |         while bit == 0:
37 |             bit = getbit(src)
38 |             m_off = m_off*2 + bit
39 |             bit = getbit(src)
40 |         if m_off == 2:
41 |             m_off = last_m_off
42 |         else:
43 |             m_off = (m_off - 3)*256 + ord(src[_ilen])
44 |             _ilen = _ilen+1
45 |             if m_off == 0xffffffff:
46 |                 break
47 |             last_m_off = m_off + 1
48 |             m_off = m_off + 1
49 |         m_len = getbit(src)
50 |         bit = getbit(src)
51 |         m_len = m_len*2 + bit
52 |         if m_len == 0:
53 |             m_len = m_len + 1
54 |             bit=0
55 |             while bit == 0:
56 |                 bit = getbit(src)
57 |                 m_len = m_len*2 + bit
58 |                 bit = getbit(src)
59 |             m_len = m_len + 2
60 |         m_len = m_len + (m_off > 0xd00)
61 |         m_pos = olen - m_off
62 | 	try:
63 |             dst.append(dst[m_pos])
64 |         except:
65 |             print(m_pos)
66 |             return(''.join(dst))
67 |         olen=olen+1
68 |         m_pos=m_pos+1
69 |         b=1
70 |         while b > 0:
71 |             dst.append(dst[m_pos])
72 |             olen=olen+1
73 |             m_pos=m_pos+1
74 |             m_len=m_len-1
75 |             b=m_len
76 |     str=""
77 |     for c in dst:
78 |         str+=c
79 |     return str
80 | 


--------------------------------------------------------------------------------
/flawedammy/decoder.py:
--------------------------------------------------------------------------------
 1 | '''
 2 | Written by Jason Reaves - @sysopfb
 3 | Free to use, attribute properly.
 4 | '''
 5 | 
 6 | import sys
 7 | import ammycrypt
 8 | import pefile
 9 | import binascii
10 | import struct
11 | 
12 | #regular AmmyAdmin default key
13 | default_key = "aSg@f1H_hjy!"
14 | 
15 | def get_rsrc(pe):
16 | 	ret = []
17 | 	for resource_type in pe.DIRECTORY_ENTRY_RESOURCE.entries:
18 | 		if resource_type.name is not None:
19 | 			name = str(resource_type.name)
20 | 		else:
21 | 			name = str(pefile.RESOURCE_TYPE.get(resource_type.struct.Id))
22 | 		if name == None:
23 | 			name = str(resource_type.struct.name)
24 | 		if hasattr(resource_type, 'directory'):
25 | 			for resource_id in resource_type.directory.entries:
26 | 				if hasattr(resource_id, 'directory'):
27 | 					for resource_lang in resource_id.directory.entries:
28 | 						data = pe.get_data(resource_lang.data.struct.OffsetToData,resource_lang.data.struct.Size)
29 | 						ret.append((name,data,resource_lang.data.struct.Size,resource_type))
30 | 	return ret
31 | 
32 | #From AmmyAdmin source
33 | flags = {1: 'ViewScreen', 2: 'RemoteControl', 4: 'ClipboardOut', 8: 'ClipboardIn', 16: 'FileManager', 32: 'AudioChat', 64: 'RDPsession'}
34 | 
35 | def decoder(data):
36 | 	config = {}
37 | 	pe = pefile.PE(data=data)
38 | 	key = binascii.unhexlify('6b2f3da798926116a63f187b9891e0d4bc5a6382')
39 | 	rsrcs = get_rsrc(pe)
40 | 	for r in rsrcs:
41 | 		if r[0] == 'BINARY':
42 | 			blob = r[1]
43 | 			t = ammycrypt.ammy_decrypt(key, blob)
44 | 			print(binascii.hexlify(t))
45 | 			if '.' not in t:
46 | 				t = ammycrypt.ammy_decrypt(default_key, blob)
47 | 			print(binascii.hexlify(t))
48 | 			try:
49 | 				config['RAW'] = binascii.hexlify(t)
50 | 				config['VER'] = binascii.hexlify(t[:4])
51 | 				config['DATE_VAL'] = struct.unpack_from('<HHHHHHH', t[4:])
52 | 				config['FLAGS'] = binascii.hexlify(t[18:24])
53 | 				c2 = t[24:].split('\x00')[0]
54 | 				config['C2'] = c2
55 | 				rest = t[24+len(c2)+1:]
56 | 				(config['PORT'],config['M_ID'],m_vals) = struct.unpack_from('<HII', rest)
57 | 				config['RLMD5'] = binascii.hexlify(rest[10:26])
58 | 				temp = [flags[x] for x in flags.keys() if m_vals & x != 0]
59 | 				config['M_VALS'] = m_vals
60 | 				config['M_VAL_FLAGS'] = temp
61 | 			except:
62 | 				config = {}
63 | 				config['RAW'] = binascii.hexlify(t)
64 | 				
65 | 	return config
66 | 
67 | if __name__ == "__main__":
68 | 	data = open(sys.argv[1], 'rb').read()
69 | 	t = decoder(data)
70 | 	print(t)
71 | 


--------------------------------------------------------------------------------
/gozi/isfb_joiner.py:
--------------------------------------------------------------------------------
 1 | '''
 2 | Written by Jason Reaves - @sysopfb
 3 | Free to use, attribute properly.
 4 | 
 5 | '''
 6 | import pefile
 7 | import sys
 8 | import struct
 9 | import aplib
10 | import binascii
11 | 
12 | JOINER_SECTIONS = {0xe1285e64: "CRC_PUBLIC_KEY", 0x8fb1dde1: "CRC_CLIENT_INI", 0xd722afcb: "CRC_CLIENT_INI"}
13 | INI_PARAMS = {0x4fa8693e: "CRC_SERVERKEY", 0xd0665bf6: "CRC_HOSTS", 0x656b798a: "CRC_GROUP", 0x556aed8f: "CRC_SERVER", 0x11271c7f: "CONF_TIMEOUT", 0x48295783: "CONFIG_FAIL_TIMEOUT"}
14 | 
15 | class IniParams:
16 | 	def __init__(self, count, iniParams):
17 | 		self.count = count
18 | 		self.ini_params = iniParams
19 | 	
20 | 	def put_param(self, param):
21 | 		self.ini_params.append(param)
22 | 		
23 | 	def __str__(self):
24 | 		ret_val = ""
25 | 		for param in self.ini_params:
26 | 			ret_val += str(param)+'\n'
27 | 		
28 | 		return ret_val
29 | 
30 | class IniParam:
31 | 	def __init__(self, hash, offset, data):
32 | 		self.name = "UNKNOWN"
33 | 		self.data = ""
34 | 		if hash in INI_PARAMS.keys():
35 | 			self.name = INI_PARAMS[hash]
36 | 		self.data = data[offset:].split('\x00')[0]
37 | 	
38 | 	def get_name(self):
39 | 		return self.name
40 | 	def get_data(self):
41 | 		return self.data
42 | 	
43 | 	def __str__(self):
44 | 		return(self.name+": "+str(self.data))
45 | 
46 | def pub_key_parse(data):
47 | 	print("PUB KEY:")
48 | 	print(binascii.hexlify(data))
49 | 
50 | def client_init_parse(data):
51 | 	print("INI PARAMS:")
52 | 	count = struct.unpack_from('<I', data)[0]
53 | 	params = IniParams(count,[])
54 | 	
55 | 	data = data[8:]
56 | 	for i in range(count):
57 | 		(hash,flag,offset,) = struct.unpack_from('<III', data)
58 | 		params.put_param(IniParam(hash,offset,data))
59 | 		data = data[0x18:]
60 | 	
61 | 	print(params)
62 | 	
63 | 	
64 | 
65 | handlers = {"CRC_PUBLIC_KEY": pub_key_parse, "CRC_CLIENT_INI": client_init_parse}
66 | 
67 | pe = pefile.PE(sys.argv[1])
68 | 
69 | if len(sys.argv) > 2:
70 | 	ADDON_MAGIC = [sys.argv[2]]
71 | else:
72 | 	ADDON_MAGIC = ["JF", "J1"]
73 | 
74 | file_data = pe.get_memory_mapped_image()
75 | 
76 | for magic in ADDON_MAGIC:
77 | 	index = 0
78 | 	for i in range(3):
79 | 		temp = file_data[index:].find(magic)
80 | 		if temp != -1:
81 | 			index += temp
82 | 			(magicVal,offset,length,section) = struct.unpack_from('<IIII', file_data[index:])
83 | 			if section in JOINER_SECTIONS.keys():
84 | 				handler = handlers[JOINER_SECTIONS[section]]
85 | 				compressed_data = file_data[offset:offset+length]
86 | 				try:
87 | 					uncompressed = aplib.decompress(compressed_data).do()
88 | 					handler(uncompressed[0])
89 | 				except:
90 | 					pass
91 | 			else:
92 | 				print("UNKNOWN SECTION: " +hex(section))
93 | 			index += 1
94 | 		else:
95 | 			break
96 | 	
97 | 
98 | 


--------------------------------------------------------------------------------
/satanransom/satan_loader.py:
--------------------------------------------------------------------------------
  1 | '''
  2 | Written by Jason Reaves - @sysopfb
  3 | Free to use, attribute properly.
  4 | 
  5 | '''
  6 | import sys
  7 | import pefile
  8 | import struct
  9 | import nrv2b as nrv2b
 10 | import satan_embed
 11 | 
 12 | def decrypt(keystream, blob):
 13 | 	for i in range(len(blob)):
 14 | 		blob[i] ^= keystream[i%len(keystream)]
 15 | 
 16 | def rc4_crypt(data, sbox):
 17 | 	S = list(sbox)
 18 | 	out = []
 19 |  
 20 | 	i = j = 0
 21 | 	for char in data:
 22 | 		i = ( i + 1 ) % 256
 23 | 		j = ( j + S[i] ) % 256
 24 | 		S[i] , S[j] = S[j] , S[i]
 25 | 		out.append(chr(ord(char) ^ S[(S[i] + S[j]) % 256]))    
 26 | 	return ''.join(out)
 27 | 
 28 | 
 29 | 
 30 | def is_64bit(pe):
 31 | 	ret = True
 32 | 	if pe.OPTIONAL_HEADER.Magic == 0x10b:
 33 | 		ret = False
 34 | 	return ret
 35 | 
 36 | 
 37 | def get_embedded(data):
 38 | 	embedded = None
 39 | 	offset = struct.unpack_from('<I', data[-4:])[0]
 40 | 	if offset > len(data) or offset == 0:
 41 | 		print("sanity failed")
 42 | 		print(offset)
 43 | 		return None
 44 | 	blob = data[-offset-12:]
 45 | 	poss_data = blob[:600]
 46 | 	for i in range(len(data)-len(blob)):
 47 | 		poss_sbox = bytearray(data[i:i+0x100])
 48 | 		temp = rc4_crypt(poss_data, poss_sbox)
 49 | 		if 'MZ' in temp and 'This' in temp and 'prog' in temp:
 50 | 			print("found it!")
 51 | 			temp = rc4_crypt(blob, poss_sbox)
 52 | 			embedded = temp
 53 | 	return embedded
 54 | 
 55 | def decoder(data):
 56 | 	conf = None
 57 | 	compressed = get_embedded(data)
 58 | 	start = compressed.find('\xd9e\xb7\xfcMZ')
 59 | 	print(start)
 60 | 	start -= 8
 61 | 	compressed_size = struct.unpack_from('<I', compressed[start:])[0]
 62 | 	blob = compressed[start+4:compressed_size+start+8]
 63 | 	uncomp = nrv2b.nrv2b(blob)
 64 | 	try:
 65 | 		pe = pefile.PE(data=uncomp)
 66 | 	except:
 67 | 		return conf
 68 | 	if is_64bit(pe):
 69 | 		print("64 bit found")
 70 | 		if 'Mozilla' in uncomp:
 71 | 			#This is the 64bit embedded file
 72 | 			conf = satan_embed.decoder(uncomp)
 73 | 		else:
 74 | 			start2 = compressed[start+12:].find('\xd9e\xb7\xfcMZ')
 75 | 			print(start2)
 76 | 			start = start + 4 + start2
 77 | 			compressed_size = struct.unpack_from('<I', compressed[start:])[0]
 78 | 			blob = compressed[start+4:compressed_size+start+8]
 79 | 			uncomp = nrv2b.nrv2b(blob)
 80 | 			try:
 81 | 				pe = pefile.PE(data=uncomp)
 82 | 			except:
 83 | 				return conf
 84 | 			if not is_64bit(pe):
 85 | 				print("32 bit found!")
 86 | 				#open('32bit.bin', 'wb').write(uncomp)
 87 | 				conf = satan_embed.decoder(uncomp)
 88 | 	else:
 89 | 		print("32 bit found")
 90 | 		#open('32bit.bin', 'wb').write(uncomp)
 91 | 		conf = satan_embed.decoder(uncomp)
 92 | 	return conf
 93 | 
 94 | 
 95 | if __name__ == "__main__":
 96 | 	data = open(sys.argv[1],'rb').read()
 97 | 	t = decoder(data)
 98 | 	print(t)
 99 | 
100 | 


--------------------------------------------------------------------------------
/sageransom/sage.py:
--------------------------------------------------------------------------------
 1 | '''
 2 | Written by Jason Reaves - @sysopfb
 3 | Free to use, attribute properly.
 4 | 
 5 | '''
 6 | import sys
 7 | import pefile
 8 | import struct
 9 | import binascii
10 | import chacha as chachasec
11 | 
12 | 
13 | def decoder(data):
14 | 	config = {}
15 | 	blob = ""
16 | 	conf = None
17 | 	#Try overlay first
18 | 	pe = pefile.PE(data=data)
19 | 	overlay = pe.get_overlay()
20 | 	if overlay == None:
21 | 		overlay = '\x00'*64
22 | 	for i in range(len(overlay)-64):
23 | 		(a,b,c,d) = struct.unpack_from('<IIII', overlay[i:])
24 | 		if a^b == c:
25 | 			key = overlay[i+16:i+16+32]
26 | 			data_check = overlay[i+16+32:i+16+32+8]
27 | 			cha = chachasec.ChaCha(key, '\x00'*8, 20)
28 | 			test = cha.decrypt(data_check)
29 | 			(test_val,conf_length) = struct.unpack_from('<II', test)
30 | 			if test_val == d:
31 | 				print("Found it!")
32 | 				cha = chachasec.ChaCha(key, '\x00'*8, 20)
33 | 				config_blob = overlay[i+16+32+8:i+16+32+8+conf_length]
34 | 				data2 = config_blob
35 | 				conf = cha.decrypt(data2)
36 | 				break
37 | 	'''
38 | 	for i in range(len(data)-32):
39 | 		(a,b,c,d) = struct.unpack_from('<IIII', data[i:])
40 | 		if a^b == c:
41 | 			key = data[i+16:i+16+32]
42 | 			data_check = data[i+16+32:i+16+32+8]
43 | 			cha = chachasec.ChaCha(key, '\x00'*8, 20)
44 | 			test = cha.decrypt(data_check)
45 | 			(test_val,conf_length) = struct.unpack_from('<II', test)
46 | 			if test_val == d:
47 | 				print("Found it!")
48 | 				cha = chachasec.ChaCha(key, '\x00'*8, 20)
49 | 				config_blob = data[i+16+32+8:i+16+32+8+conf_length]
50 | 				data2 = config_blob
51 | 				conf = cha.decrypt(data2)
52 | 				break
53 | 	'''
54 | 	if conf != None:
55 | 		j = 0
56 | 		while(j < len(conf)):
57 | 			dword = struct.unpack_from('<I', conf[j:])[0]
58 | 			j += 4
59 | 			size = dword & 0xffffff
60 | 			flag = dword >> 0x18
61 | 			blob = conf[j:j+size]
62 | 			print("Flag: "+str(flag))
63 | 			if flag == 1 and len(blob) == 40:
64 | 				config['id'] = binascii.hexlify(blob[:8])
65 | 				config['chacha_traffic_key'] = binascii.hexlify(blob[8:])
66 | 			if flag == 2:
67 | 				blob = conf[j:j+size]
68 | 				doms = filter(lambda x: x != '', blob.split('\x00'))
69 | 				config['c2s'] = doms
70 | 			j += size	
71 | 	
72 | 	else:
73 | 		dom = None
74 | 		#Check if older style
75 | 		test = overlay.split('\x00'*7)
76 | 		if len(test) > 1:
77 | 			doms = test[-2].strip('\x00')
78 | 			if '\x00' in doms and '.com' in doms:
79 | 				dom = doms
80 | 			blob = test[-1].strip('\x00')
81 | 		if len(blob) != 40:
82 | 			config['notes'] = "id_key find failure"
83 | 		else:
84 | 			config['id'] = binascii.hexlify(blob[:8])
85 | 			config['chacha_traffic_key'] = binascii.hexlify(blob[8:])
86 | 			cha = chachasec.ChaCha(blob[8:], '\x00'*8, 20)
87 | 			if dom == None:
88 | 				dom = cha.decrypt(doms)
89 | 			c2s = filter(lambda x: len(x) > 1, dom.split('\x00'))
90 | 			config['c2s'] = c2s
91 | 	return config
92 | 				
93 | 
94 | if __name__ == "__main__":
95 | 	data = open(sys.argv[1], 'rb').read()
96 | 	conf = decoder(data)
97 | 	print(conf)
98 | 


--------------------------------------------------------------------------------
/gozi/iap_joiner.py:
--------------------------------------------------------------------------------
  1 | '''
  2 | Written by Jason Reaves - @sysopfb
  3 | Free to use, attribute properly.
  4 | 
  5 | '''
  6 | #Sample TOR: 090d7d8918c01d73b2f9d0fdf9f8f0dabb5a5deff4aae4afdc4b8c6341372aca
  7 | #Sample 
  8 | 
  9 | import pefile
 10 | import sys
 11 | import struct
 12 | import aplib
 13 | import binascii
 14 | import hashlib
 15 | 
 16 | JOINER_SECTIONS = {0xe1285e64: "CRC_PUBLIC_KEY", 0x8fb1dde1: "CRC_CLIENT_INI", 0xd722afcb: "CRC_CLIENT_INI", 0x9e154a0c: "CRC_LOADER_DLL", 0x41982e1f: "CRC_LOADER_DLL"}
 17 | INI_PARAMS = {0x4fa8693e: "CRC_SERVERKEY", 0xd0665bf6: "CRC_HOSTS", 0x656b798a: "CRC_GROUP", 0x556aed8f: "CRC_SERVER", 0x11271c7f: "CONF_TIMEOUT", 0x48295783: "CONFIG_FAIL_TIMEOUT"}
 18 | 
 19 | class IniParams:
 20 | 	def __init__(self, count, iniParams):
 21 | 		self.count = count
 22 | 		self.ini_params = iniParams
 23 | 	
 24 | 	def put_param(self, param):
 25 | 		self.ini_params.append(param)
 26 | 		
 27 | 	def __str__(self):
 28 | 		ret_val = ""
 29 | 		for param in self.ini_params:
 30 | 			ret_val += str(param)+'\n'
 31 | 		
 32 | 		return ret_val
 33 | 
 34 | class IniParam:
 35 | 	def __init__(self, hash, offset, data):
 36 | 		self.name = "UNKNOWN"
 37 | 		self.data = ""
 38 | 		if hash in INI_PARAMS.keys():
 39 | 			self.name = INI_PARAMS[hash]
 40 | 		self.data = data[offset:].split('\x00')[0]
 41 | 	
 42 | 	def get_name(self):
 43 | 		return self.name
 44 | 	def get_data(self):
 45 | 		return self.data
 46 | 	
 47 | 	def __str__(self):
 48 | 		return(self.name+": "+str(self.data))
 49 | 
 50 | def pub_key_parse(data):
 51 | 	print("PUB KEY:")
 52 | 	print(binascii.hexlify(data))
 53 | 
 54 | def client_init_parse(data):
 55 | 	print("INI PARAMS:")
 56 | 	count = struct.unpack_from('<I', data)[0]
 57 | 	params = IniParams(count,[])
 58 | 	
 59 | 	data = data[8:]
 60 | 	for i in range(count):
 61 | 		(hash,flag,offset,) = struct.unpack_from('<III', data)
 62 | 		params.put_param(IniParam(hash,offset,data))
 63 | 		data = data[0x18:]
 64 | 	
 65 | 	print(params)
 66 | 	
 67 | def loader_dll_parse(data):
 68 | 	pe = pefile.PE(data=data)
 69 | 	if pe.OPTIONAL_HEADER.Magic == 0x10b:
 70 | 		bit = "32"
 71 | 	else:
 72 | 		bit = "64"
 73 | 	print("DLL:")
 74 | 	print("Bit: "+bit)
 75 | 	print("MD5: "+hashlib.md5(data).hexdigest())
 76 | 	print("SHA256: "+hashlib.sha256(data).hexdigest())
 77 | 	print("IMPHASH: "+pe.get_imphash())
 78 | 	parse_ini(data)
 79 | 
 80 | handlers = {"CRC_PUBLIC_KEY": pub_key_parse, "CRC_CLIENT_INI": client_init_parse, "CRC_LOADER_DLL": loader_dll_parse}
 81 | 
 82 | def parse_ini(file_data, ADDON_MAGIC=["JF", "J1"]):
 83 | 	pe = pefile.PE(data=file_data)
 84 | 
 85 | 	#if len(sys.argv) > 2:
 86 | 	#	ADDON_MAGIC = [sys.argv[2]]
 87 | 	#else:
 88 | 	#	ADDON_MAGIC = ["JF", "J1"]
 89 | 
 90 | 	file_data = pe.get_memory_mapped_image()
 91 | 
 92 | 	for magic in ADDON_MAGIC:
 93 | 		index = 0
 94 | 		for i in range(2):
 95 | 			temp = file_data[index:].find(magic)
 96 | 			if temp != -1:
 97 | 				index += temp
 98 | 				(magicVal,flags,section,offset,length,) = struct.unpack_from('<IIIII', file_data[index:])
 99 | 				if section in JOINER_SECTIONS.keys():
100 | 					handler = handlers[JOINER_SECTIONS[section]]
101 | 					compressed_data = file_data[offset:offset+length]
102 | 					uncompressed = aplib.decompress(compressed_data).do()
103 | 					handler(uncompressed[0])
104 | 				else:
105 | 					print("UNKNOWN SECTION: " +hex(section))
106 | 				index += 1
107 | 			else:
108 | 				break
109 | 		
110 | 
111 | if __name__ == "__main__":
112 | 	data = open(sys.argv[1],'rb').read()
113 | 	parse_ini(data)
114 | 


--------------------------------------------------------------------------------
/loki/loki.py:
--------------------------------------------------------------------------------
  1 | '''
  2 | Written by Jason Reaves - @sysopfb
  3 | Free to use, attribute properly.
  4 | 
  5 | '''
  6 | import pefile
  7 | import sys
  8 | import re
  9 | import struct
 10 | from Crypto.Cipher import DES3
 11 | 
 12 | def find_iv(pe):
 13 | 	iv = -1
 14 | 	if type(pe) == pefile.PE:
 15 | 		t = pe.get_memory_mapped_image()
 16 | 	else:
 17 | 		t = pe
 18 | 	temp = re.findall(r'''\x68...\x00.{1,10}\x68...\x00\x68...\x00\x68...\x00\x03\xc1''',t)
 19 | 	if temp != []:
 20 | 		(addr,) = struct.unpack_from('<I', temp[0][1:])
 21 | 		addr -= 0x400000
 22 | 		iv = t[addr:addr+8]
 23 | 	return iv
 24 | 
 25 | def try_find_iv(pe):
 26 | 	ret = []
 27 | 
 28 | 	dlen = 8*4
 29 | 	if type(pe) == pefile.PE:
 30 | 		t = pe.get_memory_mapped_image()
 31 | 	else:
 32 | 		t = pe
 33 | 	off = t.find('\x6a\x08\x59\xbe')
 34 | 	if off == -1:
 35 | 		return -1
 36 | 	(addr,) = struct.unpack_from('<I',t[off+4:])
 37 | 	#print(hex(addr))
 38 | 	addr -= 0x400000
 39 | 	conf = t[addr:addr+dlen]
 40 | 
 41 | 	#Go until past next blob to \x00\x00\x00\x00
 42 | 	off = t[addr+dlen+4:].find('\x00\x00\x00\x00')
 43 | 	off += addr + dlen + 4 + 4
 44 | 	iv = t[off:off+8]
 45 | 	
 46 | 	#This doesn't work for all samples... still interesting that the data is in close proximity sometimes
 47 | 	(nul,key3,nul,key2,nul,key1) = struct.unpack_from('<I8sI8sI8s', t[off+8:])
 48 | 
 49 | 	key = '\x08\x02\x00\x00\x03\x66\x00\x00\x18\x00\x00\x00'+key1+key2+key3
 50 | 
 51 | 	return(iv)
 52 | 	
 53 | 
 54 | 
 55 | 
 56 | def find_conf(pe):
 57 | 	ret = []
 58 | 
 59 | 	dlen = 8*4
 60 | 	if type(pe) == pefile.PE:
 61 | 		t = pe.get_memory_mapped_image()
 62 | 	else:
 63 | 		t = pe
 64 | 	off = t.find('\x6a\x08\x59\xbe')
 65 | 	(addr,) = struct.unpack_from('<I',t[off+4:])
 66 | 	#print(hex(addr))
 67 | 	addr -= 0x400000
 68 | 	data = t[addr:addr+dlen]
 69 | 	ret.append(data)
 70 | 
 71 | 	dlen = 10*4
 72 | 	off = t.find('\x6a\x0a\x59\xbe')
 73 | 	(addr,) = struct.unpack_from('<I',t[off+4:])
 74 | 	#print(hex(addr))
 75 | 	addr -= 0x400000
 76 | 	data = t[addr:addr+dlen]
 77 | 	ret.append(data)
 78 | 
 79 | 	return ret
 80 | 
 81 | def find_key(pe):
 82 | 	ret = None
 83 | 	if type(pe) == pefile.PE:
 84 | 		t = pe.get_memory_mapped_image()
 85 | 	else:
 86 | 		t = pe
 87 | 	temp = re.findall(r'''\x68...\x00\x68...\x00\x68...\x00\x03\xc1''',t)
 88 | 	if temp != []:
 89 | 		ret = '\x08\x02\x00\x00\x03\x66\x00\x00\x18\x00\x00\x00'
 90 | 		temp = temp[0][:-2].split('\x68')[::-1]
 91 | 		for a in temp:
 92 | 			if a != '':
 93 | 				(addr,) = struct.unpack_from('<I',a)
 94 | 				#print(hex(addr))
 95 | 				addr -= 0x400000
 96 | 				ret += t[addr:addr+8]
 97 | 	return ret
 98 | 
 99 | 
100 | def decoder(data):
101 | 	x_sect = None
102 | 
103 | 	urls = re.findall(r'''https?:\/\/[a-zA-Z0-9\/\.:\-_]+''', data)
104 | 
105 | 	pe = None
106 | 	try:
107 | 		pe = pefile.PE(sys.argv[1])
108 | 
109 | 		for sect in pe.sections:
110 | 			if '.x' in sect.Name:
111 | 				x_sect = sect
112 | 		img = pe.get_memory_mapped_image()
113 | 	except:
114 | 		img = data
115 | 	if x_sect != None:
116 | 		x = img[x_sect.VirtualAddress:x_sect.VirtualAddress+x_sect.SizeOfRawData]
117 | 		x = bytearray(x)
118 | 	else:
119 | 		x = bytearray(img)
120 | 
121 | 	for i in range(len(x)):
122 | 		x[i] ^= 0xff
123 | 
124 | 	temp = re.findall(r'''https?:\/\/[a-zA-Z0-9\/\.:\-_]+''', x)
125 | 	urls += temp
126 | 
127 | 	urls = [x for x in urls if x != 'http://www.ibsensoftware.com/' and x != '']
128 | 
129 | 	#Try to decrypt onboard config then
130 | 	if urls == []:
131 | 		temp = ""
132 | 		if pe == None:
133 | 			pe = data
134 | 		key = find_key(pe)
135 | 		#iv = try_find_iv(pe)
136 | 		iv = find_iv(pe)
137 | 		confs = find_conf(pe)
138 | 		if iv not in ['', -1] and confs != []:
139 | 			for conf in confs:	
140 | 				dec = DES3.new(key[12:], DES3.MODE_CBC, iv)
141 | 				temp += dec.decrypt(conf)
142 | 			temp_urls = re.findall(r'''[a-zA-Z0-9\/\.:\-_]{6,}''', temp)
143 | 			urls += temp_urls
144 | 
145 | 
146 | 	for url in urls:
147 | 		print(url)
148 | 
149 | 	return({"urls": map(str,urls)})
150 | 
151 | if __name__ == "__main__":
152 | 	data = open(sys.argv[1],'rb').read()
153 | 	r = decoder(data)
154 | 


--------------------------------------------------------------------------------
/gozi/dreambot_joiner.py:
--------------------------------------------------------------------------------
  1 | '''
  2 | Written by Jason Reaves - @sysopfb
  3 | Free to use, attribute properly.
  4 | 
  5 | '''
  6 | #Sample: 054351a24499bb337a477b4bc6f0601a080d0a0f0c8b6d77e16e86d286d5c736
  7 | 
  8 | 
  9 | import pefile
 10 | import sys
 11 | import struct
 12 | import aplib
 13 | import binascii
 14 | import hashlib
 15 | 
 16 | JOINER_SECTIONS = {0xe1285e64: "CRC_PUBLIC_KEY", 0x8fb1dde1: "CRC_CLIENT_INI", 0xd722afcb: "CRC_CLIENT_INI", 0x4f75cea7: "CRC_LOADER_DLL", 0x90f8aab5: "CRC_LOADER_DLL", 0x7a042a8a: "CRC_INSTALL_INI"}
 17 | INI_PARAMS = {0x4fa8693e: "CRC_SERVERKEY", 0xd0665bf6: "CRC_HOSTS", 0x656b798a: "CRC_GROUP", 0x556aed8f: "CRC_SERVER", 0x11271c7f: "CONF_TIMEOUT", 0x48295783: "CONFIG_FAIL_TIMEOUT", 0xea9ea760: "CRC_BOOTSTRAP", 0x31277bd5: "CRC_TASKTIMEOUT",0x955879a6: "CRC_SENDTIMEOUT", 0x9fd13931: "CRC_BCSERVER", 0x6de85128: "CRC_BCTIMEOUT", 0xacc79a02: "CRC_KNOCKERTIMEOUT", 0x602c2c26: "CRC_KEYLOGLIST", 0x556aed8f: "CRC_SERVER", 0xd7a003c9: "CRC_CONFIGTIMEOUT", 0x18a632bb: "CRC_CONFIGFAILTIMEOUT", 0x73177345: "CRC_DGA_SEED_URL", 0x510f22d2: "CRC_TORSERVER", 0xec99df2e: "CRC_EXTERNALIP", 0xc61efa7a: "CRC_DGATLDS"}
 18 | 
 19 | class IniParams:
 20 | 	def __init__(self, count, iniParams):
 21 | 		self.count = count
 22 | 		self.ini_params = iniParams
 23 | 	
 24 | 	def put_param(self, param):
 25 | 		self.ini_params.append(param)
 26 | 		
 27 | 	def __str__(self):
 28 | 		ret_val = ""
 29 | 		for param in self.ini_params:
 30 | 			ret_val += str(param)+'\n'
 31 | 		
 32 | 		return ret_val
 33 | 
 34 | class IniParam:
 35 | 	def __init__(self, hash, offset, data):
 36 | 		self.name = "UNKNOWN"
 37 | 		self.data = ""
 38 | 		if hash in INI_PARAMS.keys():
 39 | 			self.name = INI_PARAMS[hash]
 40 | 		self.data = data[offset:].split('\x00')[0]
 41 | 		self.hash = hash
 42 | 	
 43 | 	def get_name(self):
 44 | 		return self.name
 45 | 	def get_data(self):
 46 | 		return self.data
 47 | 	
 48 | 	def __str__(self):
 49 | 		return(self.name+":"+hex(self.hash)+": "+str(self.data))
 50 | 
 51 | def pub_key_parse(data):
 52 | 	print("PUB KEY:")
 53 | 	print(binascii.hexlify(data))
 54 | 
 55 | def client_init_parse(data):
 56 | 	print("INI PARAMS:")
 57 | 	count = struct.unpack_from('<I', data)[0]
 58 | 	params = IniParams(count,[])
 59 | 	
 60 | 	data = data[8:]
 61 | 	for i in range(count):
 62 | 		(hash,flag,offset,) = struct.unpack_from('<III', data)
 63 | 		params.put_param(IniParam(hash,offset,data))
 64 | 		data = data[0x18:]
 65 | 	
 66 | 	print(params)
 67 | 	
 68 | def loader_dll_parse(data):
 69 | 	pe = pefile.PE(data=data)
 70 | 	if pe.OPTIONAL_HEADER.Magic == 0x10b:
 71 | 		bit = "32"
 72 | 	else:
 73 | 		bit = "64"
 74 | 	print("DLL:")
 75 | 	print("Bit: "+bit)
 76 | 	print("MD5: "+hashlib.md5(data).hexdigest())
 77 | 	print("SHA256: "+hashlib.sha256(data).hexdigest())
 78 | 	print("IMPHASH: "+pe.get_imphash())
 79 | 	parse_ini(data)
 80 | 
 81 | def install_ini_parse(data):
 82 | 	print("CRC_INSTALL_INI: "+binascii.hexlify(data))
 83 | 
 84 | handlers = {"CRC_PUBLIC_KEY": pub_key_parse, "CRC_CLIENT_INI": client_init_parse, "CRC_LOADER_DLL": loader_dll_parse, "CRC_INSTALL_INI": install_ini_parse}
 85 | 
 86 | def parse_ini(file_data, ADDON_MAGIC=["JF", "J1"]):
 87 | 	pe = pefile.PE(data=file_data)
 88 | 
 89 | 	#if len(sys.argv) > 2:
 90 | 	#	ADDON_MAGIC = [sys.argv[2]]
 91 | 	#else:
 92 | 	#	ADDON_MAGIC = ["JF", "J1"]
 93 | 
 94 | 	file_data = pe.get_memory_mapped_image()
 95 | 
 96 | 	for magic in ADDON_MAGIC:
 97 | 		print(str(magic))
 98 | 		index = 0
 99 | 		for i in range(3):
100 | 			temp = file_data[index:].find(magic)
101 | 			if temp != -1:
102 | 				index += temp
103 | 				(magicVal,flags,section,offset,length,) = struct.unpack_from('<IIIII', file_data[index:])
104 | 				if section in JOINER_SECTIONS.keys():
105 | 					handler = handlers[JOINER_SECTIONS[section]]
106 | 					compressed_data = file_data[offset:offset+length]
107 | 					uncompressed = aplib.decompress(compressed_data).do()
108 | 					handler(uncompressed[0])
109 | 				else:
110 | 					try:
111 | 						compressed_data = file_data[offset:offset+length]
112 | 						uncompressed = aplib.decompress(compressed_data).do()
113 | 						if uncompressed[0][:2] == 'MZ':
114 | 							loader_dll_parse(uncompressed[0])
115 | 						else:
116 | 							print("UNKNOWN SECTION: " +hex(section))
117 | 					except:
118 | 						print("UNKNOWN SECTION: " +hex(section))
119 | 				index += 1
120 | 			else:
121 | 				break
122 | 		
123 | 
124 | if __name__ == "__main__":
125 | 	data = open(sys.argv[1],'rb').read()
126 | 	parse_ini(data)
127 | 


--------------------------------------------------------------------------------
/goziv3/decoder.py:
--------------------------------------------------------------------------------
  1 | '''
  2 | Written by Jason Reaves - @sysopfb
  3 | Free to use, attribute properly.
  4 | 
  5 | '''
  6 | 
  7 | import re
  8 | import sys
  9 | import struct
 10 | import aplib
 11 | import binascii
 12 | import serpent2
 13 | from Crypto.PublicKey import RSA
 14 | 
 15 | JOINER_SECTIONS = {0xe1285e64: "CRC_PUBLIC_KEY", 0x8fb1dde1: "CRC_CLIENT_INI", 0xd722afcb: "CRC_CLIENT_INI", 0x4f75cea7: "CRC_LOADER_DLL", 0x90f8aab5: "CRC_LOADER_DLL", 0x7a042a8a: "CRC_INSTALL_INI", 0x90f8aab4: "CRC_CLIENT64", 0xda57d71a: "CRC_WORDLIST", 0xc535d8bf: "CRC_LOADER_DLL"}
 16 | INI_PARAMS = {0x4fa8693e: "CRC_SERVERKEY", 0xd0665bf6: "CRC_HOSTS", 0x656b798a: "CRC_GROUP", 0x556aed8f: "CRC_SERVER", 0x11271c7f: "CONF_TIMEOUT", 0x48295783: "CONFIG_FAIL_TIMEOUT", 0xea9ea760: "CRC_BOOTSTRAP", 0x31277bd5: "CRC_TASKTIMEOUT",0x955879a6: "CRC_SENDTIMEOUT", 0x9fd13931: "CRC_BCSERVER", 0x6de85128: "CRC_BCTIMEOUT", 0xacc79a02: "CRC_KNOCKERTIMEOUT", 0x602c2c26: "CRC_KEYLOGLIST", 0x556aed8f: "CRC_SERVER", 0xd7a003c9: "CRC_CONFIGTIMEOUT", 0x18a632bb: "CRC_CONFIGFAILTIMEOUT", 0x73177345: "CRC_DGA_SEED_URL", 0x510f22d2: "CRC_TORSERVER", 0xec99df2e: "CRC_EXTERNALIP", 0xc61efa7a: "CRC_DGATLDS", 0xdf351e24: "CRC_32BITDOWNLOAD", 0x4b214f54: "CRC_64BITDOWNLOAD", 0xcd850e68: "DGA_CRC", 0xdf2e7488: "DGA_COUNT", 0x584e5925: "TIMER"}
 17 | 
 18 | 
 19 | class IniParams:
 20 | 	def __init__(self, count, iniParams):
 21 | 		self.count = count
 22 | 		self.ini_params = iniParams
 23 | 	
 24 | 	def put_param(self, param):
 25 | 		self.ini_params.append(param)
 26 | 
 27 | 	def get_jsonify(self):
 28 | 		ret_val = {}
 29 | 		for param in self.ini_params:
 30 | 			ret_val.update(param.get_jsonify())
 31 | 		return ret_val
 32 | 		
 33 | 	def __str__(self):
 34 | 		ret_val = ""
 35 | 		for param in self.ini_params:
 36 | 			ret_val += str(param)+'\n'
 37 | 		
 38 | 		return ret_val
 39 | 
 40 | class IniParam:
 41 | 	def __init__(self, hash, offset, data):
 42 | 		self.name = "UNKNOWN"
 43 | 		self.data = ""
 44 | 		if hash in INI_PARAMS.keys():
 45 | 			self.name = INI_PARAMS[hash]
 46 | 		self.data = data[offset:].split('\x00')[0]
 47 | 		self.hash = hash
 48 | 	
 49 | 	def get_name(self):
 50 | 		return self.name
 51 | 	def get_data(self):
 52 | 		return self.data
 53 | 	
 54 | 	def get_jsonify(self):
 55 | 		return({self.name:str(self.data)})
 56 | 
 57 | 	def __str__(self):
 58 | 		return(self.name+":"+hex(self.hash)+": "+str(self.data))
 59 | 
 60 | def pub_key_parse(data):
 61 | 	print("PUB KEY:")
 62 | 	print(binascii.hexlify(data))
 63 | 	return({"PUB_KEY": binascii.hexlify(data)})
 64 | 
 65 | def client_init_parse(keypub,data):
 66 | 	bits = keypub.size()+1
 67 | 	encBlock = data[-(bits/8):]
 68 | 	decBlock = keypub.encrypt(encBlock,0)[0]
 69 | 	#Code converted from Gozi source
 70 | 	decBlock = decBlock[2:]
 71 | 	for i in range(len(decBlock)):
 72 | 		if decBlock[i] != '\xff':
 73 | 			decBlock = decBlock[i:]
 74 | 			break
 75 | 
 76 | 	#\x00 is separator
 77 | 	if decBlock[0] == '\x00':
 78 | 		decBlock=decBlock[1:]
 79 | 
 80 | 	#New code stores a serp key 16 bytes in
 81 | 	#checkval = ord(decBlock[0]) - 1
 82 | 	data_length = len(data[:-(bits/8)]) & 0xfffffff0
 83 | 	serpKey = decBlock[16:32]
 84 | 
 85 | 	data = serpent2.serpent_cbc_decrypt(serpKey,data[:-128])
 86 | 
 87 | 	print("INI PARAMS:")
 88 | 	count = struct.unpack_from('<I', data)[0]
 89 | 	params = IniParams(count,[])
 90 | 	
 91 | 	data = data[8:]
 92 | 	for i in range(count):
 93 | 		(hash,flag,offset,) = struct.unpack_from('<III', data)
 94 | 		params.put_param(IniParam(hash,offset,data))
 95 | 		data = data[0x18:]
 96 | 	
 97 | 	print(params)
 98 | 	return(params.get_jsonify())
 99 | 
100 | def convert_pubkey(data):
101 | 	pub = aplib.decompress(data).do()[0]
102 | 	bit = struct.unpack_from('<I', pub)[0]
103 | 	mod = pub[4:(bit/8)+4]
104 | 	exp = pub[(bit/8)+4:]
105 | 
106 | 	mod = int(binascii.hexlify(mod),16)
107 | 	exp = int(binascii.hexlify(exp),16)
108 | 	keypub = RSA.construct((mod, long(exp)))
109 | 	pempub = keypub.exportKey('PEM')
110 | 	return((keypub, pempub))
111 | 
112 | def parse_wordlist(data):
113 | 	out = aplib.decompress(data).do()[0]
114 | 	return({"WORD_LIST": out})
115 | 
116 | handlers = {"CRC_PUBLIC_KEY": convert_pubkey, "CRC_CLIENT_INI": client_init_parse, "CRC_WORDLIST": parse_wordlist}
117 | 
118 | 
119 | def find_xor_table(data):
120 | 	ret_val = None
121 | 	items = re.split('''[\x00]{40,}''', data)
122 | 	items = filter(lambda x: len(x) > 40 and len(x) <100, items)
123 | 	for item in items:
124 | 		l = struct.unpack_from('<I', item)[0]
125 | 		if l == len(item)+4:
126 | 			ret_val = item
127 | 			break
128 | 	return ret_val
129 | 
130 | config = {}
131 | data = open(sys.argv[1], 'rb').read()
132 | blob = find_xor_table(data)
133 | print(blob)
134 | #off = data.find('\x00\x00WD')
135 | #blob = data[off-2:]
136 | l = struct.unpack_from('<I', blob)[0]
137 | config['CONF_VAL'] = blob[4:6]
138 | blob = blob[8:]+'\x00\x00\x00\x00'
139 | #blob = blob[8:l]
140 | xorval = struct.unpack_from('<I', blob)[0]
141 | client_ini_data = None
142 | keypub = None
143 | while xorval != 0:
144 | 	blob = blob[4:]
145 | 	(xor_hash, val2, val3,) = struct.unpack_from('<III', blob)
146 | 	blob = blob[12:]
147 | 	crc_hash = xorval ^ xor_hash
148 | 	offset = xorval ^ val3
149 | 	l = xorval^val2
150 | 	if crc_hash in JOINER_SECTIONS.keys():
151 | 		print(JOINER_SECTIONS[crc_hash])
152 | 		handler = handlers[JOINER_SECTIONS[crc_hash]]
153 | 		if JOINER_SECTIONS[crc_hash] == "CRC_PUBLIC_KEY":
154 | 			sect_data = data[offset:offset+l]
155 | 			(keypub,pempub) = handler(sect_data)
156 | 		elif JOINER_SECTIONS[crc_hash] == "CRC_CLIENT_INI":
157 | 			client_ini_data = data[offset:offset+l]
158 | 		else:
159 | 			if JOINER_SECTIONS[crc_hash] in handlers.keys():
160 | 				handler = handlers[JOINER_SECTIONS[crc_hash]]
161 | 				sect_data = data[offset:offset+l]
162 | 				config.update(handler(sect_data))
163 | 	else:
164 | 		print("CRC_HASH: "+hex(xorval^xor_hash))
165 | 	print("Length: "+hex(xorval^val2))
166 | 	print("offset: "+hex(xorval^val3))
167 | 	xorval = struct.unpack_from('<I', blob)[0]
168 | 	
169 | if type(keypub) != type(None):
170 | 	print("Pub key: " +pempub)
171 | 	config.update({'PUB_KEY': pempub})
172 | 	if client_ini_data != None:
173 | 		config.update(client_init_parse(keypub,client_ini_data))
174 | print(config)
175 | 	
176 | 


--------------------------------------------------------------------------------
/cs_beacon/proper_beacon_decoder.py:
--------------------------------------------------------------------------------
  1 | """
  2 | 20JUN2018 - cs beacon config decoder
  3 | By Jason Reaves (@sysopfb) and Josh Platt
  4 | 
  5 | Free to use, attribute properly.
  6 | 
  7 | Will attempt to work on beacons from memory with already decoded configs as well
  8 | 
  9 | 
 10 | TODO
 11 | Add logic for other XOR keys
 12 | Transform parsing code needs work as well
 13 | """
 14 | import sys
 15 | import re
 16 | import binascii
 17 | import struct
 18 | 
 19 | BeaconSettings = {1: "PROTOCOL", 2: "PORT", 3: "SLEEPTIME", 4: "MAXGET", 5: "ITTER", 6: "MAXDNS", 7: "PUBKEY", 8: "DOMAINS", 9: "USERAGENT", 10: "SUBMITURI", 11: "C2_RECOVER", 12: "C2_REQUEST", 13: "C2_POSTREQ", 14: "SPAWNTO", 15: "PIPENAME", 16: "KILLDATE_YEAR", 17: "KILLDATE_MONTH", 18: "KILLDATE_DAY", 19: "DNS_IDLE", 20: "DNS_SLEEP", 21: "SSH_HOST", 22: "SSH_PORT", 23: "SSH_USERNAME", 24: "SSH_PASSWORD", 25: "SSH_KEY", 26: "C2_VERB_GET", 27: "C2_VERB_POST", 28: "C2_CHUNK_POST", 29: "SPAWNTO_X86", 30: "SPAWNTO_X64", 31: "CRYPTO_sCHEME", 32: "PROXY_CONFIG", 33: "PROXY_USER", 34: "PROXY_PASSWORD", 35: "PROXY_BEHAVIOR", 36: "INJECT_OPTIONS", 37: "WATERMARK", 54: "C2_HOST_HEADER"}
 20 | 
 21 | SettingTypes = {0: "TYPE_NONE", 1: "TYPE_SHORT", 2: "TYPE_INT", 3: "TYPE_PTR"}
 22 | 
 23 | 
 24 | TransformStep = {1: "APPEND", 2: "PREPEND", 3: "BASE64", 4: "PRINT", 5: "PARAMETER", 6: "HEADER", 7: "BUILD", 8: "NETBIOS", 9: "_PARAMETER", 10: "_HEADER", 11: "NETBIOSU", 12: "URI_APPEND", 13: "BASE64URL", 14: "STRREP", 15: "MASK"}
 25 | 
 26 | test_data = '\n\x00\x00\x00\x0bAccept: */*\x00\x00\x00\n\x00\x00\x00\x16Content-Type: text/xml\x00\x00\x00\n\x00\x00\x00 X-Requested-With: XMLHttpRequest\x00\x00\x00\n\x00\x00\x00\x14Host: www.amazon.com\x00\x00\x00\t\x00\x00\x00\nsz=160x600\x00\x00\x00\t\x00\x00\x00\x11oe=oe=ISO-8859-1;\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x02sn\x00\x00\x00\t\x00\x00\x00\x06s=3717\x00\x00\x00\t\x00\x00\x00"dc_ref=http%3A%2F%2Fwww.amazon.com\x00\x00\x00\x07\x00\x00\x00\x01\x00\x00\x00\x03\x00\x00\x00\x04'
 27 | 
 28 | def parse_transformdata(data):
 29 | 	config = []
 30 | 	while len(data) > 5:
 31 | 		(tstep,val,l,) = struct.unpack_from('>BHH',data)
 32 | 		data = data[5:]
 33 | 		if tstep in TransformStep.keys():
 34 | 			if tstep != 7:
 35 | 				temp = (TransformStep[tstep],val)
 36 | 				if l > 0:
 37 | 					s = str(data[:l])
 38 | 					temp += (s,)
 39 | 				data = data[l+3:]
 40 | 			else:
 41 | 				(a,b,) = struct.unpack_from('>HH', data)
 42 | 				data = data[4:]
 43 | 				temp = ()
 44 | 				if val != 0:
 45 | 					temp += (TransformStep[val],l)
 46 | 				if a != 0:
 47 | 					temp += (TransformStep[a],)
 48 | 				if b != 0:
 49 | 					if b in [5,6]:
 50 | 						(c,d) = struct.unpack_from('>HH', data)
 51 | 						data = data[4:]
 52 | 						temp += (TransformStep[b],str(data[:d]))
 53 | 						data = data[l+3:]
 54 | 					elif b in [3]:
 55 | 						(c,d) = struct.unpack_from('>HH', data)
 56 | 						data = data[4:]
 57 | 						if d in [5,6]:
 58 | 							(e,f) = struct.unpack_from('>HH', data)
 59 | 							data = data[4:]
 60 | 							temp += ((TransformStep[b],TransformStep[d],str(data[:f])))
 61 | 							data = data[f+3:]
 62 | 
 63 | 					else:
 64 | 						temp += (TransformStep[b],)
 65 | 				temp = ('BUILD',temp)
 66 | 			config.append(temp)
 67 | 	return config
 68 | 
 69 | 
 70 | 
 71 | class conf_item:
 72 | 	def __init__(self,beacon_index, setting_type, length, value):
 73 | 		if beacon_index in BeaconSettings.keys():
 74 | 			self.beaconSetting = BeaconSettings[beacon_index]
 75 | 		else:
 76 | 			self.beaconSetting = "UNKNOWN"+str(beacon_index)
 77 | 		if setting_type in SettingTypes.keys():
 78 | 			self.settingType = SettingTypes[setting_type]
 79 | 		else:
 80 | 			self.settingType = "UNKNOWN"+str(beacon_index)
 81 | 		self.length = length
 82 | 		if beacon_index == 7 or "UNKNOWN" in self.beaconSetting:
 83 | 			if setting_type in [2,3] and beacon_index != 7:
 84 | 				self.data = value
 85 | 			else:
 86 | 				self.data = binascii.hexlify(str(value))
 87 | 		elif beacon_index in [12,13]:
 88 | 			try:
 89 | 				self.data = parse_transformdata(value)
 90 | 			except:
 91 | 				self.data = str(value)
 92 | 		else:
 93 | 			self.data = str(value)
 94 | 
 95 | 	def get_jsonify(self):
 96 | 		return({self.beaconSetting:str(self.data)})
 97 | 
 98 | class beaconSettings:
 99 | 	def __init__(self, blob):
100 | 		self.items = []
101 | 		(bsetting, stype, l,) = struct.unpack_from('>HHH', blob)
102 | 		while bsetting < 60 and stype < 10 and l < 1000 and len(blob) > 7:
103 | 			blob = blob[6:]
104 | 			data = blob[:l]
105 | 			blob = blob[l:]
106 | 			if stype == 3:
107 | 				data = data.strip('\x00')
108 | 			elif stype == 2:
109 | 				data = struct.unpack('>I', data)[0]
110 | 			elif stype == 1:
111 | 				data = struct.unpack('>H', data)[0]
112 | 			self.items.append(conf_item(bsetting, stype, l, data))
113 | 			if len(blob) < 8:
114 | 				break
115 | 			(bsetting, stype, l,) = struct.unpack_from('>HHH', blob)
116 | 
117 | 
118 | 	def get_jsonify(self):
119 | 		ret_val = {}
120 | 		for item in self.items:
121 | 			ret_val.update(item.get_jsonify())
122 | 		return ret_val
123 | 
124 | 
125 | def decoder(data):
126 | 	config = {}
127 | 	blob = bytearray(data)
128 | 	key = 0
129 | 	#bruteforces xor key by searching for known plaintext
130 | 	for x in range(1, 0xff):
131 | 		start1 = re.escape(''.join([chr(ord(c) ^ x) for c in '\x00\x01\x00\x01\x00\x02\x00']))
132 | 		start2 = re.escape(''.join([chr(ord(c) ^ x) for c in '\x00\x02\x00\x01']))
133 | 		start = start1 + '.' + start2
134 | 		if re.search(start, data):
135 | 			key = x
136 | 			break
137 | 	for i in range(len(blob)):
138 | 		blob[i] ^= x
139 | 	start = re.findall('''\x00\x01\x00\x01\x00\x02\x00.\x00\x02\x00\x01''',blob)
140 | 	if len(start) > 0:
141 | 		start_offset = blob.find(start[0])
142 | 		bs = beaconSettings(blob[start_offset:])
143 | 		return bs.get_jsonify()
144 | 	pub_matches = re.findall('''\x30[\x00-\xff]{100,200}\x02\x03\x01\x00\x01\x00\x00''', blob)
145 | 	if pub_matches:
146 | 		config['PUBKEY'] = binascii.hexlify(pub_matches[0])
147 | 
148 | 	pipe_matches = re.findall('''\\\\\\\\%s\\\\pipe\\\\[^\x00]+''', blob)
149 | 	if pipe_matches:
150 | 		config['PIPE'] = map(str,pipe_matches)
151 | 
152 | 	ua_matches = re.findall('''Mozilla[^\x00]+''', blob)
153 | 	if ua_matches:
154 | 		config['UserAgents'] = map(str,ua_matches)
155 | 
156 | 	ip_matches = re.findall('''\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}''', blob)
157 | 	if ip_matches:
158 | 		config['C2'] = map(str,ip_matches)
159 | 	uri_matches = re.findall('''\/[^\x2e\x00]+\.php''',blob)
160 | 	if uri_matches:
161 | 		config['URI'] = map(str,uri_matches)
162 | 
163 | 	#Check if this is a mem dumped DLL with already decoded config
164 | 	if config == {}:
165 | 		start = re.findall('''\x00\x01\x00\x01\x00\x02\x00.\x00\x02\x00\x01''',data)
166 | 		if len(start) > 0:
167 | 			start_offset = data.find(start[0])
168 | 			bs = beaconSettings(data[start_offset:])
169 | 			return bs.get_jsonify()
170 | 
171 | 
172 | 	return config
173 | 
174 | if __name__ == "__main__":
175 | 	data = open(sys.argv[1], 'rb').read()
176 | 	t = decoder(data)
177 | 	print(t)
178 | 


--------------------------------------------------------------------------------
/gozi/all_joiner.py:
--------------------------------------------------------------------------------
  1 | '''
  2 | Written by Jason Reaves - @sysopfb
  3 | Free to use, attribute properly.
  4 | 
  5 | '''
  6 | import pefile
  7 | import sys
  8 | import struct
  9 | import aplib
 10 | import binascii
 11 | import hashlib
 12 | import gozi_version
 13 | 
 14 | JOINER_SECTIONS = {0xe1285e64: "CRC_PUBLIC_KEY", 0x8fb1dde1: "CRC_CLIENT_INI", 0xd722afcb: "CRC_CLIENT_INI", 0x4f75cea7: "CRC_LOADER_DLL", 0x90f8aab5: "CRC_LOADER_DLL", 0x7a042a8a: "CRC_INSTALL_INI", 0x90f8aab4: "CRC_CLIENT64", 0x30802fd4: "ENCODED_LOADER_DLL", 0x9e154a0c: "CRC_LOADER_DLL"}
 15 | INI_PARAMS = {0x4fa8693e: "CRC_SERVERKEY", 0xd0665bf6: "CRC_HOSTS", 0x656b798a: "CRC_GROUP", 0x556aed8f: "CRC_SERVER", 0x11271c7f: "CONF_TIMEOUT", 0x48295783: "CONFIG_FAIL_TIMEOUT", 0xea9ea760: "CRC_BOOTSTRAP", 0x31277bd5: "CRC_TASKTIMEOUT",0x955879a6: "CRC_SENDTIMEOUT", 0x9fd13931: "CRC_BCSERVER", 0x6de85128: "CRC_BCTIMEOUT", 0xacc79a02: "CRC_KNOCKERTIMEOUT", 0x602c2c26: "CRC_KEYLOGLIST", 0x556aed8f: "CRC_SERVER", 0xd7a003c9: "CRC_CONFIGTIMEOUT", 0x18a632bb: "CRC_CONFIGFAILTIMEOUT", 0x73177345: "CRC_DGA_SEED_URL", 0x510f22d2: "CRC_TORSERVER", 0xec99df2e: "CRC_EXTERNALIP", 0xc61efa7a: "CRC_DGATLDS", 0xdf351e24: "CRC_32BITDOWNLOAD", 0x4b214f54: "CRC_64BITDOWNLOAD", 0xcd850e68: "DGA_CRC", 0xdf2e7488: "DGA_COUNT", 0x584e5925: "TIMER"}
 16 | 
 17 | class IniParams:
 18 | 	def __init__(self, count, iniParams):
 19 | 		self.count = count
 20 | 		self.ini_params = iniParams
 21 | 	
 22 | 	def put_param(self, param):
 23 | 		self.ini_params.append(param)
 24 | 
 25 | 	def get_jsonify(self):
 26 | 		ret_val = {}
 27 | 		for param in self.ini_params:
 28 | 			ret_val.update(param.get_jsonify())
 29 | 		return ret_val
 30 | 		
 31 | 	def __str__(self):
 32 | 		ret_val = ""
 33 | 		for param in self.ini_params:
 34 | 			ret_val += str(param)+'\n'
 35 | 		
 36 | 		return ret_val
 37 | 
 38 | class IniParam:
 39 | 	def __init__(self, hash, offset, data):
 40 | 		self.name = "UNKNOWN"
 41 | 		self.data = ""
 42 | 		if hash in INI_PARAMS.keys():
 43 | 			self.name = INI_PARAMS[hash]
 44 | 		self.data = data[offset:].split('\x00')[0]
 45 | 		self.hash = hash
 46 | 	
 47 | 	def get_name(self):
 48 | 		return self.name
 49 | 	def get_data(self):
 50 | 		return self.data
 51 | 	
 52 | 	def get_jsonify(self):
 53 | 		return({self.name:str(self.data)})
 54 | 
 55 | 	def __str__(self):
 56 | 		return(self.name+":"+hex(self.hash)+": "+str(self.data))
 57 | 
 58 | def pub_key_parse(data):
 59 | 	print("PUB KEY:")
 60 | 	print(binascii.hexlify(data))
 61 | 	return({"PUB_KEY": binascii.hexlify(data)})
 62 | 
 63 | def client_init_parse(data):
 64 | 	print("INI PARAMS:")
 65 | 	count = struct.unpack_from('<I', data)[0]
 66 | 	if count > 50:
 67 | 		print(binascii.hexlify(data))
 68 | 		count=min(15,len(data)/0x18)
 69 | 	params = IniParams(count,[])
 70 | 	
 71 | 	data = data[8:]
 72 | 	for i in range(count):
 73 | 		if data == '':
 74 | 			break
 75 | 		(hash,flag,offset,) = struct.unpack_from('<III', data)
 76 | 		params.put_param(IniParam(hash,offset,data))
 77 | 		data = data[0x18:]
 78 | 	
 79 | 	print(params)
 80 | 	return(params.get_jsonify())
 81 | 
 82 | def decode_loader_bot(data):
 83 | 	print("Encoded bot section found")
 84 | 	decoded = ""
 85 | 	last_key = 0
 86 | 	for i in range(len(data)/4):
 87 | 		temp = struct.unpack_from('<I', data[i*4:])[0]
 88 | 		temp2 = (temp - last_key) & 0xffffffff
 89 | 		last_key = temp
 90 | 		decoded += struct.pack('<I', temp2)
 91 | 	return(loader_dll_parse(decoded))
 92 | 
 93 | def loader_dll_parse(data):
 94 | 	print("loader_dll_parse called")
 95 | 	dll_data = {}
 96 | 	if 'MZ' != data[:2]:
 97 | 		data = bytearray('MZ\x90\x00'+data[4:])
 98 | 		pe_off = struct.unpack_from('<H', data[0x3c:])[0]
 99 | 		data[pe_off] = 'P'
100 | 		data[pe_off+1] = 'E'
101 | 		data = str(data)
102 | 	open('test_outmay.bin','wb').write(data)
103 | 	pe = pefile.PE(data=data)
104 | 	if pe.OPTIONAL_HEADER.Magic == 0x10b:
105 | 		bit = "32"
106 | 	else:
107 | 		bit = "64"
108 | 	print("DLL:")
109 | 	print("Bit: "+bit)
110 | 	print("MD5: "+hashlib.md5(data).hexdigest())
111 | 	dll_data.update({"MD5": hashlib.md5(data).hexdigest()})
112 | 	print("SHA256: "+hashlib.sha256(data).hexdigest())
113 | 	dll_data.update({"SHA256": hashlib.sha256(data).hexdigest()})
114 | 	print("IMPHASH: "+pe.get_imphash())
115 | 	dll_data.update({"IMPHASH": pe.get_imphash()})
116 | 	ret = parse_ini(data)
117 | 	ret.update(dll_data)
118 | 	return ({"DLL_"+bit:ret})
119 | 
120 | def install_ini_parse(data):
121 | 	print("CRC_INSTALL_INI: "+binascii.hexlify(data))
122 | 	return None
123 | 
124 | def client_64(data):
125 | 	print data[:50]
126 | 
127 | handlers = {"CRC_PUBLIC_KEY": pub_key_parse, "CRC_CLIENT_INI": client_init_parse, "CRC_LOADER_DLL": loader_dll_parse, "CRC_INSTALL_INI": install_ini_parse, "CRC_CLIENT64": client_64, "ENCODED_LOADER_DLL": decode_loader_bot}
128 | 
129 | def parse_ini(file_data, ADDON_MAGIC=["JJ", "JF", "J1"]):
130 | 	ret_val = {}
131 | 	try:
132 | 		pe = pefile.PE(data=file_data)
133 | 		file_data = pe.get_memory_mapped_image()
134 | 	except:
135 | 		file_data = bytearray(binascii.unhexlify('4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000') + file_data[60:])
136 | 		pe_offset = struct.unpack_from('<I', file_data[60:])[0]
137 | 		file_data[pe_offset] = 'P'
138 | 		file_data[pe_offset+1] = 'E'
139 | 		file_data = str(file_data)
140 | 	try:
141 | 		pe = pefile.PE(data=file_data)
142 | 	except:
143 | 		print("Bad PE file")
144 | 		return(ret_val)
145 | 
146 | 	#if len(sys.argv) > 2:
147 | 	#	ADDON_MAGIC = [sys.argv[2]]
148 | 	#else:
149 | 	#	ADDON_MAGIC = ["JF", "J1"]
150 | 	ver = gozi_version.get_gozi_ver(data)
151 | 	if ver != None:
152 | 		ret_val["VER"] =  str(ver)
153 | 
154 | 
155 | 	for magic in ADDON_MAGIC:
156 | 		index = 0
157 | 		for i in range(3):
158 | 			temp = file_data[index:].find(magic)
159 | 			if temp != -1:
160 | 				index += temp
161 | 				(magicVal,offset,length,section,) = struct.unpack_from('<IIII', file_data[index:])
162 | 				if length > len(file_data):
163 | 					(magicVal,flags,section,offset,length,) = struct.unpack_from('<IIIII', file_data[index:])
164 | 				if section in JOINER_SECTIONS.keys():
165 | 					print("offset: "+str(offset))
166 | 					handler = handlers[JOINER_SECTIONS[section]]
167 | 					compressed_data = file_data[offset:offset+length]
168 | 					#open(str(section), 'wb').write(compressed_data)
169 | 					if len(compressed_data) > 0:
170 | 						uncompressed = ""
171 | 						try:
172 | 							uncompressed = aplib.decompress(compressed_data).do()
173 | 							uncompressed = uncompressed[0]
174 | 							print("Calling handler")
175 | 							ret = handler(uncompressed)
176 | 							if ret != None:
177 | 								ret_val.update(ret)
178 | 						except:
179 | 							print("SECTION:"+hex(section)+":DECOMPRESS FAILURE Size:" + str(len(compressed_data)))
180 | 							ret = handler(compressed_data)
181 | 							if ret != None:
182 | 								ret_val.update(ret)
183 | 				else:
184 | 					try:
185 | 						compressed_data = file_data[offset:offset+length]
186 | 						#open(hex(section)+'_blahblah.bin', 'wb').write(compressed_data)
187 | 						uncompressed = aplib.decompress(compressed_data).do()
188 | 						if uncompressed[0][:2] == 'MZ':
189 | 							ret = loader_dll_parse(uncompressed[0])
190 | 							if ret != None:
191 | 								ret_val.update(ret)
192 | 						else:
193 | 							print("UNKNOWN SECTION: " +hex(section))
194 | 					except:
195 | 						print("UNKNOWN SECTION: " +hex(section))
196 | 				index += 1
197 | 			else:
198 | 				break
199 | 	print(ret_val)
200 | 	return ret_val
201 | 		
202 | 
203 | if __name__ == "__main__":
204 | 	data = open(sys.argv[1],'rb').read()
205 | 	r = parse_ini(data)
206 | 


--------------------------------------------------------------------------------
/goziv3/dream_decoder.py:
--------------------------------------------------------------------------------
  1 | '''
  2 | Written by Jason Reaves - @sysopfb
  3 | Free to use, attribute properly.
  4 | 
  5 | '''
  6 | import re
  7 | import pefile
  8 | import sys
  9 | import struct
 10 | import aplib
 11 | import binascii
 12 | import serpent2
 13 | from Crypto.PublicKey import RSA
 14 | 
 15 | JOINER_SECTIONS = {0xe1285e64: "CRC_PUBLIC_KEY", 0x8fb1dde1: "CRC_CLIENT_INI", 0xd722afcb: "CRC_CLIENT_INI", 0x7a042a8a: "CRC_INSTALL_INI", 0x90f8aab4: "CRC_CLIENT64", 0xda57d71a: "CRC_WORDLIST"}
 16 | INI_PARAMS = {0x4fa8693e: "CRC_SERVERKEY", 0xd0665bf6: "CRC_HOSTS", 0x656b798a: "CRC_GROUP", 0x556aed8f: "CRC_SERVER", 0x11271c7f: "CONF_TIMEOUT", 0x48295783: "CONFIG_FAIL_TIMEOUT", 0xea9ea760: "CRC_BOOTSTRAP", 0x31277bd5: "CRC_TASKTIMEOUT",0x955879a6: "CRC_SENDTIMEOUT", 0x9fd13931: "CRC_BCSERVER", 0x6de85128: "CRC_BCTIMEOUT", 0xacc79a02: "CRC_KNOCKERTIMEOUT", 0x602c2c26: "CRC_KEYLOGLIST", 0x556aed8f: "CRC_SERVER", 0xd7a003c9: "CRC_CONFIGTIMEOUT", 0x18a632bb: "CRC_CONFIGFAILTIMEOUT", 0x73177345: "CRC_DGA_SEED_URL", 0x510f22d2: "CRC_TORSERVER", 0xec99df2e: "CRC_EXTERNALIP", 0xc61efa7a: "CRC_DGATLDS", 0xdf351e24: "CRC_32BITDOWNLOAD", 0x4b214f54: "CRC_64BITDOWNLOAD", 0xcd850e68: "DGA_CRC", 0xdf2e7488: "DGA_COUNT", 0x584e5925: "TIMER"}
 17 | 
 18 | 
 19 | class IniParams:
 20 | 	def __init__(self, count, iniParams):
 21 | 		self.count = count
 22 | 		self.ini_params = iniParams
 23 | 	
 24 | 	def put_param(self, param):
 25 | 		self.ini_params.append(param)
 26 | 
 27 | 	def get_jsonify(self):
 28 | 		ret_val = {}
 29 | 		for param in self.ini_params:
 30 | 			ret_val.update(param.get_jsonify())
 31 | 		return ret_val
 32 | 		
 33 | 	def __str__(self):
 34 | 		ret_val = ""
 35 | 		for param in self.ini_params:
 36 | 			ret_val += str(param)+'\n'
 37 | 		
 38 | 		return ret_val
 39 | 
 40 | class IniParam:
 41 | 	def __init__(self, hash, offset, data):
 42 | 		self.name = "UNKNOWN"
 43 | 		self.data = ""
 44 | 		if hash in INI_PARAMS.keys():
 45 | 			self.name = INI_PARAMS[hash]
 46 | 		self.data = data[offset:].split('\x00')[0]
 47 | 		self.hash = hash
 48 | 	
 49 | 	def get_name(self):
 50 | 		return self.name
 51 | 	def get_data(self):
 52 | 		return self.data
 53 | 	
 54 | 	def get_jsonify(self):
 55 | 		return({self.name:str(self.data)})
 56 | 
 57 | 	def __str__(self):
 58 | 		return(self.name+":"+hex(self.hash)+": "+str(self.data))
 59 | 
 60 | def pub_key_parse(data):
 61 | 	print("PUB KEY:")
 62 | 	print(binascii.hexlify(data))
 63 | 	return({"PUB_KEY": binascii.hexlify(data)})
 64 | 
 65 | 
 66 | def gozi_decode_sect(keypub, data):
 67 | 	bits = keypub.size()+1
 68 | 	encBlock = data[-(bits/8):]
 69 | 	decBlock = keypub.encrypt(encBlock,0)[0]
 70 | 	#Code converted from Gozi source
 71 | 	decBlock = decBlock[2:]
 72 | 	for i in range(len(decBlock)):
 73 | 		if decBlock[i] != '\xff':
 74 | 			decBlock = decBlock[i:]
 75 | 			break
 76 | 
 77 | 	#\x00 is separator
 78 | 	if decBlock[0] == '\x00':
 79 | 		decBlock=decBlock[1:]
 80 | 
 81 | 	#New code stores a serp key 16 bytes in
 82 | 	#checkval = ord(decBlock[0]) - 1
 83 | 	data_length = len(data[:-(bits/8)]) & 0xfffffff0
 84 | 	serpKey = decBlock[16:32]
 85 | 
 86 | 	data = serpent2.serpent_cbc_decrypt(serpKey,data[:-128])
 87 | 	return(data)
 88 | 
 89 | 
 90 | def client_init_parse(keypub,data):
 91 | 	bits = keypub.size()+1
 92 | 	encBlock = data[-(bits/8):]
 93 | 	decBlock = keypub.encrypt(encBlock,0)[0]
 94 | 	#Code converted from Gozi source
 95 | 	decBlock = decBlock[2:]
 96 | 	for i in range(len(decBlock)):
 97 | 		if decBlock[i] != '\xff':
 98 | 			decBlock = decBlock[i:]
 99 | 			break
100 | 
101 | 	#\x00 is separator
102 | 	if decBlock[0] == '\x00':
103 | 		decBlock=decBlock[1:]
104 | 
105 | 	#New code stores a serp key 16 bytes in
106 | 	#checkval = ord(decBlock[0]) - 1
107 | 	data_length = len(data[:-(bits/8)]) & 0xfffffff0
108 | 	serpKey = decBlock[16:32]
109 | 
110 | 	data = serpent2.serpent_cbc_decrypt(serpKey,data[:-128])
111 | 
112 | 	print("INI PARAMS:")
113 | 	count = struct.unpack_from('<I', data)[0]
114 | 	params = IniParams(count,[])
115 | 	
116 | 	data = data[8:]
117 | 	for i in range(count):
118 | 		(hash,flag,offset,) = struct.unpack_from('<III', data)
119 | 		params.put_param(IniParam(hash,offset,data))
120 | 		data = data[0x18:]
121 | 	
122 | 	print(params)
123 | 	return(params.get_jsonify())
124 | 
125 | def convert_pubkey(data, decomp=True):
126 | 	if decomp:
127 | 		pub = aplib.decompress(data).do()[0]
128 | 	else:
129 | 		pub = data
130 | 	bit = struct.unpack_from('<I', pub)[0]
131 | 	mod = pub[4:(bit/8)+4]
132 | 	exp = pub[(bit/8)+4:]
133 | 
134 | 	mod = int(binascii.hexlify(mod),16)
135 | 	exp = int(binascii.hexlify(exp),16)
136 | 	keypub = RSA.construct((mod, long(exp)))
137 | 	pempub = keypub.exportKey('PEM')
138 | 	return((keypub, pempub))
139 | 
140 | def parse_wordlist(data):
141 | 	out = aplib.decompress(data).do()[0]
142 | 	return({"WORD_LIST": out})
143 | 
144 | handlers = {"CRC_PUBLIC_KEY": convert_pubkey, "CRC_CLIENT_INI": client_init_parse, "CRC_WORDLIST": parse_wordlist}
145 | 
146 | 
147 | def find_xor_table(data):
148 | 	ret_val = None
149 | 	items = re.split('''[\x00]{40,}''', data)
150 | 	items = filter(lambda x: len(x) > 40 and len(x) <100, items)
151 | 	for item in items:
152 | 		l = struct.unpack_from('<I', item)[0]
153 | 		if l == len(item)+4:
154 | 			ret_val = item
155 | 			break
156 | 	return ret_val
157 | 
158 | TEST = ""
159 | 
160 | def decoder(data):
161 | 	global TEST
162 | 	config = {}
163 | 	#data = open(sys.argv[1], 'rb').read()
164 | 
165 | 	#Check if need to memory map
166 | 	if data[0x400:0x500] != '\x00'*0x100 and data[:2] == 'MZ':
167 | 		pe = pefile.PE(data=data)
168 | 		data = pe.get_memory_mapped_image()
169 | 
170 | 	blob = find_xor_table(data)
171 | 	print(blob)
172 | 	#off = data.find('\x00\x00WD')
173 | 	#blob = data[off-2:]
174 | 	l = struct.unpack_from('<I', blob)[0]
175 | 	config['CONF_VAL'] = blob[4:6]
176 | 	blob = blob[8:]+'\x00\x00\x00\x00'
177 | 	#blob = blob[8:l]
178 | 	xor_hash = struct.unpack_from('<I', blob)[0]
179 | 	client_ini_data = None
180 | 	keypub = None
181 | 	#A list of tuples (need_decoded_flag, data, crc_hash)
182 | 	decoded_data = []
183 | 	while xor_hash != 0:
184 | 		blob = blob[4:]
185 | 		(val2, xorval, val3,) = struct.unpack_from('<III', blob)
186 | 		decompress_flag = xorval & 1
187 | 		blob = blob[12:]
188 | 		crc_hash = xorval ^ xor_hash
189 | 		offset = xorval ^ val3
190 | 		l = xorval^val2
191 | 		if crc_hash in JOINER_SECTIONS.keys():
192 | 			print(JOINER_SECTIONS[crc_hash])
193 | 			handler = handlers[JOINER_SECTIONS[crc_hash]]
194 | 			if JOINER_SECTIONS[crc_hash] == "CRC_PUBLIC_KEY":
195 | 				sect_data = data[offset:offset+l]
196 | 				(keypub,pempub) = handler(sect_data)
197 | 			elif JOINER_SECTIONS[crc_hash] == "CRC_CLIENT_INI":
198 | 				client_ini_data = data[offset:offset+l]
199 | 			else:
200 | 				if JOINER_SECTIONS[crc_hash] in handlers.keys():
201 | 					handler = handlers[JOINER_SECTIONS[crc_hash]]
202 | 					sect_data = data[offset:offset+l]
203 | 					config.update(handler(sect_data))
204 | 		else:
205 | 			print("CRC_HASH: "+hex(crc_hash))
206 | 			print("XOR_VAL: "+hex(xorval))
207 | 			sect_data = data[offset:offset+l]
208 | 			#Data with decompress flag is decompressed
209 | 			if decompress_flag == 1:
210 | 				sect_data = aplib.decompress(sect_data).do()[0]
211 | 				decoded_data.append((False, sect_data, crc_hash))
212 | 			#Else it's got the RSAPublicDecrypt + serpent + decompress
213 | 			else:
214 | 				decoded_data.append((True, sect_data, crc_hash))
215 | 				
216 | 		print("Length: "+hex(xorval^val2))
217 | 		print("offset: "+hex(xorval^val3))
218 | 		xor_hash = struct.unpack_from('<I', blob)[0]
219 | 
220 | 	#Sort the list first so smallest data goes first that way we always have pub key before modules
221 | 	decoded_data.sort(key=lambda tup: len(tup[1]))
222 | 
223 | 	mod_num = 1
224 | 	for item in decoded_data:
225 | 		flag = item[0]
226 | 		temp = item[1]
227 | 		hash = item[2]
228 | 		if flag == False:
229 | 			if struct.unpack_from('<I', temp)[0] == 1024:
230 | 				#pub key
231 | 				(keypub,pempub) = convert_pubkey(temp, False)
232 | 			else:
233 | 				config.update({hex(hash): temp})
234 | 		else:
235 | 			#Module?
236 | 			if len(temp) > 0x500:
237 | 				temp = gozi_decode_sect(keypub,temp)
238 | 				off = temp.find('M8Z')
239 | 				if off != -1:
240 | 					temp = aplib.decompress(temp[off:]).do()[0]
241 | 					config.update({'DLL_'+str(mod_num): decoder(temp)})
242 | 					mod_num += 1
243 | 			#ini params?
244 | 			else:
245 | 				client_ini_data = temp
246 | 
247 | 
248 | 	if type(keypub) != type(None):
249 | 		print("Pub key: " +pempub)
250 | 		config.update({'PUB_KEY': pempub})
251 | 		if client_ini_data != None:
252 | 			config.update(client_init_parse(keypub,client_ini_data))
253 | 	return(config)
254 | 
255 | if __name__ == "__main__":
256 | 	data = open(sys.argv[1], 'rb').read()
257 | 	t = decoder(data)
258 | 	print(t)
259 | 		
260 | 


--------------------------------------------------------------------------------
/goziv3/allv3_decoder.py:
--------------------------------------------------------------------------------
  1 | '''
  2 | Written by Jason Reaves - @sysopfb
  3 | Free to use, attribute properly.
  4 | 
  5 | '''
  6 | 
  7 | import re
  8 | import pefile
  9 | import sys
 10 | import struct
 11 | import aplib
 12 | import binascii
 13 | import serpent2
 14 | import gozi_version
 15 | from Crypto.PublicKey import RSA
 16 | 
 17 | JOINER_SECTIONS = {0xe1285e64: "CRC_PUBLIC_KEY", 0x8fb1dde1: "CRC_CLIENT_INI", 0xd722afcb: "CRC_CLIENT_INI", 0x7a042a8a: "CRC_INSTALL_INI", 0x90f8aab4: "CRC_CLIENT64", 0xda57d71a: "CRC_WORDLIST"}
 18 | INI_PARAMS = {0x4fa8693e: "CRC_SERVERKEY", 0xd0665bf6: "CRC_HOSTS", 0x656b798a: "CRC_GROUP", 0x556aed8f: "CRC_SERVER", 0x11271c7f: "CONF_TIMEOUT", 0x48295783: "CONFIG_FAIL_TIMEOUT", 0xea9ea760: "CRC_BOOTSTRAP", 0x31277bd5: "CRC_TASKTIMEOUT",0x955879a6: "CRC_SENDTIMEOUT", 0x9fd13931: "CRC_BCSERVER", 0x6de85128: "CRC_BCTIMEOUT", 0xacc79a02: "CRC_KNOCKERTIMEOUT", 0x602c2c26: "CRC_KEYLOGLIST", 0x556aed8f: "CRC_SERVER", 0xd7a003c9: "CRC_CONFIGTIMEOUT", 0x18a632bb: "CRC_CONFIGFAILTIMEOUT", 0x73177345: "CRC_DGA_SEED_URL", 0x510f22d2: "CRC_TORSERVER", 0xec99df2e: "CRC_EXTERNALIP", 0xc61efa7a: "CRC_DGATLDS", 0xdf351e24: "CRC_32BITDOWNLOAD", 0x4b214f54: "CRC_64BITDOWNLOAD", 0xcd850e68: "DGA_CRC", 0xdf2e7488: "DGA_COUNT", 0x584e5925: "TIMER"}
 19 | 
 20 | 
 21 | class IniParams:
 22 | 	def __init__(self, count, iniParams):
 23 | 		self.count = count
 24 | 		self.ini_params = iniParams
 25 | 	
 26 | 	def put_param(self, param):
 27 | 		self.ini_params.append(param)
 28 | 
 29 | 	def get_jsonify(self):
 30 | 		ret_val = {}
 31 | 		for param in self.ini_params:
 32 | 			ret_val.update(param.get_jsonify())
 33 | 		return ret_val
 34 | 		
 35 | 	def __str__(self):
 36 | 		ret_val = ""
 37 | 		for param in self.ini_params:
 38 | 			ret_val += str(param)+'\n'
 39 | 		
 40 | 		return ret_val
 41 | 
 42 | class IniParam:
 43 | 	def __init__(self, hash, offset, data):
 44 | 		self.name = "UNKNOWN"
 45 | 		self.data = ""
 46 | 		if hash in INI_PARAMS.keys():
 47 | 			self.name = INI_PARAMS[hash]
 48 | 		self.data = data[offset:].split('\x00')[0]
 49 | 		self.hash = hash
 50 | 	
 51 | 	def get_name(self):
 52 | 		return self.name
 53 | 	def get_data(self):
 54 | 		return self.data
 55 | 	
 56 | 	def get_jsonify(self):
 57 | 		return({self.name:str(self.data)})
 58 | 
 59 | 	def __str__(self):
 60 | 		return(self.name+":"+hex(self.hash)+": "+str(self.data))
 61 | 
 62 | def pub_key_parse(data):
 63 | 	print("PUB KEY:")
 64 | 	print(binascii.hexlify(data))
 65 | 	return({"PUB_KEY": binascii.hexlify(data)})
 66 | 
 67 | 
 68 | def gozi_decode_sect(keypub, data):
 69 | 	bits = keypub.size()+1
 70 | 	encBlock = data[-(bits/8):]
 71 | 	decBlock = keypub.encrypt(encBlock,0)[0]
 72 | 	#Code converted from Gozi source
 73 | 	decBlock = decBlock[2:]
 74 | 	for i in range(len(decBlock)):
 75 | 		if decBlock[i] != '\xff':
 76 | 			decBlock = decBlock[i:]
 77 | 			break
 78 | 
 79 | 	#\x00 is separator
 80 | 	if decBlock[0] == '\x00':
 81 | 		decBlock=decBlock[1:]
 82 | 
 83 | 	#New code stores a serp key 16 bytes in
 84 | 	#checkval = ord(decBlock[0]) - 1
 85 | 	data_length = len(data[:-(bits/8)]) & 0xfffffff0
 86 | 	serpKey = decBlock[16:32]
 87 | 
 88 | 	data = serpent2.serpent_cbc_decrypt(serpKey,data[:-128])
 89 | 	return(data)
 90 | 
 91 | 
 92 | def client_init_parse(keypub,data):
 93 | 	bits = keypub.size()+1
 94 | 	encBlock = data[-(bits/8):]
 95 | 	decBlock = keypub.encrypt(encBlock,0)[0]
 96 | 	#Code converted from Gozi source
 97 | 	decBlock = decBlock[2:]
 98 | 	for i in range(len(decBlock)):
 99 | 		if decBlock[i] != '\xff':
100 | 			decBlock = decBlock[i:]
101 | 			break
102 | 
103 | 	#\x00 is separator
104 | 	if decBlock[0] == '\x00':
105 | 		decBlock=decBlock[1:]
106 | 
107 | 	#New code stores a serp key 16 bytes in
108 | 	#checkval = ord(decBlock[0]) - 1
109 | 	data_length = len(data[:-(bits/8)]) & 0xfffffff0
110 | 	serpKey = decBlock[16:32]
111 | 
112 | 	data = serpent2.serpent_cbc_decrypt(serpKey,data[:-128])
113 | 
114 | 	print("INI PARAMS:")
115 | 	count = struct.unpack_from('<I', data)[0]
116 | 	params = IniParams(count,[])
117 | 	
118 | 	data = data[8:]
119 | 	for i in range(count):
120 | 		(hash,flag,offset,) = struct.unpack_from('<III', data)
121 | 		params.put_param(IniParam(hash,offset,data))
122 | 		data = data[0x18:]
123 | 	
124 | 	print(params)
125 | 	return(params.get_jsonify())
126 | 
127 | def convert_pubkey(data, decomp=True):
128 | 	if decomp:
129 | 		pub = aplib.decompress(data).do()[0]
130 | 	else:
131 | 		pub = data
132 | 	bit = struct.unpack_from('<I', pub)[0]
133 | 	mod = pub[4:(bit/8)+4]
134 | 	exp = pub[(bit/8)+4:]
135 | 
136 | 	mod = int(binascii.hexlify(mod),16)
137 | 	exp = int(binascii.hexlify(exp),16)
138 | 	keypub = RSA.construct((mod, long(exp)))
139 | 	pempub = keypub.exportKey('PEM')
140 | 	return((keypub, pempub))
141 | 
142 | def parse_wordlist(data):
143 | 	out = aplib.decompress(data).do()[0]
144 | 	return({"WORD_LIST": out})
145 | 
146 | handlers = {"CRC_PUBLIC_KEY": convert_pubkey, "CRC_CLIENT_INI": client_init_parse, "CRC_WORDLIST": parse_wordlist}
147 | 
148 | 
149 | def find_xor_table(data):
150 | 	ret_val = None
151 | 	items = re.split('''[\x00]{40,}''', data)
152 | 	items = filter(lambda x: len(x) > 40 and len(x) <100, items)
153 | 	for item in items:
154 | 		l = struct.unpack_from('<I', item)[0]
155 | 		if l == len(item)+4:
156 | 			ret_val = item
157 | 			break
158 | 	return ret_val
159 | 
160 | def try_to_fix_mangled_dll(data):
161 | 	(dc,dc,dc,dc,sz) = struct.unpack_from('<IIIII', data)
162 | 	if sz > 0x30000:
163 | 		return None
164 | 	ret_out = '\x00'*sz
165 | 	num_secs = struct.unpack_from('<H', data[0x62:])[0]
166 | 	temp = data[0x6c-4:]
167 | 	if num_secs >30:
168 | 		return None
169 | 	for i in range(num_secs):
170 | 		(to_off,final_l,from_off,l) = struct.unpack_from('<IIII', temp)
171 | 		ret_out = ret_out[:to_off]+data[from_off:from_off+l]+ret_out[to_off+l:]
172 | 		temp = temp[0x14:]
173 | 	return ret_out
174 | 
175 | TEST = ""
176 | 
177 | def decoder(data):
178 | 	global TEST
179 | 	config = {}
180 | 	#data = open(sys.argv[1], 'rb').read()
181 | 
182 | 	#Check if need to memory map
183 | 	if data[0x400:0x500] != '\x00'*0x100 and data[:2] == 'MZ':
184 | 		pe = pefile.PE(data=data)
185 | 		data = pe.get_memory_mapped_image()
186 | 
187 | 	blob = find_xor_table(data)
188 | 	if blob == None and data[:2] == "PX":
189 | 		print("MANGLED DLL!")
190 | 		off = data.find('\x00\x00WD')
191 | 		blob = data[off-2:]
192 | 		temp = try_to_fix_mangled_dll(data)
193 | 		if temp != None:
194 | 			data = temp
195 | 	ver = gozi_version.get_gozi_ver(data)
196 | 	if ver != None:
197 | 		config["VER"] = str(ver)
198 | 
199 | 		
200 | 	l = struct.unpack_from('<I', blob)[0]
201 | 	config['CONF_VAL'] = blob[4:6]
202 | 	blob = blob[8:]+'\x00\x00\x00\x00'
203 | 	#blob = blob[8:l]
204 | 	xor_hash = struct.unpack_from('<I', blob)[0]
205 | 	client_ini_data = None
206 | 	keypub = None
207 | 	#A list of tuples (need_decoded_flag, data, crc_hash)
208 | 	decoded_data = []
209 | 	while xor_hash != 0:
210 | 		blob = blob[4:]
211 | 		(val2, xorval, val3,) = struct.unpack_from('<III', blob)
212 | 		if xor_hash ^ xorval < 0x50000:
213 | 			#we need to fix the values
214 | 			xorval,val2 = val2,xorval
215 | 			xorval,xor_hash=xor_hash,xorval
216 | 		decompress_flag = xorval & 1
217 | 		blob = blob[12:]
218 | 		crc_hash = xorval ^ xor_hash
219 | 		offset = xorval ^ val3
220 | 		l = xorval^val2
221 | 		if crc_hash in JOINER_SECTIONS.keys():
222 | 			print(JOINER_SECTIONS[crc_hash])
223 | 			handler = handlers[JOINER_SECTIONS[crc_hash]]
224 | 			if JOINER_SECTIONS[crc_hash] == "CRC_PUBLIC_KEY":
225 | 				sect_data = data[offset:offset+l]
226 | 				(keypub,pempub) = handler(sect_data)
227 | 			elif JOINER_SECTIONS[crc_hash] == "CRC_CLIENT_INI":
228 | 				client_ini_data = data[offset:offset+l]
229 | 			else:
230 | 				if JOINER_SECTIONS[crc_hash] in handlers.keys():
231 | 					handler = handlers[JOINER_SECTIONS[crc_hash]]
232 | 					sect_data = data[offset:offset+l]
233 | 					config.update(handler(sect_data))
234 | 		else:
235 | 			print("CRC_HASH: "+hex(crc_hash))
236 | 			print("XOR_VAL: "+hex(xorval))
237 | 			sect_data = data[offset:offset+l]
238 | 			#Data with decompress flag is decompressed
239 | 			if decompress_flag == 1:
240 | 				sect_data = aplib.decompress(sect_data).do()[0]
241 | 				decoded_data.append((False, sect_data, crc_hash))
242 | 			#Else it's got the RSAPublicDecrypt + serpent + decompress
243 | 			else:
244 | 				decoded_data.append((True, sect_data, crc_hash))
245 | 				
246 | 		print("Length: "+hex(xorval^val2))
247 | 		print("offset: "+hex(xorval^val3))
248 | 		xor_hash = struct.unpack_from('<I', blob)[0]
249 | 
250 | 	#Sort the list first so smallest data goes first that way we always have pub key before modules
251 | 	decoded_data.sort(key=lambda tup: len(tup[1]))
252 | 
253 | 	mod_num = 1
254 | 	for item in decoded_data:
255 | 		flag = item[0]
256 | 		temp = item[1]
257 | 		hash = item[2]
258 | 		if flag == False:
259 | 			if struct.unpack_from('<I', temp)[0] == 1024:
260 | 				#pub key
261 | 				(keypub,pempub) = convert_pubkey(temp, False)
262 | 			elif 'PX' == temp[:2]:
263 | 				#Stripped DLL
264 | 				config.update({'DLL_'+str(mod_num): decoder(temp)})
265 | 				mod_num += 1
266 | 			else:
267 | 				config.update({hex(hash): temp})
268 | 		else:
269 | 			#Module?
270 | 			if len(temp) > 0x500:
271 | 				temp = gozi_decode_sect(keypub,temp)
272 | 				off = temp.find('M8Z')
273 | 				if off != -1:
274 | 					temp = aplib.decompress(temp[off:]).do()[0]
275 | 					#open('DLL_'+str(mod_num)+'.dll', 'wb').write(temp)
276 | 					config.update({'DLL_'+str(mod_num): decoder(temp)})
277 | 					mod_num += 1
278 | 			#ini params?
279 | 			else:
280 | 				client_ini_data = temp
281 | 
282 | 
283 | 	if type(keypub) != type(None):
284 | 		print("Pub key: " +pempub)
285 | 		config.update({'PUB_KEY': pempub})
286 | 		if client_ini_data != None:
287 | 			config.update(client_init_parse(keypub,client_ini_data))
288 | 	return(config)
289 | 
290 | if __name__ == "__main__":
291 | 	data = open(sys.argv[1], 'rb').read()
292 | 	t = decoder(data)
293 | 	print(t)
294 | 		
295 | 


--------------------------------------------------------------------------------
/gozi/aplib.py:
--------------------------------------------------------------------------------
  1 | # this is a standalone single-file merge of aplib compression and decompression
  2 | # taken from my own library Kabopan http://code.google.com/p/kabopan/
  3 | # (no other clean-up or improvement)
  4 | 
  5 | # Ange Albertini, BSD Licence, 2007-2011
  6 | 
  7 | # from kbp\comp\_lz77.py  ##################################################
  8 | def find_longest_match(s, sub):
  9 |     """returns the number of byte to look backward and the length of byte to copy)"""
 10 |     if sub == "":
 11 |         return 0, 0
 12 |     limit = len(s)
 13 |     dic = s[:]
 14 |     l = 0
 15 |     offset = 0
 16 |     length = 0
 17 |     first = 0
 18 |     word = ""
 19 | 
 20 |     word += sub[l]
 21 |     pos = dic.rfind(word, 0, limit + 1)
 22 |     if pos == -1:
 23 |         return offset, length
 24 | 
 25 |     offset = limit - pos
 26 |     length = len(word)
 27 |     dic += sub[l]
 28 | 
 29 |     while l < len(sub) - 1:
 30 |         l += 1
 31 |         word += sub[l]
 32 | 
 33 |         pos = dic.rfind(word, 0, limit + 1)
 34 |         if pos == -1:
 35 |             return offset, length
 36 |         offset = limit - pos
 37 |         length = len(word)
 38 |         dic += sub[l]
 39 |     return offset, length
 40 | 
 41 | # from _misc.py ###############################
 42 | 
 43 | def int2lebin(value, size):
 44 |     """ouputs value in binary, as little-endian"""
 45 |     result = ""
 46 |     for i in xrange(size):
 47 |         result = result + chr((value >> (8 * i)) & 0xFF )
 48 |     return result
 49 | 
 50 | def modifystring(s, sub, offset):
 51 |     """overwrites 'sub' at 'offset' of 's'"""
 52 |     return s[:offset] + sub + s[offset + len(sub):]
 53 | 
 54 | def getbinlen(value):
 55 |     """return the bit length of an integer"""
 56 |     result = 0
 57 |     if value == 0:
 58 |         return 1
 59 |     while value != 0:
 60 |         value >>= 1
 61 |         result += 1
 62 |     return result
 63 | 
 64 | # from kbp\_bits.py  #################################
 65 | class _bits_compress():
 66 |     """bit machine for variable-sized auto-reloading tag compression"""
 67 |     def __init__(self, tagsize):
 68 |         """tagsize is the number of bytes that takes the tag"""
 69 |         self.out = ""
 70 | 
 71 |         self.__tagsize = tagsize
 72 |         self.__tag = 0
 73 |         self.__tagoffset = -1
 74 |         self.__maxbit = (self.__tagsize * 8) - 1
 75 |         self.__curbit = 0
 76 |         self.__isfirsttag = True
 77 | 
 78 | 
 79 |     def getdata(self):
 80 |         """builds an output string of what's currently compressed:
 81 |         currently output bit + current tag content"""
 82 |         tagstr = int2lebin(self.__tag, self.__tagsize)
 83 |         return modifystring(self.out, tagstr, self.__tagoffset)
 84 | 
 85 |     def write_bit(self, value):
 86 |         """writes a bit, make space for the tag if necessary"""
 87 |         if self.__curbit != 0:
 88 |             self.__curbit -= 1
 89 |         else:
 90 |             if self.__isfirsttag:
 91 |                 self.__isfirsttag = False
 92 |             else:
 93 |                 self.out = self.getdata()
 94 |             self.__tagoffset = len(self.out)
 95 |             self.out += "".join(["\x00"] * self.__tagsize)
 96 |             self.__curbit = self.__maxbit
 97 |             self.__tag = 0
 98 | 
 99 |         if value:
100 |             self.__tag |= (1 << self.__curbit)
101 |         return
102 | 
103 |     def write_bitstring(self, s):
104 |         """write a string of bits"""
105 |         for c in s:
106 |             self.write_bit(0 if c == "0" else 1)
107 |         return
108 | 
109 |     def write_byte(self, b):
110 |         """writes a char or a number"""
111 |         assert len(b) == 1 if isinstance(b, str) else 0 <= b <= 255
112 |         self.out += b[0:1] if isinstance(b, str) else chr(b)
113 |         return
114 | 
115 |     def write_fixednumber(self, value, nbbit):
116 |         """write a value on a fixed range of bits"""
117 |         for i in xrange(nbbit - 1, -1, -1):
118 |             self.write_bit( (value >> i) & 1)
119 |         return
120 | 
121 |     def write_variablenumber(self, value):
122 |         assert value >= 2
123 | 
124 |         length = getbinlen(value) - 2 # the highest bit is 1
125 |         self.write_bit(value & (1 << length))
126 |         for i in xrange(length - 1, -1, -1):
127 |             self.write_bit(1)
128 |             self.write_bit(value & (1 << i))
129 |         self.write_bit(0)
130 |         return
131 | 
132 | class _bits_decompress():
133 |     """bit machine for variable-sized auto-reloading tag decompression"""
134 |     def __init__(self, data, tagsize):
135 |         self.__curbit = 0
136 |         self.__offset = 0
137 |         self.__tag = None
138 |         self.__tagsize = tagsize
139 |         self.__in = data
140 |         self.out = ""
141 | 
142 |     def getoffset(self):
143 |         """return the current byte offset"""
144 |         return self.__offset
145 | 
146 | #    def getdata(self):
147 | #        return self.__lzdata
148 | 
149 |     def read_bit(self):
150 |         """read next bit from the stream, reloads the tag if necessary"""
151 |         if self.__curbit != 0:
152 |             self.__curbit -= 1
153 |         else:
154 |             self.__curbit = (self.__tagsize * 8) - 1
155 |             self.__tag = ord(self.read_byte())
156 |             for i in xrange(self.__tagsize - 1):
157 |                 self.__tag += ord(self.read_byte()) << (8 * (i + 1))
158 | 
159 |         bit = (self.__tag  >> ((self.__tagsize * 8) - 1)) & 0x01
160 |         self.__tag <<= 1
161 |         return bit
162 | 
163 |     def is_end(self):
164 |         return self.__offset == len(self.__in) and self.__curbit == 1
165 | 
166 |     def read_byte(self):
167 |         """read next byte from the stream"""
168 |         if type(self.__in) == str:
169 |             result = self.__in[self.__offset]
170 |         elif type(self.__in) == file:
171 |             result = self.__in.read(1)
172 |         self.__offset += 1
173 |         return result
174 | 
175 |     def read_fixednumber(self, nbbit, init=0):
176 |         """reads a fixed bit-length number"""
177 |         result = init
178 |         for i in xrange(nbbit):
179 |             result = (result << 1)  + self.read_bit()
180 |         return result
181 | 
182 |     def read_variablenumber(self):
183 |         """return a variable bit-length number x, x >= 2
184 | 
185 |         reads a bit until the next bit in the pair is not set"""
186 |         result = 1
187 |         result = (result << 1) + self.read_bit()
188 |         while self.read_bit():
189 |             result = (result << 1) + self.read_bit()
190 |         return result
191 | 
192 |     def read_setbits(self, max_, set_=1):
193 |         """read bits as long as their set or a maximum is reached"""
194 |         result = 0
195 |         while result < max_ and self.read_bit() == set_:
196 |             result += 1
197 |         return result
198 | 
199 |     def back_copy(self, offset, length=1):
200 |         for i in xrange(length):
201 |             self.out += self.out[-offset]
202 |         return
203 | 
204 |     def read_literal(self, value=None):
205 |         if value is None:
206 |             self.out += self.read_byte()
207 |         else:
208 |             self.out += value
209 |         return False
210 | 
211 | # from kbp\comp\aplib.py ###################################################
212 | """
213 | aPLib, LZSS based lossless compression algorithm
214 | 
215 | Jorgen Ibsen U{http://www.ibsensoftware.com}
216 | """
217 | 
218 | def lengthdelta(offset):
219 |     if offset < 0x80 or 0x7D00 <= offset:
220 |         return 2
221 |     elif 0x500 <= offset:
222 |         return 1
223 |     return 0
224 | 
225 | class compress(_bits_compress):
226 |     """
227 |     aplib compression is based on lz77
228 |     """
229 |     def __init__(self, data, length=None):
230 |         _bits_compress.__init__(self, 1)
231 |         self.__in = data
232 |         self.__length = length if length is not None else len(data)
233 |         self.__offset = 0
234 |         self.__lastoffset = 0
235 |         self.__pair = True
236 |         return
237 | 
238 |     def __literal(self, marker=True):
239 |         if marker:
240 |             self.write_bit(0)
241 |         self.write_byte(self.__in[self.__offset])
242 |         self.__offset += 1
243 |         self.__pair = True
244 |         return
245 | 
246 |     def __block(self, offset, length):
247 |         assert offset >= 2
248 |         self.write_bitstring("10")
249 | 
250 |         # if the last operations were literal or single byte
251 |         # and the offset is unchanged since the last block copy
252 |         # we can just store a 'null' offset and the length
253 |         if self.__pair and self.__lastoffset == offset:
254 |             self.write_variablenumber(2)    # 2-
255 |             self.write_variablenumber(length)
256 |         else:
257 |             high = (offset >> 8) + 2
258 |             if self.__pair:
259 |                 high += 1
260 |             self.write_variablenumber(high)
261 |             low = offset & 0xFF
262 |             self.write_byte(low)
263 |             self.write_variablenumber(length - lengthdelta(offset))
264 |         self.__offset += length
265 |         self.__lastoffset = offset
266 |         self.__pair = False
267 |         return
268 | 
269 |     def __shortblock(self, offset, length):
270 |         assert 2 <= length <= 3
271 |         assert 0 < offset <= 127
272 |         self.write_bitstring("110")
273 |         b = (offset << 1 ) + (length - 2)
274 |         self.write_byte(b)
275 |         self.__offset += length
276 |         self.__lastoffset = offset
277 |         self.__pair = False
278 |         return
279 | 
280 |     def __singlebyte(self, offset):
281 |         assert 0 <= offset < 16
282 |         self.write_bitstring("111")
283 |         self.write_fixednumber(offset, 4)
284 |         self.__offset += 1
285 |         self.__pair = True
286 |         return
287 | 
288 |     def __end(self):
289 |         self.write_bitstring("110")
290 |         self.write_byte(chr(0))
291 |         return
292 | 
293 |     def do(self):
294 |         self.__literal(False)
295 |         while self.__offset < self.__length:
296 |             offset, length = find_longest_match(self.__in[:self.__offset],
297 |                 self.__in[self.__offset:])
298 |             if length == 0:
299 |                 c = self.__in[self.__offset]
300 |                 if c == "\x00":
301 |                     self.__singlebyte(0)
302 |                 else:
303 |                     self.__literal()
304 |             elif length == 1 and 0 <= offset < 16:
305 |                 self.__singlebyte(offset)
306 |             elif 2 <= length <= 3 and 0 < offset <= 127:
307 |                 self.__shortblock(offset, length)
308 |             elif 3 <= length and 2 <= offset:
309 |                 self.__block(offset, length)
310 |             else:
311 |                 self.__literal()
312 |                 #raise ValueError("no parsing found", offset, length)
313 |         self.__end()
314 |         return self.getdata()
315 | 
316 | 
317 | class decompress(_bits_decompress):
318 |     def __init__(self, data):
319 |         _bits_decompress.__init__(self, data, tagsize=1)
320 |         self.__pair = True    # paired sequence
321 |         self.__lastoffset = 0
322 |         self.__functions = [
323 |             self.__literal,
324 |             self.__block,
325 |             self.__shortblock,
326 |             self.__singlebyte]
327 |         return
328 | 
329 |     def __literal(self):
330 |         self.read_literal()
331 |         self.__pair = True
332 |         return False
333 | 
334 |     def __block(self):
335 |         b = self.read_variablenumber()    # 2-
336 |         if b == 2 and self.__pair :    # reuse the same offset
337 |             offset = self.__lastoffset
338 |             length = self.read_variablenumber()    # 2-
339 |         else:
340 |             high = b - 2    # 0-
341 |             if self.__pair:
342 |                 high -= 1
343 |             offset = (high << 8) + ord(self.read_byte())
344 |             length = self.read_variablenumber()    # 2-
345 |             length += lengthdelta(offset)
346 |         self.__lastoffset = offset
347 |         self.back_copy(offset, length)
348 |         self.__pair = False
349 |         return False
350 | 
351 |     def __shortblock(self):
352 |         b = ord(self.read_byte())
353 |         if b <= 1:    # likely 0
354 |             return True
355 |         length = 2 + (b & 0x01)    # 2-3
356 |         offset = b >> 1    # 1-127
357 |         self.back_copy(offset, length)
358 |         self.__lastoffset = offset
359 |         self.__pair = False
360 |         return False
361 | 
362 |     def __singlebyte(self):
363 |         offset = self.read_fixednumber(4) # 0-15
364 |         if offset:
365 |             self.back_copy(offset)
366 |         else:
367 |             self.read_literal('\x00')
368 |         self.__pair = True
369 |         return False
370 | 
371 |     def do(self):
372 |         """returns decompressed buffer and consumed bytes counter"""
373 |         self.read_literal()
374 |         while True:
375 |             if self.__functions[self.read_setbits(3)]():
376 |                 break
377 |         return self.out, self.getoffset()
378 | 
379 | if __name__ == "__main__":
380 | # from kbp\test\aplib_test.py ######################################################################
381 |     assert decompress(compress("a").do()).do() == ("a", 3)
382 |     assert decompress(compress("ababababababab").do()).do() == ('ababababababab', 9)
383 |     assert decompress(compress("aaaaaaaaaaaaaacaaaaaa").do()).do() == ('aaaaaaaaaaaaaacaaaaaa', 11)
384 | 
385 | 


--------------------------------------------------------------------------------
/goziv3/aplib.py:
--------------------------------------------------------------------------------
  1 | # this is a standalone single-file merge of aplib compression and decompression
  2 | # taken from my own library Kabopan http://code.google.com/p/kabopan/
  3 | # (no other clean-up or improvement)
  4 | 
  5 | # Ange Albertini, BSD Licence, 2007-2011
  6 | 
  7 | # from kbp\comp\_lz77.py  ##################################################
  8 | def find_longest_match(s, sub):
  9 |     """returns the number of byte to look backward and the length of byte to copy)"""
 10 |     if sub == "":
 11 |         return 0, 0
 12 |     limit = len(s)
 13 |     dic = s[:]
 14 |     l = 0
 15 |     offset = 0
 16 |     length = 0
 17 |     first = 0
 18 |     word = ""
 19 | 
 20 |     word += sub[l]
 21 |     pos = dic.rfind(word, 0, limit + 1)
 22 |     if pos == -1:
 23 |         return offset, length
 24 | 
 25 |     offset = limit - pos
 26 |     length = len(word)
 27 |     dic += sub[l]
 28 | 
 29 |     while l < len(sub) - 1:
 30 |         l += 1
 31 |         word += sub[l]
 32 | 
 33 |         pos = dic.rfind(word, 0, limit + 1)
 34 |         if pos == -1:
 35 |             return offset, length
 36 |         offset = limit - pos
 37 |         length = len(word)
 38 |         dic += sub[l]
 39 |     return offset, length
 40 | 
 41 | # from _misc.py ###############################
 42 | 
 43 | def int2lebin(value, size):
 44 |     """ouputs value in binary, as little-endian"""
 45 |     result = ""
 46 |     for i in xrange(size):
 47 |         result = result + chr((value >> (8 * i)) & 0xFF )
 48 |     return result
 49 | 
 50 | def modifystring(s, sub, offset):
 51 |     """overwrites 'sub' at 'offset' of 's'"""
 52 |     return s[:offset] + sub + s[offset + len(sub):]
 53 | 
 54 | def getbinlen(value):
 55 |     """return the bit length of an integer"""
 56 |     result = 0
 57 |     if value == 0:
 58 |         return 1
 59 |     while value != 0:
 60 |         value >>= 1
 61 |         result += 1
 62 |     return result
 63 | 
 64 | # from kbp\_bits.py  #################################
 65 | class _bits_compress():
 66 |     """bit machine for variable-sized auto-reloading tag compression"""
 67 |     def __init__(self, tagsize):
 68 |         """tagsize is the number of bytes that takes the tag"""
 69 |         self.out = ""
 70 | 
 71 |         self.__tagsize = tagsize
 72 |         self.__tag = 0
 73 |         self.__tagoffset = -1
 74 |         self.__maxbit = (self.__tagsize * 8) - 1
 75 |         self.__curbit = 0
 76 |         self.__isfirsttag = True
 77 | 
 78 | 
 79 |     def getdata(self):
 80 |         """builds an output string of what's currently compressed:
 81 |         currently output bit + current tag content"""
 82 |         tagstr = int2lebin(self.__tag, self.__tagsize)
 83 |         return modifystring(self.out, tagstr, self.__tagoffset)
 84 | 
 85 |     def write_bit(self, value):
 86 |         """writes a bit, make space for the tag if necessary"""
 87 |         if self.__curbit != 0:
 88 |             self.__curbit -= 1
 89 |         else:
 90 |             if self.__isfirsttag:
 91 |                 self.__isfirsttag = False
 92 |             else:
 93 |                 self.out = self.getdata()
 94 |             self.__tagoffset = len(self.out)
 95 |             self.out += "".join(["\x00"] * self.__tagsize)
 96 |             self.__curbit = self.__maxbit
 97 |             self.__tag = 0
 98 | 
 99 |         if value:
100 |             self.__tag |= (1 << self.__curbit)
101 |         return
102 | 
103 |     def write_bitstring(self, s):
104 |         """write a string of bits"""
105 |         for c in s:
106 |             self.write_bit(0 if c == "0" else 1)
107 |         return
108 | 
109 |     def write_byte(self, b):
110 |         """writes a char or a number"""
111 |         assert len(b) == 1 if isinstance(b, str) else 0 <= b <= 255
112 |         self.out += b[0:1] if isinstance(b, str) else chr(b)
113 |         return
114 | 
115 |     def write_fixednumber(self, value, nbbit):
116 |         """write a value on a fixed range of bits"""
117 |         for i in xrange(nbbit - 1, -1, -1):
118 |             self.write_bit( (value >> i) & 1)
119 |         return
120 | 
121 |     def write_variablenumber(self, value):
122 |         assert value >= 2
123 | 
124 |         length = getbinlen(value) - 2 # the highest bit is 1
125 |         self.write_bit(value & (1 << length))
126 |         for i in xrange(length - 1, -1, -1):
127 |             self.write_bit(1)
128 |             self.write_bit(value & (1 << i))
129 |         self.write_bit(0)
130 |         return
131 | 
132 | class _bits_decompress():
133 |     """bit machine for variable-sized auto-reloading tag decompression"""
134 |     def __init__(self, data, tagsize):
135 |         self.__curbit = 0
136 |         self.__offset = 0
137 |         self.__tag = None
138 |         self.__tagsize = tagsize
139 |         self.__in = data
140 |         self.out = ""
141 | 
142 |     def getoffset(self):
143 |         """return the current byte offset"""
144 |         return self.__offset
145 | 
146 | #    def getdata(self):
147 | #        return self.__lzdata
148 | 
149 |     def read_bit(self):
150 |         """read next bit from the stream, reloads the tag if necessary"""
151 |         if self.__curbit != 0:
152 |             self.__curbit -= 1
153 |         else:
154 |             self.__curbit = (self.__tagsize * 8) - 1
155 |             self.__tag = ord(self.read_byte())
156 |             for i in xrange(self.__tagsize - 1):
157 |                 self.__tag += ord(self.read_byte()) << (8 * (i + 1))
158 | 
159 |         bit = (self.__tag  >> ((self.__tagsize * 8) - 1)) & 0x01
160 |         self.__tag <<= 1
161 |         return bit
162 | 
163 |     def is_end(self):
164 |         return self.__offset == len(self.__in) and self.__curbit == 1
165 | 
166 |     def read_byte(self):
167 |         """read next byte from the stream"""
168 |         if type(self.__in) == str:
169 |             result = self.__in[self.__offset]
170 |         elif type(self.__in) == file:
171 |             result = self.__in.read(1)
172 |         self.__offset += 1
173 |         return result
174 | 
175 |     def read_fixednumber(self, nbbit, init=0):
176 |         """reads a fixed bit-length number"""
177 |         result = init
178 |         for i in xrange(nbbit):
179 |             result = (result << 1)  + self.read_bit()
180 |         return result
181 | 
182 |     def read_variablenumber(self):
183 |         """return a variable bit-length number x, x >= 2
184 | 
185 |         reads a bit until the next bit in the pair is not set"""
186 |         result = 1
187 |         result = (result << 1) + self.read_bit()
188 |         while self.read_bit():
189 |             result = (result << 1) + self.read_bit()
190 |         return result
191 | 
192 |     def read_setbits(self, max_, set_=1):
193 |         """read bits as long as their set or a maximum is reached"""
194 |         result = 0
195 |         while result < max_ and self.read_bit() == set_:
196 |             result += 1
197 |         return result
198 | 
199 |     def back_copy(self, offset, length=1):
200 |         for i in xrange(length):
201 |             self.out += self.out[-offset]
202 |         return
203 | 
204 |     def read_literal(self, value=None):
205 |         if value is None:
206 |             self.out += self.read_byte()
207 |         else:
208 |             self.out += value
209 |         return False
210 | 
211 | # from kbp\comp\aplib.py ###################################################
212 | """
213 | aPLib, LZSS based lossless compression algorithm
214 | 
215 | Jorgen Ibsen U{http://www.ibsensoftware.com}
216 | """
217 | 
218 | def lengthdelta(offset):
219 |     if offset < 0x80 or 0x7D00 <= offset:
220 |         return 2
221 |     elif 0x500 <= offset:
222 |         return 1
223 |     return 0
224 | 
225 | class compress(_bits_compress):
226 |     """
227 |     aplib compression is based on lz77
228 |     """
229 |     def __init__(self, data, length=None):
230 |         _bits_compress.__init__(self, 1)
231 |         self.__in = data
232 |         self.__length = length if length is not None else len(data)
233 |         self.__offset = 0
234 |         self.__lastoffset = 0
235 |         self.__pair = True
236 |         return
237 | 
238 |     def __literal(self, marker=True):
239 |         if marker:
240 |             self.write_bit(0)
241 |         self.write_byte(self.__in[self.__offset])
242 |         self.__offset += 1
243 |         self.__pair = True
244 |         return
245 | 
246 |     def __block(self, offset, length):
247 |         assert offset >= 2
248 |         self.write_bitstring("10")
249 | 
250 |         # if the last operations were literal or single byte
251 |         # and the offset is unchanged since the last block copy
252 |         # we can just store a 'null' offset and the length
253 |         if self.__pair and self.__lastoffset == offset:
254 |             self.write_variablenumber(2)    # 2-
255 |             self.write_variablenumber(length)
256 |         else:
257 |             high = (offset >> 8) + 2
258 |             if self.__pair:
259 |                 high += 1
260 |             self.write_variablenumber(high)
261 |             low = offset & 0xFF
262 |             self.write_byte(low)
263 |             self.write_variablenumber(length - lengthdelta(offset))
264 |         self.__offset += length
265 |         self.__lastoffset = offset
266 |         self.__pair = False
267 |         return
268 | 
269 |     def __shortblock(self, offset, length):
270 |         assert 2 <= length <= 3
271 |         assert 0 < offset <= 127
272 |         self.write_bitstring("110")
273 |         b = (offset << 1 ) + (length - 2)
274 |         self.write_byte(b)
275 |         self.__offset += length
276 |         self.__lastoffset = offset
277 |         self.__pair = False
278 |         return
279 | 
280 |     def __singlebyte(self, offset):
281 |         assert 0 <= offset < 16
282 |         self.write_bitstring("111")
283 |         self.write_fixednumber(offset, 4)
284 |         self.__offset += 1
285 |         self.__pair = True
286 |         return
287 | 
288 |     def __end(self):
289 |         self.write_bitstring("110")
290 |         self.write_byte(chr(0))
291 |         return
292 | 
293 |     def do(self):
294 |         self.__literal(False)
295 |         while self.__offset < self.__length:
296 |             offset, length = find_longest_match(self.__in[:self.__offset],
297 |                 self.__in[self.__offset:])
298 |             if length == 0:
299 |                 c = self.__in[self.__offset]
300 |                 if c == "\x00":
301 |                     self.__singlebyte(0)
302 |                 else:
303 |                     self.__literal()
304 |             elif length == 1 and 0 <= offset < 16:
305 |                 self.__singlebyte(offset)
306 |             elif 2 <= length <= 3 and 0 < offset <= 127:
307 |                 self.__shortblock(offset, length)
308 |             elif 3 <= length and 2 <= offset:
309 |                 self.__block(offset, length)
310 |             else:
311 |                 self.__literal()
312 |                 #raise ValueError("no parsing found", offset, length)
313 |         self.__end()
314 |         return self.getdata()
315 | 
316 | 
317 | class decompress(_bits_decompress):
318 |     def __init__(self, data):
319 |         _bits_decompress.__init__(self, data, tagsize=1)
320 |         self.__pair = True    # paired sequence
321 |         self.__lastoffset = 0
322 |         self.__functions = [
323 |             self.__literal,
324 |             self.__block,
325 |             self.__shortblock,
326 |             self.__singlebyte]
327 |         return
328 | 
329 |     def __literal(self):
330 |         self.read_literal()
331 |         self.__pair = True
332 |         return False
333 | 
334 |     def __block(self):
335 |         b = self.read_variablenumber()    # 2-
336 |         if b == 2 and self.__pair :    # reuse the same offset
337 |             offset = self.__lastoffset
338 |             length = self.read_variablenumber()    # 2-
339 |         else:
340 |             high = b - 2    # 0-
341 |             if self.__pair:
342 |                 high -= 1
343 |             offset = (high << 8) + ord(self.read_byte())
344 |             length = self.read_variablenumber()    # 2-
345 |             length += lengthdelta(offset)
346 |         self.__lastoffset = offset
347 |         self.back_copy(offset, length)
348 |         self.__pair = False
349 |         return False
350 | 
351 |     def __shortblock(self):
352 |         b = ord(self.read_byte())
353 |         if b <= 1:    # likely 0
354 |             return True
355 |         length = 2 + (b & 0x01)    # 2-3
356 |         offset = b >> 1    # 1-127
357 |         self.back_copy(offset, length)
358 |         self.__lastoffset = offset
359 |         self.__pair = False
360 |         return False
361 | 
362 |     def __singlebyte(self):
363 |         offset = self.read_fixednumber(4) # 0-15
364 |         if offset:
365 |             self.back_copy(offset)
366 |         else:
367 |             self.read_literal('\x00')
368 |         self.__pair = True
369 |         return False
370 | 
371 |     def do(self):
372 |         """returns decompressed buffer and consumed bytes counter"""
373 |         self.read_literal()
374 |         while True:
375 |             if self.__functions[self.read_setbits(3)]():
376 |                 break
377 |         return self.out, self.getoffset()
378 | 
379 | if __name__ == "__main__":
380 | # from kbp\test\aplib_test.py ######################################################################
381 |     assert decompress(compress("a").do()).do() == ("a", 3)
382 |     assert decompress(compress("ababababababab").do()).do() == ('ababababababab', 9)
383 |     assert decompress(compress("aaaaaaaaaaaaaacaaaaaa").do()).do() == ('aaaaaaaaaaaaaacaaaaaa', 11)
384 | 
385 | 


--------------------------------------------------------------------------------
/sageransom/chacha.py:
--------------------------------------------------------------------------------
  1 | 
  2 | """
  3 |     chacha.py
  4 |     
  5 |     An implementation of ChaCha in about 130 operative lines 
  6 |     of 100% pure Python code.
  7 |     
  8 |     Copyright (c) 2009-2011 by Larry Bugbee, Kent, WA
  9 |     ALL RIGHTS RESERVED.
 10 | 
 11 |     chacha.py IS EXPERIMENTAL SOFTWARE FOR EDUCATIONAL
 12 |     PURPOSES ONLY.  IT IS MADE AVAILABLE "AS-IS" WITHOUT 
 13 |     WARRANTY OR GUARANTEE OF ANY KIND.  USE SIGNIFIES 
 14 |     ACCEPTANCE OF ALL RISK.  
 15 | 
 16 |     To make your learning and experimentation less cumbersome, 
 17 |     chacha.py is free for any use.      
 18 |     
 19 |     This implementation is intended for Python 2.x.
 20 |     
 21 |     Larry Bugbee
 22 |     May 2009     (Salsa20)
 23 |     August 2009  (ChaCha)
 24 |     rev June 2010
 25 |     rev March 2011  - tweaked _quarterround() to get 20-30% speed gain
 26 | """
 27 | 
 28 | import struct
 29 | try:
 30 |     import psyco            # a specializing [runtime] compiler
 31 |     have_psyco = True       # for 32-bit architectures
 32 |     print 'psyco enabled'
 33 | except:
 34 |     have_psyco = False
 35 |     
 36 | #-----------------------------------------------------------------------
 37 | 
 38 | class ChaCha(object):
 39 |     """
 40 |         ChaCha is an improved variant of Salsa20.
 41 |         
 42 |         Salsa20 was submitted to eSTREAM, an EU stream cipher
 43 |         competition.  Salsa20 was originally defined to be 20
 44 |         rounds.  Reduced round versions, Salsa20/8 (8 rounds) and
 45 |         Salsa20/12 (12 rounds), were later submitted.  Salsa20/12
 46 |         was chosen as one of the winners and 12 rounds was deemed
 47 |         the "right blend" of security and efficiency.  Salsa20 
 48 |         is about 3x-4x faster than AES-128.
 49 |         
 50 |         Both ChaCha and Salsa20 accept a 128-bit or a 256-bit key 
 51 |         and a 64-bit IV to set up an initial 64-byte state.  For 
 52 |         each 64-bytes of data, the state gets scrambled and XORed 
 53 |         with the previous state.  This new state is then XORed 
 54 |         with the input data to produce the output.  Both being 
 55 |         stream ciphers, their encryption and decryption functions 
 56 |         are identical.  
 57 |         
 58 |         While Salsa20's diffusion properties are very good, some 
 59 |         claimed the IV/keystream correlation was too strong for 
 60 |         comfort.  To satisfy, another variant called XSalsa20 
 61 |         implements a 128-bit IV.  For the record, EU eSTREAM team 
 62 |         did select Salsa20/12 as a solid cipher providing 128-bit 
 63 |         security.  
 64 |         
 65 |         ChaCha is a minor tweak of Salsa20 that significantly 
 66 |         improves its diffusion per round.  ChaCha is more secure 
 67 |         than Salsa20 and 8 rounds of ChaCha, aka ChaCha8, provides 
 68 |         128-bit security.  (FWIW, I have not seen any calls for a 
 69 |         128-bit IV version of ChaCha or XChaCha.)  
 70 |         
 71 |         Another benefit is that ChaCha8 is about 5-8% faster than 
 72 |         Salsa20/8 on most 32- and 64-bit PPC and Intel processors.  
 73 |         SIMD machines should see even more improvement.  
 74 |         
 75 |         Sample usage:
 76 |           from chacha import ChaCha
 77 |           
 78 |           cc8 = ChaCha(key, iv)
 79 |           ciphertext = cc8.encrypt(plaintext)
 80 |           
 81 |           cc8 = ChaCha(key, iv)
 82 |           plaintext = cc8.decrypt(ciphertext)
 83 |         
 84 |         Remember, the purpose of this program is educational; it 
 85 |         is NOT a secure implementation nor is a pure Python version 
 86 |         going to be fast.  Encrypting large data will be less than 
 87 |         satisfying.  Also, no effort is made to protect the key or 
 88 |         wipe critical memory after use.  
 89 |         
 90 |         Note that psyco, a specializing compiler somewhat akin to 
 91 |         a JIT, can provide a 2x+ performance improvement over 
 92 |         vanilla Python 32-bit architectures.  A 64-bit version of 
 93 |         psyco does not exist.  See http://psyco.sourceforge.net
 94 |         
 95 |         For more information about Daniel Bernstein's ChaCha 
 96 |         algorithm, please see http://cr.yp.to/chacha.html
 97 |         
 98 |         All we need now is a keystream AND authentication in the 
 99 |         same pass.  
100 |         
101 |         Larry Bugbee
102 |         May 2009     (Salsa20)
103 |         August 2009  (ChaCha)
104 |         rev June 2010
105 |     """
106 | 
107 |     TAU    = ( 0x61707865, 0x3120646e, 0x79622d36, 0x6b206574 )
108 |     SIGMA  = ( 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574 )
109 |     ROUNDS = 8                         # ...10, 12, 20?
110 | 
111 |     # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
112 | 
113 |     def __init__(self, key, iv, rounds=ROUNDS):
114 |         """ Both key and iv are byte strings.  The key must be 
115 |             exactly 16 or 32 bytes, 128 or 256 bits respectively.  
116 |             The iv must be exactly 8 bytes (64 bits) and MUST 
117 |             never be reused with the same key.
118 |             
119 |             The default number of rounds is 8.
120 | 
121 |             If you have several encryptions/decryptions that use 
122 |             the same key, you may reuse the same instance and 
123 |             simply call iv_setup() to set the new iv.  The previous 
124 |             key and the new iv will establish a new state.
125 |         """
126 |         self._key_setup(key)
127 |         self.iv_setup(iv)
128 |         self.rounds = rounds
129 | 
130 |     # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
131 | 
132 |     def _key_setup(self, key):
133 |         """ key is converted to a list of 4-byte unsigned integers
134 |             (32 bits).
135 | 
136 |             Calling this routine with a key value effectively resets
137 |             the context/instance.  Be sure to set the iv as well.
138 |         """
139 |         if len(key) not in [16, 32]:
140 |             raise Exception('key must be either 16 or 32 bytes')
141 |         key_state = [0]*16
142 |         if len(key) == 16:
143 |             k = list(struct.unpack('<4I', key))
144 |             key_state[0]  = self.TAU[0]
145 |             key_state[1]  = self.TAU[1]
146 |             key_state[2]  = self.TAU[2]
147 |             key_state[3]  = self.TAU[3]
148 |             key_state[4]  = k[0]
149 |             key_state[5]  = k[1]
150 |             key_state[6]  = k[2]
151 |             key_state[7]  = k[3]
152 |             key_state[8]  = k[0]
153 |             key_state[9]  = k[1]
154 |             key_state[10] = k[2]
155 |             key_state[11] = k[3]
156 |             # 12 and 13 are reserved for the counter
157 |             # 14 and 15 are reserved for the IV
158 | 
159 |         elif len(key) == 32:
160 |             k = list(struct.unpack('<8I', key))
161 |             key_state[0]  = self.SIGMA[0]
162 |             key_state[1]  = self.SIGMA[1]
163 |             key_state[2]  = self.SIGMA[2]
164 |             key_state[3]  = self.SIGMA[3]
165 |             key_state[4]  = k[0]
166 |             key_state[5]  = k[1]
167 |             key_state[6]  = k[2]
168 |             key_state[7]  = k[3]
169 |             key_state[8]  = k[4]
170 |             key_state[9]  = k[5]
171 |             key_state[10] = k[6]
172 |             key_state[11] = k[7]
173 |             # 12 and 13 are reserved for the counter
174 |             # 14 and 15 are reserved for the IV
175 |         self.key_state = key_state
176 | 
177 |     # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
178 | 
179 |     def iv_setup(self, iv):
180 |         """ self.state and other working structures are lists of
181 |             4-byte unsigned integers (32 bits).
182 | 
183 |             The iv is not a secret but it should never be reused 
184 |             with the same key value.  Use date, time or some other
185 |             counter to be sure the iv is different each time, and
186 |             be sure to communicate the IV to the receiving party.
187 |             Prepending 8 bytes of iv to the ciphertext is the usual
188 |             way to do this.
189 | 
190 |             Just as setting a new key value effectively resets the
191 |             context, setting the iv also resets the context with
192 |             the last key value entered.
193 |         """
194 |         if len(iv) != 8:
195 |             raise Exception('iv must be 8 bytes')
196 |         v = list(struct.unpack('<2I', iv))
197 |         iv_state = self.key_state[:]
198 |         iv_state[12] = 0
199 |         iv_state[13] = 0
200 |         iv_state[14] = v[0]
201 |         iv_state[15] = v[1]
202 |         self.state = iv_state
203 |         self.lastblock_sz = 64      # init flag - unsafe to continue
204 |                                     # processing if not 64
205 | 
206 |     # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
207 | 
208 |     def encrypt(self, datain):
209 |         """ Encrypt a chunk of data.  datain and the returned value 
210 |             are byte strings.
211 | 
212 |             If large data is submitted to this routine in chunks,
213 |             the chunk size MUST be an exact multiple of 64 bytes.
214 |             Only the final chunk may be less than an even multiple.
215 |             (This function does not "save" any uneven, left-over 
216 |             data for concatenation to the front of the next chunk.)
217 |             
218 |             The amount of available memory imposes a poorly defined
219 |             limit on the amount of data this routine can process.
220 |             Typically 10's and 100's of KB are available but then,
221 |             perhaps not.  This routine is intended for educational 
222 |             purposes so application developers should take heed.
223 |         """
224 |         if self.lastblock_sz != 64:
225 |             raise Exception('last chunk size not a multiple of 64 bytes')
226 |         dataout = []
227 |         while datain:
228 |             # generate 64 bytes of cipher stream
229 |             stream = self._chacha_scramble();
230 |             # XOR the stream onto the next 64 bytes of data
231 |             dataout.append(self._xor(stream, datain))
232 |             if len(datain) <= 64:
233 |                 self.lastblock_sz = len(datain)
234 |                 return ''.join(dataout)
235 |             # increment the iv.  In this case we increment words
236 |             # 12 and 13 in little endian order.  This will work 
237 |             # nicely for data up to 2^70 bytes (1,099,511,627,776GB) 
238 |             # in length.  After that it is the user's responsibility 
239 |             # to generate a new nonce/iv.
240 |             self.state[12] = (self.state[12] + 1) & 0xffffffff
241 |             if self.state[12] == 0:           # if overflow in state[12]
242 |                 self.state[13] += 1           # carry to state[13]
243 |                 # not to exceed 2^70 x 2^64 = 2^134 data size ??? <<<<
244 |             # get ready for the next iteration
245 |             datain = datain[64:]
246 |         # should never get here
247 |         raise Exception('Huh?')
248 |     
249 |     decrypt = encrypt
250 |     
251 |     # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
252 |     
253 |     def _chacha_scramble(self):     # 64 bytes in
254 |         """ self.state and other working strucures are lists of
255 |             4-byte unsigned integers (32 bits).
256 | 
257 |             output must be converted to bytestring before return.
258 |         """
259 |         x = self.state[:]           # makes a copy
260 |         for i in xrange(0, self.rounds, 2):
261 |             # two rounds per iteration
262 |             self._quarterround(x, 0, 4, 8,12)
263 |             self._quarterround(x, 1, 5, 9,13)
264 |             self._quarterround(x, 2, 6,10,14)
265 |             self._quarterround(x, 3, 7,11,15)
266 |             
267 |             self._quarterround(x, 0, 5,10,15)
268 |             self._quarterround(x, 1, 6,11,12)
269 |             self._quarterround(x, 2, 7, 8,13)
270 |             self._quarterround(x, 3, 4, 9,14)
271 |             
272 |         for i in xrange(16):
273 |             x[i] = (x[i] + self.state[i]) & 0xffffffff
274 |         output = struct.pack('<16I',
275 |                             x[ 0], x[ 1], x[ 2], x[ 3],
276 |                             x[ 4], x[ 5], x[ 6], x[ 7],
277 |                             x[ 8], x[ 9], x[10], x[11],
278 |                             x[12], x[13], x[14], x[15])
279 |         return output               # 64 bytes out
280 |     
281 |     # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
282 |     
283 |     '''
284 |     # as per definition - deprecated
285 |     def _quarterround(self, x, a, b, c, d):
286 |         x[a] = (x[a] + x[b]) & 0xFFFFFFFF
287 |         x[d] = self._rotate((x[d]^x[a]), 16)
288 |         x[c] = (x[c] + x[d]) & 0xFFFFFFFF
289 |         x[b] = self._rotate((x[b]^x[c]), 12)
290 |         
291 |         x[a] = (x[a] + x[b]) & 0xFFFFFFFF
292 |         x[d] = self._rotate((x[d]^x[a]), 8)
293 |         x[c] = (x[c] + x[d]) & 0xFFFFFFFF
294 |         x[b] = self._rotate((x[b]^x[c]), 7)
295 |         
296 |     def _rotate(self, v, n):        # aka ROTL32
297 |         return ((v << n) & 0xFFFFFFFF) | (v >> (32 - n))
298 |     '''
299 |     
300 |     # surprisingly, the following tweaks/accelerations provide 
301 |     # about a 20-40% gain
302 |     def _quarterround(self, x, a, b, c, d):
303 |         xa = x[a]
304 |         xb = x[b]
305 |         xc = x[c]
306 |         xd = x[d]
307 |         
308 |         xa  = (xa + xb)  & 0xFFFFFFFF
309 |         tmp =  xd ^ xa
310 |         xd  = ((tmp << 16) & 0xFFFFFFFF) | (tmp >> 16)  # 16=32-16
311 |         xc  = (xc + xd)  & 0xFFFFFFFF
312 |         tmp =  xb ^ xc
313 |         xb  = ((tmp << 12) & 0xFFFFFFFF) | (tmp >> 20)  # 20=32-12
314 |         
315 |         xa  = (xa + xb)  & 0xFFFFFFFF
316 |         tmp =  xd ^ xa
317 |         xd  = ((tmp <<  8) & 0xFFFFFFFF) | (tmp >> 24)  # 24=32-8
318 |         xc  = (xc + xd)  & 0xFFFFFFFF
319 |         tmp =  xb ^ xc
320 |         xb  = ((tmp <<  7) & 0xFFFFFFFF) | (tmp >> 25)  # 25=32-7
321 |         
322 |         x[a] = xa
323 |         x[b] = xb
324 |         x[c] = xc
325 |         x[d] = xd
326 |     
327 |     
328 |     def _xor(self, stream, datain):
329 |         dataout = []
330 |         for i in xrange(min(len(stream), len(datain))):
331 |             dataout.append(chr(ord(stream[i])^ord(datain[i])))
332 |         return ''.join(dataout)
333 |     
334 |     # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
335 |     
336 |     if have_psyco:
337 |         # if you psyco encrypt() and _chacha_scramble() you
338 |         # should get a 2.4x speedup over vanilla Python 2.5.  
339 |         # The other functions seem to offer only negligible 
340 |         # improvement.  YMMV.
341 |         
342 |         _key_setup = psyco.proxy(_key_setup)    # small impact
343 |         iv_setup   = psyco.proxy(iv_setup)      # small impact
344 |         encrypt    = psyco.proxy(encrypt)                   # 18-32%
345 |         _chacha_scramble = psyco.proxy(_chacha_scramble)    # big help, 2x
346 |         _quarterround    = psyco.proxy(_quarterround)       # ???
347 | #        _rotate = psyco.proxy(_rotate)          # minor impact
348 |         _xor    = psyco.proxy(_xor)             # very small impact
349 |         pass
350 | 
351 | #-----------------------------------------------------------------------
352 | #-----------------------------------------------------------------------
353 | #-----------------------------------------------------------------------
354 | 
355 | 


--------------------------------------------------------------------------------
/flawedammy/ammy_crypt/RLEncryptor02.cpp:
--------------------------------------------------------------------------------
  1 | #include "RLEncryptor02.h"
  2 | #include <string.h>
  3 | 
  4 | // The algorithm is very security, it has 2 layers
  5 | // 1) first layer  - modified SEAL 3.0 with 160 bits key, ByteReverse() was modifyed
  6 | // 2) second layer - designed by maximp, Rotation input stream with state variable
  7 | // 
  8 | // it's very fast about 9 sec for Encrypt+Decrypt 1024^3 bytes on Notebook Intel 2.10 Ghz, 
  9 | // about 3 times faster than AES-128
 10 | 
 11 | extern "C" int decode(unsigned char *key, int size, unsigned char *data);
 12 | 
 13 | RLEncryptor02::RLEncryptor02()
 14 | {
 15 | }
 16 | 
 17 | RLEncryptor02::~RLEncryptor02()
 18 | {
 19 | }
 20 | 
 21 | 
 22 | void RLEncryptor02::Copy(const RLEncryptor02& src)
 23 | {
 24 | 	m_counter	= src.m_counter;
 25 | 	m_position	= src.m_position;
 26 | 	m_lastIndex	= src.m_lastIndex;
 27 | 	memcpy(H, src.H, sizeof(H));
 28 | 	memcpy(Z, src.Z, sizeof(Z));
 29 | 	memcpy(D, src.D, sizeof(D));
 30 | 	memcpy(S, src.S, sizeof(S));
 31 | 	memcpy(T, src.T, sizeof(T));
 32 | 	memcpy(R, src.R, sizeof(R));
 33 | 	memcpy(m_buffer, src.m_buffer, sizeof(m_buffer));
 34 | 	m_prevByte = src.m_prevByte;
 35 | 	memcpy(m_rotation, src.m_rotation, sizeof(m_rotation));
 36 | }
 37 | 
 38 | 
 39 | // it can be used to fast recovery if Encoder was used less than for 4096 bytes
 40 | //
 41 | void RLEncryptor02::FastCopy(const RLEncryptor02& src)
 42 | {
 43 | 	m_position = src.m_position;
 44 | 	m_prevByte = src.m_prevByte;
 45 | }
 46 | 
 47 | 
 48 | inline static void FastXOR(UINT8 *input, UINT8 *mask, int count)
 49 | {
 50 | 	int n = count / sizeof(int);
 51 | 
 52 | 	for (; n>0; n--) {	
 53 | 		*((int*)input) ^= *((int*)mask);
 54 | 		input += sizeof(int);
 55 | 		mask  += sizeof(int);
 56 | 	}
 57 | 	
 58 | 	n = count % sizeof(int);
 59 | 
 60 | 	for (; n>0; n--) {
 61 | 		*input ^= *mask;
 62 | 		input++;
 63 | 		mask++;
 64 | 	}	
 65 | }
 66 | 
 67 | //inline u32 rotlFixed(u32 x, u32 y) { return (x << y) | (x >> (32 - y)); }
 68 | //inline u32 rotrFixed(u32 x, u32 y) { return (x >> y) | (x << (32 - y)); }
 69 | 
 70 | //inline static u32 rotrFixed_8 (u32 x) { return _lrotr(x,8); }
 71 | //inline static u32 rotrFixed_16(u32 x) { return _lrotr(x,16); }
 72 | //inline static u32 rotrFixed_24(u32 x) { return _lrotr(x,24); }
 73 | //inline static u32 rotrFixed_9 (u32 x) { return _lrotr(x,9); }
 74 | //inline static u32 rotlFixed1 (u32 x) { return _lrotl(x,1); }
 75 | //inline static u32 rotlFixed5 (u32 x) { return _lrotl(x,5); }
 76 | //inline static u32 rotlFixed30(u32 x) { return _lrotl(x,30); }
 77 | //inline static u32 rotlFixed16(u32 x) { return _lrotl(x,16); }
 78 | 
 79 | #ifdef _WIN32
 80 | 	#define rotlFixed1(x)   _rotl(x,1)
 81 | 	#define rotlFixed5(x)   _rotl(x,5)
 82 | 	#define rotlFixed30(x)  _rotl(x,30)
 83 | 	#define rotlFixed16(x)  _rotl(x,16)
 84 | 	#define rotrFixed_8(x)  _rotr(x,8)
 85 | 	#define rotrFixed_16(x) _rotr(x,16)
 86 | 	#define rotrFixed_24(x) _rotr(x,24)
 87 | 	#define rotrFixed_9(x)  _rotr(x,9)
 88 | #else
 89 | 	inline static UINT32 rotlFixed1  (UINT32 x) { return (x << 1)  | (x >> 31); }
 90 | 	inline static UINT32 rotlFixed5  (UINT32 x) { return (x << 5)  | (x >> 27); }
 91 | 	inline static UINT32 rotlFixed30 (UINT32 x) { return (x << 30) | (x >> 2);  }
 92 | 	inline static UINT32 rotlFixed16 (UINT32 x) { return (x << 16) | (x >> 16); }
 93 | 	inline static UINT32 rotrFixed_8 (UINT32 x) { return (x >> 8)  | (x << 24); }
 94 | 	inline static UINT32 rotrFixed_16(UINT32 x) { return (x >> 16) | (x << 16); }
 95 | 	inline static UINT32 rotrFixed_24(UINT32 x) { return (x >> 24) | (x << 8);  }
 96 | 	inline static UINT32 rotrFixed_9 (UINT32 x) { return (x >> 9)  | (x << 23); }
 97 | #endif
 98 | 
 99 | 
100 | 
101 | 
102 | 
103 | #define K1  0x5A827999L                                 /* Rounds  0-19 */
104 | #define K2  0x6ED9EBA1L                                 /* Rounds 20-39 */
105 | #define K3  0x8F1BBCDCL                                 /* Rounds 40-59 */
106 | #define K4  0xCA62C1D6L                                 /* Rounds 60-79 */
107 | 
108 | #define f1(x,y,z)   ( z ^ ( x & ( y ^ z ) ) )           /* Rounds  0-19 */
109 | #define f2(x,y,z)   ( x ^ y ^ z )                       /* Rounds 20-39 */
110 | #define f3(x,y,z)   ( ( x & y ) | ( z & ( x | y ) ) )   /* Rounds 40-59 */
111 | #define f4(x,y,z)   ( x ^ y ^ z )                       /* Rounds 60-79 */
112 | 
113 | // from sha-1
114 | void RLEncryptor02::SHATransform( UINT32 *digest, const UINT32 *data )
115 | {
116 | 	register UINT32 A, B, C, D, E;
117 | 
118 | 	#define expand(W,i) ( W[ i & 15 ] = rotlFixed1((W[i&15] ^ W[i-14&15] ^ W[i-8&15] ^ W[i-3&15])) )
119 | 
120 | 	#define subRound(a, b, c, d, e, f, k, data) ( e += rotlFixed5(a) + f(b,c,d) + k + data, b = rotlFixed30(b))
121 | 
122 | 
123 | 	UINT32 eData[16];
124 | 	memcpy(eData, data, sizeof(eData));
125 | 
126 | 
127 | 	A = digest[0];
128 | 	B = digest[1];
129 | 	C = digest[2];
130 | 	D = digest[3];
131 | 	E = digest[4];
132 | 
133 | 	// Heavy mangling, in 4 sub-rounds of 20 interations each.
134 | 	subRound( A, B, C, D, E, f1, K1, eData[  0 ] );
135 | 	subRound( E, A, B, C, D, f1, K1, eData[  1 ] );
136 | 	subRound( D, E, A, B, C, f1, K1, eData[  2 ] );
137 | 	subRound( C, D, E, A, B, f1, K1, eData[  3 ] );
138 | 	subRound( B, C, D, E, A, f1, K1, eData[  4 ] );
139 | 	subRound( A, B, C, D, E, f1, K1, eData[  5 ] );
140 | 	subRound( E, A, B, C, D, f1, K1, eData[  6 ] );
141 | 	subRound( D, E, A, B, C, f1, K1, eData[  7 ] );
142 | 	subRound( C, D, E, A, B, f1, K1, eData[  8 ] );
143 | 	subRound( B, C, D, E, A, f1, K1, eData[  9 ] );
144 | 	subRound( A, B, C, D, E, f1, K1, eData[ 10 ] );
145 | 	subRound( E, A, B, C, D, f1, K1, eData[ 11 ] );
146 | 	subRound( D, E, A, B, C, f1, K1, eData[ 12 ] );
147 | 	subRound( C, D, E, A, B, f1, K1, eData[ 13 ] );
148 | 	subRound( B, C, D, E, A, f1, K1, eData[ 14 ] );
149 | 	subRound( A, B, C, D, E, f1, K1, eData[ 15 ] );
150 | 	subRound( E, A, B, C, D, f1, K1, expand( eData, 16 ) );
151 | 	subRound( D, E, A, B, C, f1, K1, expand( eData, 17 ) );
152 | 	subRound( C, D, E, A, B, f1, K1, expand( eData, 18 ) );
153 | 	subRound( B, C, D, E, A, f1, K1, expand( eData, 19 ) );
154 | 
155 | 	subRound( A, B, C, D, E, f2, K2, expand( eData, 20 ) );
156 | 	subRound( E, A, B, C, D, f2, K2, expand( eData, 21 ) );
157 | 	subRound( D, E, A, B, C, f2, K2, expand( eData, 22 ) );
158 | 	subRound( C, D, E, A, B, f2, K2, expand( eData, 23 ) );
159 | 	subRound( B, C, D, E, A, f2, K2, expand( eData, 24 ) );
160 | 	subRound( A, B, C, D, E, f2, K2, expand( eData, 25 ) );
161 | 	subRound( E, A, B, C, D, f2, K2, expand( eData, 26 ) );
162 | 	subRound( D, E, A, B, C, f2, K2, expand( eData, 27 ) );
163 | 	subRound( C, D, E, A, B, f2, K2, expand( eData, 28 ) );
164 | 	subRound( B, C, D, E, A, f2, K2, expand( eData, 29 ) );
165 | 	subRound( A, B, C, D, E, f2, K2, expand( eData, 30 ) );
166 | 	subRound( E, A, B, C, D, f2, K2, expand( eData, 31 ) );
167 | 	subRound( D, E, A, B, C, f2, K2, expand( eData, 32 ) );
168 | 	subRound( C, D, E, A, B, f2, K2, expand( eData, 33 ) );
169 | 	subRound( B, C, D, E, A, f2, K2, expand( eData, 34 ) );
170 | 	subRound( A, B, C, D, E, f2, K2, expand( eData, 35 ) );
171 | 	subRound( E, A, B, C, D, f2, K2, expand( eData, 36 ) );
172 | 	subRound( D, E, A, B, C, f2, K2, expand( eData, 37 ) );
173 | 	subRound( C, D, E, A, B, f2, K2, expand( eData, 38 ) );
174 | 	subRound( B, C, D, E, A, f2, K2, expand( eData, 39 ) );
175 | 
176 | 	subRound( A, B, C, D, E, f3, K3, expand( eData, 40 ) );
177 | 	subRound( E, A, B, C, D, f3, K3, expand( eData, 41 ) );
178 | 	subRound( D, E, A, B, C, f3, K3, expand( eData, 42 ) );
179 | 	subRound( C, D, E, A, B, f3, K3, expand( eData, 43 ) );
180 | 	subRound( B, C, D, E, A, f3, K3, expand( eData, 44 ) );
181 | 	subRound( A, B, C, D, E, f3, K3, expand( eData, 45 ) );
182 | 	subRound( E, A, B, C, D, f3, K3, expand( eData, 46 ) );
183 | 	subRound( D, E, A, B, C, f3, K3, expand( eData, 47 ) );
184 | 	subRound( C, D, E, A, B, f3, K3, expand( eData, 48 ) );
185 | 	subRound( B, C, D, E, A, f3, K3, expand( eData, 49 ) );
186 | 	subRound( A, B, C, D, E, f3, K3, expand( eData, 50 ) );
187 | 	subRound( E, A, B, C, D, f3, K3, expand( eData, 51 ) );
188 | 	subRound( D, E, A, B, C, f3, K3, expand( eData, 52 ) );
189 | 	subRound( C, D, E, A, B, f3, K3, expand( eData, 53 ) );
190 | 	subRound( B, C, D, E, A, f3, K3, expand( eData, 54 ) );
191 | 	subRound( A, B, C, D, E, f3, K3, expand( eData, 55 ) );
192 | 	subRound( E, A, B, C, D, f3, K3, expand( eData, 56 ) );
193 | 	subRound( D, E, A, B, C, f3, K3, expand( eData, 57 ) );
194 | 	subRound( C, D, E, A, B, f3, K3, expand( eData, 58 ) );
195 | 	subRound( B, C, D, E, A, f3, K3, expand( eData, 59 ) );
196 | 
197 | 	subRound( A, B, C, D, E, f4, K4, expand( eData, 60 ) );
198 | 	subRound( E, A, B, C, D, f4, K4, expand( eData, 61 ) );
199 | 	subRound( D, E, A, B, C, f4, K4, expand( eData, 62 ) );
200 | 	subRound( C, D, E, A, B, f4, K4, expand( eData, 63 ) );
201 | 	subRound( B, C, D, E, A, f4, K4, expand( eData, 64 ) );
202 | 	subRound( A, B, C, D, E, f4, K4, expand( eData, 65 ) );
203 | 	subRound( E, A, B, C, D, f4, K4, expand( eData, 66 ) );
204 | 	subRound( D, E, A, B, C, f4, K4, expand( eData, 67 ) );
205 | 	subRound( C, D, E, A, B, f4, K4, expand( eData, 68 ) );
206 | 	subRound( B, C, D, E, A, f4, K4, expand( eData, 69 ) );
207 | 	subRound( A, B, C, D, E, f4, K4, expand( eData, 70 ) );
208 | 	subRound( E, A, B, C, D, f4, K4, expand( eData, 71 ) );
209 | 	subRound( D, E, A, B, C, f4, K4, expand( eData, 72 ) );
210 | 	subRound( C, D, E, A, B, f4, K4, expand( eData, 73 ) );
211 | 	subRound( B, C, D, E, A, f4, K4, expand( eData, 74 ) );
212 | 	subRound( A, B, C, D, E, f4, K4, expand( eData, 75 ) );
213 | 	subRound( E, A, B, C, D, f4, K4, expand( eData, 76 ) );
214 | 	subRound( D, E, A, B, C, f4, K4, expand( eData, 77 ) );
215 | 	subRound( C, D, E, A, B, f4, K4, expand( eData, 78 ) );
216 | 	subRound( B, C, D, E, A, f4, K4, expand( eData, 79 ) );
217 | 
218 | 	digest[0] += A;
219 | 	digest[1] += B;
220 | 	digest[2] += C;
221 | 	digest[3] += D;
222 | 	digest[4] += E;
223 | 
224 | 	memset(eData, 0, sizeof(eData));
225 | }
226 | 
227 | #define ByteReverse(x) (x)
228 | 
229 | //static inline UINT32 ByteReverse(UINT32 value)
230 | //{
231 | //	return value;
232 | 	//value = ((value & 0xFF00FF00) >> 8) | ((value & 0x00FF00FF) << 8);
233 | 	//return rotlFixed16(value);
234 | //	__asm {		
235 | //		mov eax, [value]
236 | //		bswap eax
237 | //	}
238 | 	// Return with result in EAX
239 | //}
240 | 
241 | 
242 | inline void RLEncryptor02::Gamma(const UINT32 *key)
243 | {
244 | 	m_lastIndex = 0xffffffff;
245 | 
246 | 	for (UINT32 i=0; i<5; i++) H[i] = ByteReverse(key[i]);
247 | 
248 | 	memset(D, 0, 64);
249 | }
250 | 
251 | 
252 | inline UINT32 RLEncryptor02::GammaApply(UINT32 i)
253 | {
254 | 	UINT32 shaIndex = i / 5;
255 | 	if (shaIndex != m_lastIndex)
256 |     {
257 | 		memcpy(Z, H, 20);
258 | 		D[0] = shaIndex;
259 | 		SHATransform(Z, D);
260 | 		m_lastIndex = shaIndex;
261 | 	}
262 | 	return Z[i%5];
263 | }
264 | 
265 | void RLEncryptor02::Generate() // OperateKeystream
266 | {
267 | 	UINT32 in = m_counter;
268 | 	UINT32 a, b, c, d, n1, n2, n3, n4;
269 | 	UINT32 p, q;
270 | 	UINT32 *wout = (UINT32 *)m_buffer;
271 | 
272 | 	for (UINT32 l=0; l<RLEncryptor02_L; l++)
273 |     {
274 | 		a = in ^ R[4*l];
275 | 		b = rotrFixed_8 (in) ^ R[4*l+1];
276 | 		c = rotrFixed_16(in) ^ R[4*l+2];
277 | 		d = rotrFixed_24(in) ^ R[4*l+3];
278 | 
279 | 		UINT8 *Tptr = (UINT8 *) & T[0];
280 | 
281 | 		#define Ttab(x) *(UINT32 *)(Tptr + x)
282 | 
283 | 		for (UINT32 j=0; j<2; j++)
284 | 		{
285 | 			p = a & 0x7fc;
286 | 			b += Ttab(p);
287 | 			a = rotrFixed_9(a);
288 | 
289 | 			p = b & 0x7fc;
290 | 			c += Ttab(p);
291 | 			b = rotrFixed_9(b);
292 | 
293 | 			p = c & 0x7fc;
294 | 			d += Ttab(p);
295 | 			c = rotrFixed_9(c);
296 | 
297 | 			p = d & 0x7fc;
298 | 			a += Ttab(p);
299 | 			d = rotrFixed_9(d);
300 | 		}
301 | 
302 | 		n1 = d;
303 | 		n2 = b;
304 | 		n3 = a;
305 | 		n4 = c;
306 | 
307 | 		p = a & 0x7fc;
308 | 		b += Ttab(p);
309 | 		a = rotrFixed_9(a);
310 | 
311 | 		p = b & 0x7fc;
312 | 		c += Ttab(p);
313 | 		b = rotrFixed_9(b);
314 | 
315 | 		p = c & 0x7fc;
316 | 		d += Ttab(p);
317 | 		c = rotrFixed_9(c);
318 | 
319 | 		p = d & 0x7fc;
320 | 		a += Ttab(p);
321 | 		d = rotrFixed_9(d);
322 | 
323 | 		// generate 8192 bits
324 | 		for (UINT32 i=0; i<64; i++)
325 | 		{
326 | 			p = a & 0x7fc;
327 | 			a = rotrFixed_9(a);
328 | 			b += Ttab(p);
329 | 			b ^= a;
330 | 
331 | 			q = b & 0x7fc;
332 | 			b = rotrFixed_9(b);
333 | 			c ^= Ttab(q);
334 | 			c += b;
335 | 
336 | 			p = (p + c) & 0x7fc;
337 | 			c = rotrFixed_9(c);
338 | 			d += Ttab(p);
339 | 			d ^= c;
340 | 
341 | 			q = (q + d) & 0x7fc;
342 | 			d = rotrFixed_9(d);
343 | 			a ^= Ttab(q);
344 | 			a += d;
345 | 
346 | 			p = (p + a) & 0x7fc;
347 | 			b ^= Ttab(p);
348 | 			a = rotrFixed_9(a);
349 | 
350 | 			q = (q + b) & 0x7fc;
351 | 			c += Ttab(q);
352 | 			b = rotrFixed_9(b);
353 | 
354 | 			p = (p + c) & 0x7fc;
355 | 			d ^= Ttab(p);
356 | 			c = rotrFixed_9(c);
357 | 
358 | 			q = (q + d) & 0x7fc;
359 | 			d = rotrFixed_9(d);
360 | 			a += Ttab(q);
361 | 
362 | 			wout[0] = ByteReverse(b + S[4*i+0]);
363 | 			wout[1] = ByteReverse(c ^ S[4*i+1]);
364 | 			wout[2] = ByteReverse(d + S[4*i+2]);
365 | 			wout[3] = ByteReverse(a ^ S[4*i+3]);
366 | 
367 | 			wout += 4;
368 | 
369 | 			if (i & 1)
370 | 			{
371 | 				a += n3;
372 | 				b += n4;
373 | 				c ^= n3;
374 | 				d ^= n4;
375 | 			}
376 | 			else
377 | 			{
378 | 				a += n1;
379 | 				b += n2;
380 | 				c ^= n1;
381 | 				d ^= n2;
382 | 			}
383 |         }
384 |     }
385 | }
386 | 
387 | 
388 | inline void RLEncryptor02::IncrementCounter()
389 | {
390 | 	m_counter++;
391 | 	m_position = 0;
392 | 	Generate();
393 | }
394 | 
395 | // added by maximp
396 | //
397 | inline void RLEncryptor02::RotateEncr(UINT8 *input, int count)
398 | {
399 | 	int b = m_prevByte;
400 | 
401 | 	for (; count>0; count--) {
402 | 		b = m_rotation[b ^ (*input)];
403 | 		*input = b;
404 | 		input++;
405 | 	}
406 | 	
407 | 	m_prevByte = b;
408 | }
409 | 
410 | // added by maximp
411 | //
412 | inline void RLEncryptor02::RotateDecr(UINT8 *input, int count)
413 | {
414 | 	int b = m_prevByte; // work faster that UINT8
415 | 
416 | 	for (; count>0; count--) {
417 | 		int b2 = (*input);		
418 | 		*input = b^m_rotation[b2];
419 | 		b = b2;
420 | 		input++;
421 | 	}
422 | 	
423 | 	m_prevByte = b;
424 | }
425 | 
426 | void RLEncryptor02::Encrypt(UINT8 *input, int count)
427 | {
428 | 	XORCrypt  (input, count);
429 | 	RotateEncr(input, count);
430 | }
431 | 
432 | void RLEncryptor02::Decrypt(UINT8 *input, int count)
433 | {
434 | 	RotateDecr(input, count);
435 | 	XORCrypt  (input, count);
436 | }
437 | 
438 | void RLEncryptor02::XORCrypt(UINT8 *input, int length)
439 | {
440 | 	while (true)
441 |     {
442 | 		int count = 1024*RLEncryptor02_L - m_position;
443 | 		if (length<count) break;
444 | 		FastXOR(input, m_buffer + m_position, count);
445 | 		length -= count;
446 | 		input  += count;
447 | 		IncrementCounter();
448 |     }
449 | 
450 | 	FastXOR(input, m_buffer + m_position, length);
451 | 	m_position += length;
452 | }
453 | 
454 | void RLEncryptor02::SetKey(const UINT8 *key, bool encryption)
455 | {
456 | 	UINT i;
457 | 
458 | 	m_counter = 0;
459 | 	m_position = 0;
460 | 
461 | 	Gamma((UINT32*)key);
462 | 
463 | 	for (i=0; i<512; i++)	T[i] = GammaApply(i);
464 | 
465 | 	for (i=0; i<256; i++)	S[i] = GammaApply(0x1000 + i);
466 | 
467 | 	for (i=0; i<4*RLEncryptor02_L; i++)	R[i] = GammaApply(0x2000 + i);
468 | 
469 | 	Generate();
470 | 
471 | 	// added maximp, fill rotate table
472 | 	m_prevByte = 0;
473 | 	UINT8 buffer[256];
474 | 	UINT8 rotation[256];
475 | 
476 | 	for (i=0; i<256; i++) rotation[i] = (UINT8)(0xFF-i);
477 | 	
478 | 	int n1 = 0;
479 | 
480 | 	for (    i=0;   i<2;  i++) {
481 | 	for (int j=i+1; j<20; j++) {
482 | 	for (int k=j+1; k<20; k++) {
483 | 		int v = (key[i] ^ key[j] + key[k]) % 256;
484 | 		buffer[n1++] = (UINT8)v;
485 | 		if (n1>=256) goto exit1;
486 | 	}
487 | 	}
488 | 	}
489 | 
490 | exit1:
491 | 
492 | 	for (int v1=0;  v1<256; v1++) {
493 | 		int v2 = buffer[v1];
494 | 		if (v1==v2) continue;
495 | 		// swap
496 | 		UINT8 k1 = rotation[v1];
497 | 		rotation[v1] = rotation[v2];
498 | 		rotation[v2] = k1;
499 | 	}
500 | 
501 | 	if (encryption) {
502 | 		memcpy(m_rotation, rotation, sizeof(m_rotation));
503 | 	}
504 | 	else {
505 | 		for (i=0;  i<256; i++)
506 | 			m_rotation[rotation[i]] = (UINT8)i;
507 | 	}
508 | 
509 | 	//int n3 = 0;
510 | 	//for (i=0;  i<256; i++) if (m_rotation[i]==i) n3++;
511 | }
512 | extern "C" int decode(unsigned char *data, int size, unsigned char *key)
513 | {
514 | 	RLEncryptor02 enc;
515 | 	enc.SetKey(key, false);
516 | 	enc.Decrypt(data, size);
517 | 
518 | 
519 | 	return 0;
520 | }
521 | 
522 | 


--------------------------------------------------------------------------------
/goziv3/serpent2.py:
--------------------------------------------------------------------------------
   1 | ## serpent.py - pure Python implementation of the Serpent algorithm.
   2 | ## Bjorn Edstrom <be@bjrn.se> 13 december 2007.
   3 | ##
   4 | ## Copyrights
   5 | ## ==========
   6 | ##
   7 | ## This code is a derived from an implementation by Dr Brian Gladman 
   8 | ## (gladman@seven77.demon.co.uk) which is subject to the following license.
   9 | ## This Python implementation is not subject to any other license.
  10 | ##
  11 | ##/* This is an independent implementation of the encryption algorithm:
  12 | ## *
  13 | ## * Serpent by Ross Anderson, Eli Biham and Lars Knudsen 
  14 | ## *
  15 | ## * which is a candidate algorithm in the Advanced Encryption Standard
  16 | ## * programme of the US National Institute of Standards and Technology
  17 | ## *
  18 | ## * Copyright in this implementation is held by Dr B R Gladman but I
  19 | ## * hereby give permission for its free direct or derivative use subject
  20 | ## * to acknowledgment of its origin and compliance with any conditions
  21 | ## * that the originators of the algorithm place on its exploitation.
  22 | ## *
  23 | ## * Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999
  24 | ## */
  25 | ##
  26 | ## The above copyright notice must not be removed.
  27 | ##
  28 | ## Information
  29 | ## ===========
  30 | ##
  31 | ## Anyone thinking of using this code should reconsider. It's slow.
  32 | ## Try python-mcrypt instead. In case a faster library is not installed
  33 | ## on the target system, this code can be used as a portable fallback.
  34 | 
  35 | try:
  36 |     import psyco
  37 |     psyco.full()
  38 | except ImportError:
  39 |     pass
  40 | 
  41 | import binascii
  42 | import sys
  43 | import base64
  44 | 
  45 | block_size = 16
  46 | key_size = 32
  47 | 
  48 | class Serpent:
  49 |     
  50 |     def __init__(self, key=None):
  51 |         """Serpent."""
  52 |         
  53 |         if key:
  54 |             self.set_key(key)
  55 | 
  56 | 
  57 |     def set_key(self, key):
  58 |         """Init."""
  59 |         
  60 |         key_len = len(key)
  61 |         if key_len % 4:
  62 |             # XXX: add padding?
  63 |             raise KeyError, "key not a multiple of 4"
  64 |         if key_len > 32:
  65 |             # XXX: prune?
  66 |             raise KeyError, "key_len > 32"
  67 |         
  68 |         self.key_context = [0] * 140
  69 |         
  70 |         key_word32 = [0] * 32
  71 |         i = 0
  72 |         while key:
  73 |             key_word32[i] = struct.unpack("<L", key[0:4])[0]
  74 |             key = key[4:]
  75 |             i += 1
  76 | 
  77 |         set_key(self.key_context, key_word32, key_len)
  78 |         #print(map(hex,self.key_context))        
  79 | 
  80 |         
  81 |     def decrypt(self, block):
  82 |         """Decrypt blocks."""
  83 |         
  84 |         if len(block) % 16:
  85 |             raise ValueError, "block size must be a multiple of 16"
  86 | 
  87 |         plaintext = ''
  88 |         
  89 |         while block:
  90 |             a, b, c, d = struct.unpack("<4L", block[:16])
  91 |             temp = [a, b, c, d]
  92 |             decrypt(self.key_context, temp)
  93 |             plaintext += struct.pack("<4L", *temp)
  94 |             block = block[16:]
  95 |             
  96 |         return plaintext
  97 | 
  98 |         
  99 |     def encrypt(self, block):
 100 |         """Encrypt blocks."""
 101 | 
 102 |         if len(block) % 16:
 103 |             raise ValueError, "block size must be a multiple of 16"
 104 | 
 105 |         ciphertext = ''
 106 |         
 107 |         while block:
 108 |             a, b, c, d = struct.unpack("<4L", block[0:16])
 109 |             temp = [a, b, c, d]
 110 |             encrypt(self.key_context, temp)
 111 |             ciphertext += struct.pack("<4L", *temp)
 112 |             block = block[16:]
 113 |             
 114 |         return ciphertext
 115 | 
 116 | 
 117 |     def get_name(self):
 118 |         """Return the name of the cipher."""
 119 |         
 120 |         return "Serpent"
 121 | 
 122 | 
 123 |     def get_block_size(self):
 124 |         """Get cipher block size in bytes."""
 125 |         
 126 |         return 16
 127 | 
 128 |     
 129 |     def get_key_size(self):
 130 |         """Get cipher key size in bytes."""
 131 |         
 132 |         return 32
 133 |     
 134 | 
 135 | #
 136 | # Private.
 137 | #
 138 | 
 139 | import struct
 140 | import sys
 141 | 
 142 | WORD_BIGENDIAN = 0
 143 | if sys.byteorder == 'big':
 144 |     WORD_BIGENDIAN = 1
 145 | 
 146 | def rotr32(x, n):
 147 |     return (x >> n) | ((x << (32 - n)) & 0xFFFFFFFF)
 148 | 
 149 | def rotl32(x, n):
 150 |     return ((x << n) & 0xFFFFFFFF) | (x >> (32 - n))
 151 | 
 152 | def byteswap32(x):
 153 |     return ((x & 0xff) << 24) | (((x >> 8) & 0xff) << 16) | \
 154 |            (((x >> 16) & 0xff) << 8) | ((x >> 24) & 0xff)
 155 | 
 156 | def set_key(l_key, key, key_len):
 157 |     key_len *= 8
 158 |     if key_len > 256:
 159 |         return False
 160 |     
 161 |     i = 0
 162 |     lk = (key_len + 31) / 32
 163 |     while i < lk:
 164 |         l_key[i] = key[i]
 165 |         if WORD_BIGENDIAN:
 166 |             l_key[i] = byteswap32(key[i])
 167 |         i += 1
 168 |         
 169 |     if key_len < 256:
 170 |         while i < 8:
 171 |             l_key[i] = 0
 172 |             i += 1
 173 |         i = key_len / 32
 174 |         lk = 1 << (key_len % 32)
 175 |         l_key[i] = (l_key[i] & (lk - 1)) | lk
 176 |     for i in xrange(132):
 177 |         lk = l_key[i] ^ l_key[i + 3] ^ l_key[i + 5] ^ l_key[i + 7] ^ 0x9e3779b9 ^ i
 178 |         l_key[i + 8] = ((lk << 11) & 0xFFFFFFFF) | (lk >> 21)
 179 | 
 180 |     key = l_key
 181 |     # serpent_generate.py
 182 |     a = key[4 * 0 +  8]
 183 |     b = key[4 * 0 +  9]
 184 |     c = key[4 * 0 + 10]
 185 |     d = key[4 * 0 + 11]
 186 |     e = 0
 187 |     f = 0
 188 |     g = 0
 189 |     h = 0
 190 |     t1 = 0
 191 |     t2 = 0
 192 |     t3 = 0
 193 |     t4 = 0
 194 |     t5 = 0
 195 |     t6 = 0
 196 |     t7 = 0
 197 |     t8 = 0
 198 |     t9 = 0
 199 |     t10 = 0
 200 |     t11 = 0
 201 |     t12 = 0
 202 |     t13 = 0
 203 |     t14 = 0
 204 |     t15 = 0
 205 |     t16 = 0        
 206 |     t1 = a ^ c;     
 207 |     t2 = d ^ t1;    
 208 |     t3 = a & t2;    
 209 |     t4 = d ^ t3;    
 210 |     t5 = b & t4;    
 211 |     g = t2 ^ t5;    
 212 |     t7 = a | g;     
 213 |     t8 = b | d;     
 214 |     t11 = a | d;    
 215 |     t9 = t4 & t7;   
 216 |     f = t8 ^ t9;    
 217 |     t12 = b ^ t11;  
 218 |     t13 = g ^ t9;   
 219 |     t15 = t3 ^ t8;  
 220 |     h = t12 ^ t13;  
 221 |     t16 = c & t15;  
 222 |     e = t12 ^ t16
 223 |     key[4 * 0 +  8] = e
 224 |     key[4 * 0 +  9] = f
 225 |     key[4 * 0 + 10] = g
 226 |     key[4 * 0 + 11] = h
 227 |     a = key[4 * 1 +  8]
 228 |     b = key[4 * 1 +  9]
 229 |     c = key[4 * 1 + 10]
 230 |     d = key[4 * 1 + 11]
 231 |     t1 = (~a) % 0x100000000;        
 232 |     t2 = b ^ d;     
 233 |     t3 = c & t1;    
 234 |     t13 = d | t1;   
 235 |     e = t2 ^ t3;    
 236 |     t5 = c ^ t1;    
 237 |     t6 = c ^ e;     
 238 |     t7 = b & t6;    
 239 |     t10 = e | t5;   
 240 |     h = t5 ^ t7;    
 241 |     t9 = d | t7;    
 242 |     t11 = t9 & t10; 
 243 |     t14 = t2 ^ h;   
 244 |     g = a ^ t11;    
 245 |     t15 = g ^ t13;  
 246 |     f = t14 ^ t15
 247 |     key[4 * 1 +  8] = e
 248 |     key[4 * 1 +  9] = f
 249 |     key[4 * 1 + 10] = g
 250 |     key[4 * 1 + 11] = h
 251 |     a = key[4 * 2 +  8]
 252 |     b = key[4 * 2 +  9]
 253 |     c = key[4 * 2 + 10]
 254 |     d = key[4 * 2 + 11]
 255 |     t1 = (~a) % 0x100000000;        
 256 |     t2 = b ^ t1;    
 257 |     t3 = a | t2;    
 258 |     t4 = d | t2;    
 259 |     t5 = c ^ t3;    
 260 |     g = d ^ t5;     
 261 |     t7 = b ^ t4;    
 262 |     t8 = t2 ^ g;    
 263 |     t9 = t5 & t7;   
 264 |     h = t8 ^ t9;    
 265 |     t11 = t5 ^ t7;  
 266 |     f = h ^ t11;    
 267 |     t13 = t8 & t11; 
 268 |     e = t5 ^ t13
 269 |     key[4 * 2 +  8] = e
 270 |     key[4 * 2 +  9] = f
 271 |     key[4 * 2 + 10] = g
 272 |     key[4 * 2 + 11] = h
 273 |     a = key[4 * 3 +  8]
 274 |     b = key[4 * 3 +  9]
 275 |     c = key[4 * 3 + 10]
 276 |     d = key[4 * 3 + 11]
 277 |     t1 = a ^ d;     
 278 |     t2 = a & d;     
 279 |     t3 = c ^ t1;    
 280 |     t6 = b & t1;    
 281 |     t4 = b ^ t3;    
 282 |     t10 = (~t3) % 0x100000000;      
 283 |     h = t2 ^ t4;    
 284 |     t7 = a ^ t6;    
 285 |     t14 = (~t7) % 0x100000000;      
 286 |     t8 = c | t7;    
 287 |     t11 = t3 ^ t7;  
 288 |     g = t4 ^ t8;    
 289 |     t12 = h & t11;  
 290 |     f = t10 ^ t12;  
 291 |     e = t12 ^ t14
 292 |     key[4 * 3 +  8] = e
 293 |     key[4 * 3 +  9] = f
 294 |     key[4 * 3 + 10] = g
 295 |     key[4 * 3 + 11] = h
 296 |     a = key[4 * 4 +  8]
 297 |     b = key[4 * 4 +  9]
 298 |     c = key[4 * 4 + 10]
 299 |     d = key[4 * 4 + 11]
 300 |     t1 = (~c) % 0x100000000;        
 301 |     t2 = b ^ c;     
 302 |     t3 = b | t1;    
 303 |     t4 = d ^ t3;    
 304 |     t5 = a & t4;    
 305 |     t7 = a ^ d;     
 306 |     h = t2 ^ t5;    
 307 |     t8 = b ^ t5;    
 308 |     t9 = t2 | t8;   
 309 |     t11 = d & t3;   
 310 |     f = t7 ^ t9;    
 311 |     t12 = t5 ^ f;   
 312 |     t15 = t1 | t4;  
 313 |     t13 = h & t12;  
 314 |     g = t11 ^ t13;  
 315 |     t16 = t12 ^ g;  
 316 |     e = t15 ^ t16
 317 |     key[4 * 4 +  8] = e
 318 |     key[4 * 4 +  9] = f
 319 |     key[4 * 4 + 10] = g
 320 |     key[4 * 4 + 11] = h
 321 |     a = key[4 * 5 +  8]
 322 |     b = key[4 * 5 +  9]
 323 |     c = key[4 * 5 + 10]
 324 |     d = key[4 * 5 + 11]
 325 |     t1 = (~a) % 0x100000000;        
 326 |     t2 = a ^ d;     
 327 |     t3 = b ^ t2;    
 328 |     t4 = t1 | t2;   
 329 |     t5 = c ^ t4;    
 330 |     f = b ^ t5;     
 331 |     t13 = (~t5) % 0x100000000;      
 332 |     t7 = t2 | f;    
 333 |     t8 = d ^ t7;    
 334 |     t9 = t5 & t8;   
 335 |     g = t3 ^ t9;    
 336 |     t11 = t5 ^ t8;  
 337 |     e = g ^ t11;    
 338 |     t14 = t3 & t11; 
 339 |     h = t13 ^ t14
 340 |     key[4 * 5 +  8] = e
 341 |     key[4 * 5 +  9] = f
 342 |     key[4 * 5 + 10] = g
 343 |     key[4 * 5 + 11] = h
 344 |     a = key[4 * 6 +  8]
 345 |     b = key[4 * 6 +  9]
 346 |     c = key[4 * 6 + 10]
 347 |     d = key[4 * 6 + 11]
 348 |     t1 = (~a) % 0x100000000;        
 349 |     t2 = a ^ b;     
 350 |     t3 = a ^ d;     
 351 |     t4 = c ^ t1;    
 352 |     t5 = t2 | t3;   
 353 |     e = t4 ^ t5;    
 354 |     t7 = d & e;     
 355 |     t8 = t2 ^ e;    
 356 |     t10 = t1 | e;   
 357 |     f = t7 ^ t8;    
 358 |     t11 = t2 | t7;  
 359 |     t12 = t3 ^ t10; 
 360 |     t14 = b ^ t7;   
 361 |     g = t11 ^ t12;  
 362 |     t15 = f & t12;  
 363 |     h = t14 ^ t15
 364 |     key[4 * 6 +  8] = e
 365 |     key[4 * 6 +  9] = f
 366 |     key[4 * 6 + 10] = g
 367 |     key[4 * 6 + 11] = h
 368 |     a = key[4 * 7 +  8]
 369 |     b = key[4 * 7 +  9]
 370 |     c = key[4 * 7 + 10]
 371 |     d = key[4 * 7 + 11]
 372 |     t1 = a ^ d;     
 373 |     t2 = d & t1;    
 374 |     t3 = c ^ t2;    
 375 |     t4 = b | t3;    
 376 |     h = t1 ^ t4;    
 377 |     t6 = (~b) % 0x100000000;        
 378 |     t7 = t1 | t6;   
 379 |     e = t3 ^ t7;    
 380 |     t9 = a & e;     
 381 |     t10 = t1 ^ t6;  
 382 |     t11 = t4 & t10; 
 383 |     g = t9 ^ t11;   
 384 |     t13 = a ^ t3;   
 385 |     t14 = t10 & g;  
 386 |     f = t13 ^ t14
 387 |     key[4 * 7 +  8] = e
 388 |     key[4 * 7 +  9] = f
 389 |     key[4 * 7 + 10] = g
 390 |     key[4 * 7 + 11] = h
 391 |     a = key[4 * 8 +  8]
 392 |     b = key[4 * 8 +  9]
 393 |     c = key[4 * 8 + 10]
 394 |     d = key[4 * 8 + 11]
 395 |     t1 = a ^ c;     
 396 |     t2 = d ^ t1;    
 397 |     t3 = a & t2;    
 398 |     t4 = d ^ t3;    
 399 |     t5 = b & t4;    
 400 |     g = t2 ^ t5;    
 401 |     t7 = a | g;     
 402 |     t8 = b | d;     
 403 |     t11 = a | d;    
 404 |     t9 = t4 & t7;   
 405 |     f = t8 ^ t9;    
 406 |     t12 = b ^ t11;  
 407 |     t13 = g ^ t9;   
 408 |     t15 = t3 ^ t8;  
 409 |     h = t12 ^ t13;  
 410 |     t16 = c & t15;  
 411 |     e = t12 ^ t16
 412 |     key[4 * 8 +  8] = e
 413 |     key[4 * 8 +  9] = f
 414 |     key[4 * 8 + 10] = g
 415 |     key[4 * 8 + 11] = h
 416 |     a = key[4 * 9 +  8]
 417 |     b = key[4 * 9 +  9]
 418 |     c = key[4 * 9 + 10]
 419 |     d = key[4 * 9 + 11]
 420 |     t1 = (~a) % 0x100000000;        
 421 |     t2 = b ^ d;     
 422 |     t3 = c & t1;    
 423 |     t13 = d | t1;   
 424 |     e = t2 ^ t3;    
 425 |     t5 = c ^ t1;    
 426 |     t6 = c ^ e;     
 427 |     t7 = b & t6;    
 428 |     t10 = e | t5;   
 429 |     h = t5 ^ t7;    
 430 |     t9 = d | t7;    
 431 |     t11 = t9 & t10; 
 432 |     t14 = t2 ^ h;   
 433 |     g = a ^ t11;    
 434 |     t15 = g ^ t13;  
 435 |     f = t14 ^ t15
 436 |     key[4 * 9 +  8] = e
 437 |     key[4 * 9 +  9] = f
 438 |     key[4 * 9 + 10] = g
 439 |     key[4 * 9 + 11] = h
 440 |     a = key[4 * 10 +  8]
 441 |     b = key[4 * 10 +  9]
 442 |     c = key[4 * 10 + 10]
 443 |     d = key[4 * 10 + 11]
 444 |     t1 = (~a) % 0x100000000;        
 445 |     t2 = b ^ t1;    
 446 |     t3 = a | t2;    
 447 |     t4 = d | t2;    
 448 |     t5 = c ^ t3;    
 449 |     g = d ^ t5;     
 450 |     t7 = b ^ t4;    
 451 |     t8 = t2 ^ g;    
 452 |     t9 = t5 & t7;   
 453 |     h = t8 ^ t9;    
 454 |     t11 = t5 ^ t7;  
 455 |     f = h ^ t11;    
 456 |     t13 = t8 & t11; 
 457 |     e = t5 ^ t13
 458 |     key[4 * 10 +  8] = e
 459 |     key[4 * 10 +  9] = f
 460 |     key[4 * 10 + 10] = g
 461 |     key[4 * 10 + 11] = h
 462 |     a = key[4 * 11 +  8]
 463 |     b = key[4 * 11 +  9]
 464 |     c = key[4 * 11 + 10]
 465 |     d = key[4 * 11 + 11]
 466 |     t1 = a ^ d;     
 467 |     t2 = a & d;     
 468 |     t3 = c ^ t1;    
 469 |     t6 = b & t1;    
 470 |     t4 = b ^ t3;    
 471 |     t10 = (~t3) % 0x100000000;      
 472 |     h = t2 ^ t4;    
 473 |     t7 = a ^ t6;    
 474 |     t14 = (~t7) % 0x100000000;      
 475 |     t8 = c | t7;    
 476 |     t11 = t3 ^ t7;  
 477 |     g = t4 ^ t8;    
 478 |     t12 = h & t11;  
 479 |     f = t10 ^ t12;  
 480 |     e = t12 ^ t14
 481 |     key[4 * 11 +  8] = e
 482 |     key[4 * 11 +  9] = f
 483 |     key[4 * 11 + 10] = g
 484 |     key[4 * 11 + 11] = h
 485 |     a = key[4 * 12 +  8]
 486 |     b = key[4 * 12 +  9]
 487 |     c = key[4 * 12 + 10]
 488 |     d = key[4 * 12 + 11]
 489 |     t1 = (~c) % 0x100000000;        
 490 |     t2 = b ^ c;     
 491 |     t3 = b | t1;    
 492 |     t4 = d ^ t3;    
 493 |     t5 = a & t4;    
 494 |     t7 = a ^ d;     
 495 |     h = t2 ^ t5;    
 496 |     t8 = b ^ t5;    
 497 |     t9 = t2 | t8;   
 498 |     t11 = d & t3;   
 499 |     f = t7 ^ t9;    
 500 |     t12 = t5 ^ f;   
 501 |     t15 = t1 | t4;  
 502 |     t13 = h & t12;  
 503 |     g = t11 ^ t13;  
 504 |     t16 = t12 ^ g;  
 505 |     e = t15 ^ t16
 506 |     key[4 * 12 +  8] = e
 507 |     key[4 * 12 +  9] = f
 508 |     key[4 * 12 + 10] = g
 509 |     key[4 * 12 + 11] = h
 510 |     a = key[4 * 13 +  8]
 511 |     b = key[4 * 13 +  9]
 512 |     c = key[4 * 13 + 10]
 513 |     d = key[4 * 13 + 11]
 514 |     t1 = (~a) % 0x100000000;        
 515 |     t2 = a ^ d;     
 516 |     t3 = b ^ t2;    
 517 |     t4 = t1 | t2;   
 518 |     t5 = c ^ t4;    
 519 |     f = b ^ t5;     
 520 |     t13 = (~t5) % 0x100000000;      
 521 |     t7 = t2 | f;    
 522 |     t8 = d ^ t7;    
 523 |     t9 = t5 & t8;   
 524 |     g = t3 ^ t9;    
 525 |     t11 = t5 ^ t8;  
 526 |     e = g ^ t11;    
 527 |     t14 = t3 & t11; 
 528 |     h = t13 ^ t14
 529 |     key[4 * 13 +  8] = e
 530 |     key[4 * 13 +  9] = f
 531 |     key[4 * 13 + 10] = g
 532 |     key[4 * 13 + 11] = h
 533 |     a = key[4 * 14 +  8]
 534 |     b = key[4 * 14 +  9]
 535 |     c = key[4 * 14 + 10]
 536 |     d = key[4 * 14 + 11]
 537 |     t1 = (~a) % 0x100000000;        
 538 |     t2 = a ^ b;     
 539 |     t3 = a ^ d;     
 540 |     t4 = c ^ t1;    
 541 |     t5 = t2 | t3;   
 542 |     e = t4 ^ t5;    
 543 |     t7 = d & e;     
 544 |     t8 = t2 ^ e;    
 545 |     t10 = t1 | e;   
 546 |     f = t7 ^ t8;    
 547 |     t11 = t2 | t7;  
 548 |     t12 = t3 ^ t10; 
 549 |     t14 = b ^ t7;   
 550 |     g = t11 ^ t12;  
 551 |     t15 = f & t12;  
 552 |     h = t14 ^ t15
 553 |     key[4 * 14 +  8] = e
 554 |     key[4 * 14 +  9] = f
 555 |     key[4 * 14 + 10] = g
 556 |     key[4 * 14 + 11] = h
 557 |     a = key[4 * 15 +  8]
 558 |     b = key[4 * 15 +  9]
 559 |     c = key[4 * 15 + 10]
 560 |     d = key[4 * 15 + 11]
 561 |     t1 = a ^ d;     
 562 |     t2 = d & t1;    
 563 |     t3 = c ^ t2;    
 564 |     t4 = b | t3;    
 565 |     h = t1 ^ t4;    
 566 |     t6 = (~b) % 0x100000000;        
 567 |     t7 = t1 | t6;   
 568 |     e = t3 ^ t7;    
 569 |     t9 = a & e;     
 570 |     t10 = t1 ^ t6;  
 571 |     t11 = t4 & t10; 
 572 |     g = t9 ^ t11;   
 573 |     t13 = a ^ t3;   
 574 |     t14 = t10 & g;  
 575 |     f = t13 ^ t14
 576 |     key[4 * 15 +  8] = e
 577 |     key[4 * 15 +  9] = f
 578 |     key[4 * 15 + 10] = g
 579 |     key[4 * 15 + 11] = h
 580 |     a = key[4 * 16 +  8]
 581 |     b = key[4 * 16 +  9]
 582 |     c = key[4 * 16 + 10]
 583 |     d = key[4 * 16 + 11]
 584 |     t1 = a ^ c;     
 585 |     t2 = d ^ t1;    
 586 |     t3 = a & t2;    
 587 |     t4 = d ^ t3;    
 588 |     t5 = b & t4;    
 589 |     g = t2 ^ t5;    
 590 |     t7 = a | g;     
 591 |     t8 = b | d;     
 592 |     t11 = a | d;    
 593 |     t9 = t4 & t7;   
 594 |     f = t8 ^ t9;    
 595 |     t12 = b ^ t11;  
 596 |     t13 = g ^ t9;   
 597 |     t15 = t3 ^ t8;  
 598 |     h = t12 ^ t13;  
 599 |     t16 = c & t15;  
 600 |     e = t12 ^ t16
 601 |     key[4 * 16 +  8] = e
 602 |     key[4 * 16 +  9] = f
 603 |     key[4 * 16 + 10] = g
 604 |     key[4 * 16 + 11] = h
 605 |     a = key[4 * 17 +  8]
 606 |     b = key[4 * 17 +  9]
 607 |     c = key[4 * 17 + 10]
 608 |     d = key[4 * 17 + 11]
 609 |     t1 = (~a) % 0x100000000;        
 610 |     t2 = b ^ d;     
 611 |     t3 = c & t1;    
 612 |     t13 = d | t1;   
 613 |     e = t2 ^ t3;    
 614 |     t5 = c ^ t1;    
 615 |     t6 = c ^ e;     
 616 |     t7 = b & t6;    
 617 |     t10 = e | t5;   
 618 |     h = t5 ^ t7;    
 619 |     t9 = d | t7;    
 620 |     t11 = t9 & t10; 
 621 |     t14 = t2 ^ h;   
 622 |     g = a ^ t11;    
 623 |     t15 = g ^ t13;  
 624 |     f = t14 ^ t15
 625 |     key[4 * 17 +  8] = e
 626 |     key[4 * 17 +  9] = f
 627 |     key[4 * 17 + 10] = g
 628 |     key[4 * 17 + 11] = h
 629 |     a = key[4 * 18 +  8]
 630 |     b = key[4 * 18 +  9]
 631 |     c = key[4 * 18 + 10]
 632 |     d = key[4 * 18 + 11]
 633 |     t1 = (~a) % 0x100000000;        
 634 |     t2 = b ^ t1;    
 635 |     t3 = a | t2;    
 636 |     t4 = d | t2;    
 637 |     t5 = c ^ t3;    
 638 |     g = d ^ t5;     
 639 |     t7 = b ^ t4;    
 640 |     t8 = t2 ^ g;    
 641 |     t9 = t5 & t7;   
 642 |     h = t8 ^ t9;    
 643 |     t11 = t5 ^ t7;  
 644 |     f = h ^ t11;    
 645 |     t13 = t8 & t11; 
 646 |     e = t5 ^ t13
 647 |     key[4 * 18 +  8] = e
 648 |     key[4 * 18 +  9] = f
 649 |     key[4 * 18 + 10] = g
 650 |     key[4 * 18 + 11] = h
 651 |     a = key[4 * 19 +  8]
 652 |     b = key[4 * 19 +  9]
 653 |     c = key[4 * 19 + 10]
 654 |     d = key[4 * 19 + 11]
 655 |     t1 = a ^ d;     
 656 |     t2 = a & d;     
 657 |     t3 = c ^ t1;    
 658 |     t6 = b & t1;    
 659 |     t4 = b ^ t3;    
 660 |     t10 = (~t3) % 0x100000000;      
 661 |     h = t2 ^ t4;    
 662 |     t7 = a ^ t6;    
 663 |     t14 = (~t7) % 0x100000000;      
 664 |     t8 = c | t7;    
 665 |     t11 = t3 ^ t7;  
 666 |     g = t4 ^ t8;    
 667 |     t12 = h & t11;  
 668 |     f = t10 ^ t12;  
 669 |     e = t12 ^ t14
 670 |     key[4 * 19 +  8] = e
 671 |     key[4 * 19 +  9] = f
 672 |     key[4 * 19 + 10] = g
 673 |     key[4 * 19 + 11] = h
 674 |     a = key[4 * 20 +  8]
 675 |     b = key[4 * 20 +  9]
 676 |     c = key[4 * 20 + 10]
 677 |     d = key[4 * 20 + 11]
 678 |     t1 = (~c) % 0x100000000;        
 679 |     t2 = b ^ c;     
 680 |     t3 = b | t1;    
 681 |     t4 = d ^ t3;    
 682 |     t5 = a & t4;    
 683 |     t7 = a ^ d;     
 684 |     h = t2 ^ t5;    
 685 |     t8 = b ^ t5;    
 686 |     t9 = t2 | t8;   
 687 |     t11 = d & t3;   
 688 |     f = t7 ^ t9;    
 689 |     t12 = t5 ^ f;   
 690 |     t15 = t1 | t4;  
 691 |     t13 = h & t12;  
 692 |     g = t11 ^ t13;  
 693 |     t16 = t12 ^ g;  
 694 |     e = t15 ^ t16
 695 |     key[4 * 20 +  8] = e
 696 |     key[4 * 20 +  9] = f
 697 |     key[4 * 20 + 10] = g
 698 |     key[4 * 20 + 11] = h
 699 |     a = key[4 * 21 +  8]
 700 |     b = key[4 * 21 +  9]
 701 |     c = key[4 * 21 + 10]
 702 |     d = key[4 * 21 + 11]
 703 |     t1 = (~a) % 0x100000000;        
 704 |     t2 = a ^ d;     
 705 |     t3 = b ^ t2;    
 706 |     t4 = t1 | t2;   
 707 |     t5 = c ^ t4;    
 708 |     f = b ^ t5;     
 709 |     t13 = (~t5) % 0x100000000;      
 710 |     t7 = t2 | f;    
 711 |     t8 = d ^ t7;    
 712 |     t9 = t5 & t8;   
 713 |     g = t3 ^ t9;    
 714 |     t11 = t5 ^ t8;  
 715 |     e = g ^ t11;    
 716 |     t14 = t3 & t11; 
 717 |     h = t13 ^ t14
 718 |     key[4 * 21 +  8] = e
 719 |     key[4 * 21 +  9] = f
 720 |     key[4 * 21 + 10] = g
 721 |     key[4 * 21 + 11] = h
 722 |     a = key[4 * 22 +  8]
 723 |     b = key[4 * 22 +  9]
 724 |     c = key[4 * 22 + 10]
 725 |     d = key[4 * 22 + 11]
 726 |     t1 = (~a) % 0x100000000;        
 727 |     t2 = a ^ b;     
 728 |     t3 = a ^ d;     
 729 |     t4 = c ^ t1;    
 730 |     t5 = t2 | t3;   
 731 |     e = t4 ^ t5;    
 732 |     t7 = d & e;     
 733 |     t8 = t2 ^ e;    
 734 |     t10 = t1 | e;   
 735 |     f = t7 ^ t8;    
 736 |     t11 = t2 | t7;  
 737 |     t12 = t3 ^ t10; 
 738 |     t14 = b ^ t7;   
 739 |     g = t11 ^ t12;  
 740 |     t15 = f & t12;  
 741 |     h = t14 ^ t15
 742 |     key[4 * 22 +  8] = e
 743 |     key[4 * 22 +  9] = f
 744 |     key[4 * 22 + 10] = g
 745 |     key[4 * 22 + 11] = h
 746 |     a = key[4 * 23 +  8]
 747 |     b = key[4 * 23 +  9]
 748 |     c = key[4 * 23 + 10]
 749 |     d = key[4 * 23 + 11]
 750 |     t1 = a ^ d;     
 751 |     t2 = d & t1;    
 752 |     t3 = c ^ t2;    
 753 |     t4 = b | t3;    
 754 |     h = t1 ^ t4;    
 755 |     t6 = (~b) % 0x100000000;        
 756 |     t7 = t1 | t6;   
 757 |     e = t3 ^ t7;    
 758 |     t9 = a & e;     
 759 |     t10 = t1 ^ t6;  
 760 |     t11 = t4 & t10; 
 761 |     g = t9 ^ t11;   
 762 |     t13 = a ^ t3;   
 763 |     t14 = t10 & g;  
 764 |     f = t13 ^ t14
 765 |     key[4 * 23 +  8] = e
 766 |     key[4 * 23 +  9] = f
 767 |     key[4 * 23 + 10] = g
 768 |     key[4 * 23 + 11] = h
 769 |     a = key[4 * 24 +  8]
 770 |     b = key[4 * 24 +  9]
 771 |     c = key[4 * 24 + 10]
 772 |     d = key[4 * 24 + 11]
 773 |     t1 = a ^ c;     
 774 |     t2 = d ^ t1;    
 775 |     t3 = a & t2;    
 776 |     t4 = d ^ t3;    
 777 |     t5 = b & t4;    
 778 |     g = t2 ^ t5;    
 779 |     t7 = a | g;     
 780 |     t8 = b | d;     
 781 |     t11 = a | d;    
 782 |     t9 = t4 & t7;   
 783 |     f = t8 ^ t9;    
 784 |     t12 = b ^ t11;  
 785 |     t13 = g ^ t9;   
 786 |     t15 = t3 ^ t8;  
 787 |     h = t12 ^ t13;  
 788 |     t16 = c & t15;  
 789 |     e = t12 ^ t16
 790 |     key[4 * 24 +  8] = e
 791 |     key[4 * 24 +  9] = f
 792 |     key[4 * 24 + 10] = g
 793 |     key[4 * 24 + 11] = h
 794 |     a = key[4 * 25 +  8]
 795 |     b = key[4 * 25 +  9]
 796 |     c = key[4 * 25 + 10]
 797 |     d = key[4 * 25 + 11]
 798 |     t1 = (~a) % 0x100000000;        
 799 |     t2 = b ^ d;     
 800 |     t3 = c & t1;    
 801 |     t13 = d | t1;   
 802 |     e = t2 ^ t3;    
 803 |     t5 = c ^ t1;    
 804 |     t6 = c ^ e;     
 805 |     t7 = b & t6;    
 806 |     t10 = e | t5;   
 807 |     h = t5 ^ t7;    
 808 |     t9 = d | t7;    
 809 |     t11 = t9 & t10; 
 810 |     t14 = t2 ^ h;   
 811 |     g = a ^ t11;    
 812 |     t15 = g ^ t13;  
 813 |     f = t14 ^ t15
 814 |     key[4 * 25 +  8] = e
 815 |     key[4 * 25 +  9] = f
 816 |     key[4 * 25 + 10] = g
 817 |     key[4 * 25 + 11] = h
 818 |     a = key[4 * 26 +  8]
 819 |     b = key[4 * 26 +  9]
 820 |     c = key[4 * 26 + 10]
 821 |     d = key[4 * 26 + 11]
 822 |     t1 = (~a) % 0x100000000;        
 823 |     t2 = b ^ t1;    
 824 |     t3 = a | t2;    
 825 |     t4 = d | t2;    
 826 |     t5 = c ^ t3;    
 827 |     g = d ^ t5;     
 828 |     t7 = b ^ t4;    
 829 |     t8 = t2 ^ g;    
 830 |     t9 = t5 & t7;   
 831 |     h = t8 ^ t9;    
 832 |     t11 = t5 ^ t7;  
 833 |     f = h ^ t11;    
 834 |     t13 = t8 & t11; 
 835 |     e = t5 ^ t13
 836 |     key[4 * 26 +  8] = e
 837 |     key[4 * 26 +  9] = f
 838 |     key[4 * 26 + 10] = g
 839 |     key[4 * 26 + 11] = h
 840 |     a = key[4 * 27 +  8]
 841 |     b = key[4 * 27 +  9]
 842 |     c = key[4 * 27 + 10]
 843 |     d = key[4 * 27 + 11]
 844 |     t1 = a ^ d;     
 845 |     t2 = a & d;     
 846 |     t3 = c ^ t1;    
 847 |     t6 = b & t1;    
 848 |     t4 = b ^ t3;    
 849 |     t10 = (~t3) % 0x100000000;      
 850 |     h = t2 ^ t4;    
 851 |     t7 = a ^ t6;    
 852 |     t14 = (~t7) % 0x100000000;      
 853 |     t8 = c | t7;    
 854 |     t11 = t3 ^ t7;  
 855 |     g = t4 ^ t8;    
 856 |     t12 = h & t11;  
 857 |     f = t10 ^ t12;  
 858 |     e = t12 ^ t14
 859 |     key[4 * 27 +  8] = e
 860 |     key[4 * 27 +  9] = f
 861 |     key[4 * 27 + 10] = g
 862 |     key[4 * 27 + 11] = h
 863 |     a = key[4 * 28 +  8]
 864 |     b = key[4 * 28 +  9]
 865 |     c = key[4 * 28 + 10]
 866 |     d = key[4 * 28 + 11]
 867 |     t1 = (~c) % 0x100000000;        
 868 |     t2 = b ^ c;     
 869 |     t3 = b | t1;    
 870 |     t4 = d ^ t3;    
 871 |     t5 = a & t4;    
 872 |     t7 = a ^ d;     
 873 |     h = t2 ^ t5;    
 874 |     t8 = b ^ t5;    
 875 |     t9 = t2 | t8;   
 876 |     t11 = d & t3;   
 877 |     f = t7 ^ t9;    
 878 |     t12 = t5 ^ f;   
 879 |     t15 = t1 | t4;  
 880 |     t13 = h & t12;  
 881 |     g = t11 ^ t13;  
 882 |     t16 = t12 ^ g;  
 883 |     e = t15 ^ t16
 884 |     key[4 * 28 +  8] = e
 885 |     key[4 * 28 +  9] = f
 886 |     key[4 * 28 + 10] = g
 887 |     key[4 * 28 + 11] = h
 888 |     a = key[4 * 29 +  8]
 889 |     b = key[4 * 29 +  9]
 890 |     c = key[4 * 29 + 10]
 891 |     d = key[4 * 29 + 11]
 892 |     t1 = (~a) % 0x100000000;        
 893 |     t2 = a ^ d;     
 894 |     t3 = b ^ t2;    
 895 |     t4 = t1 | t2;   
 896 |     t5 = c ^ t4;    
 897 |     f = b ^ t5;     
 898 |     t13 = (~t5) % 0x100000000;      
 899 |     t7 = t2 | f;    
 900 |     t8 = d ^ t7;    
 901 |     t9 = t5 & t8;   
 902 |     g = t3 ^ t9;    
 903 |     t11 = t5 ^ t8;  
 904 |     e = g ^ t11;    
 905 |     t14 = t3 & t11; 
 906 |     h = t13 ^ t14
 907 |     key[4 * 29 +  8] = e
 908 |     key[4 * 29 +  9] = f
 909 |     key[4 * 29 + 10] = g
 910 |     key[4 * 29 + 11] = h
 911 |     a = key[4 * 30 +  8]
 912 |     b = key[4 * 30 +  9]
 913 |     c = key[4 * 30 + 10]
 914 |     d = key[4 * 30 + 11]
 915 |     t1 = (~a) % 0x100000000;        
 916 |     t2 = a ^ b;     
 917 |     t3 = a ^ d;     
 918 |     t4 = c ^ t1;    
 919 |     t5 = t2 | t3;   
 920 |     e = t4 ^ t5;    
 921 |     t7 = d & e;     
 922 |     t8 = t2 ^ e;    
 923 |     t10 = t1 | e;   
 924 |     f = t7 ^ t8;    
 925 |     t11 = t2 | t7;  
 926 |     t12 = t3 ^ t10; 
 927 |     t14 = b ^ t7;   
 928 |     g = t11 ^ t12;  
 929 |     t15 = f & t12;  
 930 |     h = t14 ^ t15
 931 |     key[4 * 30 +  8] = e
 932 |     key[4 * 30 +  9] = f
 933 |     key[4 * 30 + 10] = g
 934 |     key[4 * 30 + 11] = h
 935 |     a = key[4 * 31 +  8]
 936 |     b = key[4 * 31 +  9]
 937 |     c = key[4 * 31 + 10]
 938 |     d = key[4 * 31 + 11]
 939 |     t1 = a ^ d;     
 940 |     t2 = d & t1;    
 941 |     t3 = c ^ t2;    
 942 |     t4 = b | t3;    
 943 |     h = t1 ^ t4;    
 944 |     t6 = (~b) % 0x100000000;        
 945 |     t7 = t1 | t6;   
 946 |     e = t3 ^ t7;    
 947 |     t9 = a & e;     
 948 |     t10 = t1 ^ t6;  
 949 |     t11 = t4 & t10; 
 950 |     g = t9 ^ t11;   
 951 |     t13 = a ^ t3;   
 952 |     t14 = t10 & g;  
 953 |     f = t13 ^ t14
 954 |     key[4 * 31 +  8] = e
 955 |     key[4 * 31 +  9] = f
 956 |     key[4 * 31 + 10] = g
 957 |     key[4 * 31 + 11] = h
 958 |     a = key[4 * 32 +  8]
 959 |     b = key[4 * 32 +  9]
 960 |     c = key[4 * 32 + 10]
 961 |     d = key[4 * 32 + 11]
 962 |     t1 = a ^ c;     
 963 |     t2 = d ^ t1;    
 964 |     t3 = a & t2;    
 965 |     t4 = d ^ t3;    
 966 |     t5 = b & t4;    
 967 |     g = t2 ^ t5;    
 968 |     t7 = a | g;     
 969 |     t8 = b | d;     
 970 |     t11 = a | d;    
 971 |     t9 = t4 & t7;   
 972 |     f = t8 ^ t9;    
 973 |     t12 = b ^ t11;  
 974 |     t13 = g ^ t9;   
 975 |     t15 = t3 ^ t8;  
 976 |     h = t12 ^ t13;  
 977 |     t16 = c & t15;  
 978 |     e = t12 ^ t16
 979 |     key[4 * 32 +  8] = e
 980 |     key[4 * 32 +  9] = f
 981 |     key[4 * 32 + 10] = g
 982 |     key[4 * 32 + 11] = h
 983 | 
 984 | def encrypt(key, in_blk):
 985 |     # serpent_generate.py
 986 |     a = in_blk[0]
 987 |     b = in_blk[1]
 988 |     c = in_blk[2]
 989 |     d = in_blk[3]
 990 |     if WORD_BIGENDIAN:
 991 |         a = byteswap32(a)
 992 |         b = byteswap32(b)
 993 |         c = byteswap32(c)
 994 |         d = byteswap32(d)
 995 |     e = 0
 996 |     f = 0
 997 |     g = 0
 998 |     h = 0
 999 |     t1 = 0
1000 |     t2 = 0
1001 |     t3 = 0
1002 |     t4 = 0
1003 |     t5 = 0
1004 |     t6 = 0
1005 |     t7 = 0
1006 |     t8 = 0
1007 |     t9 = 0
1008 |     t10 = 0
1009 |     t11 = 0
1010 |     t12 = 0
1011 |     t13 = 0
1012 |     t14 = 0
1013 |     t15 = 0
1014 |     t16 = 0    
1015 |     a ^= key[4 * 0 +  8]
1016 |     b ^= key[4 * 0 +  9]
1017 |     c ^= key[4 * 0 + 10]
1018 |     d ^= key[4 * 0 + 11]
1019 |     t1 = a ^ d;     
1020 |     t2 = a & d;     
1021 |     t3 = c ^ t1;    
1022 |     t6 = b & t1;    
1023 |     t4 = b ^ t3;    
1024 |     t10 = (~t3) % 0x100000000;      
1025 |     h = t2 ^ t4;    
1026 |     t7 = a ^ t6;    
1027 |     t14 = (~t7) % 0x100000000;      
1028 |     t8 = c | t7;    
1029 |     t11 = t3 ^ t7;  
1030 |     g = t4 ^ t8;    
1031 |     t12 = h & t11;  
1032 |     f = t10 ^ t12;  
1033 |     e = t12 ^ t14
1034 |     e = rotl32(e, 13)
1035 |     g = rotl32(g, 3)
1036 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
1037 |     f ^= e ^ g
1038 |     h = rotl32(h, 7)
1039 |     f = rotl32(f, 1)
1040 |     e ^= f ^ h
1041 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
1042 |     e = rotl32(e, 5)
1043 |     g = rotl32(g, 22)
1044 |     e ^= key[4 * 1 +  8]
1045 |     f ^= key[4 * 1 +  9]
1046 |     g ^= key[4 * 1 + 10]
1047 |     h ^= key[4 * 1 + 11]
1048 |     t1 = (~e) % 0x100000000;        
1049 |     t2 = f ^ t1;    
1050 |     t3 = e | t2;    
1051 |     t4 = h | t2;    
1052 |     t5 = g ^ t3;    
1053 |     c = h ^ t5;     
1054 |     t7 = f ^ t4;    
1055 |     t8 = t2 ^ c;    
1056 |     t9 = t5 & t7;   
1057 |     d = t8 ^ t9;    
1058 |     t11 = t5 ^ t7;  
1059 |     b = d ^ t11;    
1060 |     t13 = t8 & t11; 
1061 |     a = t5 ^ t13
1062 |     a = rotl32(a, 13)
1063 |     c = rotl32(c, 3)
1064 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
1065 |     b ^= a ^ c
1066 |     d = rotl32(d, 7)
1067 |     b = rotl32(b, 1)
1068 |     a ^= b ^ d
1069 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
1070 |     a = rotl32(a, 5)
1071 |     c = rotl32(c, 22)
1072 |     a ^= key[4 * 2 +  8]
1073 |     b ^= key[4 * 2 +  9]
1074 |     c ^= key[4 * 2 + 10]
1075 |     d ^= key[4 * 2 + 11]
1076 |     t1 = (~a) % 0x100000000;        
1077 |     t2 = b ^ d;     
1078 |     t3 = c & t1;    
1079 |     t13 = d | t1;   
1080 |     e = t2 ^ t3;    
1081 |     t5 = c ^ t1;    
1082 |     t6 = c ^ e;     
1083 |     t7 = b & t6;    
1084 |     t10 = e | t5;   
1085 |     h = t5 ^ t7;    
1086 |     t9 = d | t7;    
1087 |     t11 = t9 & t10; 
1088 |     t14 = t2 ^ h;   
1089 |     g = a ^ t11;    
1090 |     t15 = g ^ t13;  
1091 |     f = t14 ^ t15
1092 |     e = rotl32(e, 13)
1093 |     g = rotl32(g, 3)
1094 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
1095 |     f ^= e ^ g
1096 |     h = rotl32(h, 7)
1097 |     f = rotl32(f, 1)
1098 |     e ^= f ^ h
1099 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
1100 |     e = rotl32(e, 5)
1101 |     g = rotl32(g, 22)
1102 |     e ^= key[4 * 3 +  8]
1103 |     f ^= key[4 * 3 +  9]
1104 |     g ^= key[4 * 3 + 10]
1105 |     h ^= key[4 * 3 + 11]
1106 |     t1 = e ^ g;     
1107 |     t2 = h ^ t1;    
1108 |     t3 = e & t2;    
1109 |     t4 = h ^ t3;    
1110 |     t5 = f & t4;    
1111 |     c = t2 ^ t5;    
1112 |     t7 = e | c;     
1113 |     t8 = f | h;     
1114 |     t11 = e | h;    
1115 |     t9 = t4 & t7;   
1116 |     b = t8 ^ t9;    
1117 |     t12 = f ^ t11;  
1118 |     t13 = c ^ t9;   
1119 |     t15 = t3 ^ t8;  
1120 |     d = t12 ^ t13;  
1121 |     t16 = g & t15;  
1122 |     a = t12 ^ t16
1123 |     a = rotl32(a, 13)
1124 |     c = rotl32(c, 3)
1125 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
1126 |     b ^= a ^ c
1127 |     d = rotl32(d, 7)
1128 |     b = rotl32(b, 1)
1129 |     a ^= b ^ d
1130 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
1131 |     a = rotl32(a, 5)
1132 |     c = rotl32(c, 22)
1133 |     a ^= key[4 * 4 +  8]
1134 |     b ^= key[4 * 4 +  9]
1135 |     c ^= key[4 * 4 + 10]
1136 |     d ^= key[4 * 4 + 11]
1137 |     t1 = a ^ d;     
1138 |     t2 = d & t1;    
1139 |     t3 = c ^ t2;    
1140 |     t4 = b | t3;    
1141 |     h = t1 ^ t4;    
1142 |     t6 = (~b) % 0x100000000;        
1143 |     t7 = t1 | t6;   
1144 |     e = t3 ^ t7;    
1145 |     t9 = a & e;     
1146 |     t10 = t1 ^ t6;  
1147 |     t11 = t4 & t10; 
1148 |     g = t9 ^ t11;   
1149 |     t13 = a ^ t3;   
1150 |     t14 = t10 & g;  
1151 |     f = t13 ^ t14
1152 |     e = rotl32(e, 13)
1153 |     g = rotl32(g, 3)
1154 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
1155 |     f ^= e ^ g
1156 |     h = rotl32(h, 7)
1157 |     f = rotl32(f, 1)
1158 |     e ^= f ^ h
1159 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
1160 |     e = rotl32(e, 5)
1161 |     g = rotl32(g, 22)
1162 |     e ^= key[4 * 5 +  8]
1163 |     f ^= key[4 * 5 +  9]
1164 |     g ^= key[4 * 5 + 10]
1165 |     h ^= key[4 * 5 + 11]
1166 |     t1 = (~e) % 0x100000000;        
1167 |     t2 = e ^ f;     
1168 |     t3 = e ^ h;     
1169 |     t4 = g ^ t1;    
1170 |     t5 = t2 | t3;   
1171 |     a = t4 ^ t5;    
1172 |     t7 = h & a;     
1173 |     t8 = t2 ^ a;    
1174 |     t10 = t1 | a;   
1175 |     b = t7 ^ t8;    
1176 |     t11 = t2 | t7;  
1177 |     t12 = t3 ^ t10; 
1178 |     t14 = f ^ t7;   
1179 |     c = t11 ^ t12;  
1180 |     t15 = b & t12;  
1181 |     d = t14 ^ t15
1182 |     a = rotl32(a, 13)
1183 |     c = rotl32(c, 3)
1184 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
1185 |     b ^= a ^ c
1186 |     d = rotl32(d, 7)
1187 |     b = rotl32(b, 1)
1188 |     a ^= b ^ d
1189 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
1190 |     a = rotl32(a, 5)
1191 |     c = rotl32(c, 22)
1192 |     a ^= key[4 * 6 +  8]
1193 |     b ^= key[4 * 6 +  9]
1194 |     c ^= key[4 * 6 + 10]
1195 |     d ^= key[4 * 6 + 11]
1196 |     t1 = (~a) % 0x100000000;        
1197 |     t2 = a ^ d;     
1198 |     t3 = b ^ t2;    
1199 |     t4 = t1 | t2;   
1200 |     t5 = c ^ t4;    
1201 |     f = b ^ t5;     
1202 |     t13 = (~t5) % 0x100000000;      
1203 |     t7 = t2 | f;    
1204 |     t8 = d ^ t7;    
1205 |     t9 = t5 & t8;   
1206 |     g = t3 ^ t9;    
1207 |     t11 = t5 ^ t8;  
1208 |     e = g ^ t11;    
1209 |     t14 = t3 & t11; 
1210 |     h = t13 ^ t14
1211 |     e = rotl32(e, 13)
1212 |     g = rotl32(g, 3)
1213 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
1214 |     f ^= e ^ g
1215 |     h = rotl32(h, 7)
1216 |     f = rotl32(f, 1)
1217 |     e ^= f ^ h
1218 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
1219 |     e = rotl32(e, 5)
1220 |     g = rotl32(g, 22)
1221 |     e ^= key[4 * 7 +  8]
1222 |     f ^= key[4 * 7 +  9]
1223 |     g ^= key[4 * 7 + 10]
1224 |     h ^= key[4 * 7 + 11]
1225 |     t1 = (~g) % 0x100000000;        
1226 |     t2 = f ^ g;     
1227 |     t3 = f | t1;    
1228 |     t4 = h ^ t3;    
1229 |     t5 = e & t4;    
1230 |     t7 = e ^ h;     
1231 |     d = t2 ^ t5;    
1232 |     t8 = f ^ t5;    
1233 |     t9 = t2 | t8;   
1234 |     t11 = h & t3;   
1235 |     b = t7 ^ t9;    
1236 |     t12 = t5 ^ b;   
1237 |     t15 = t1 | t4;  
1238 |     t13 = d & t12;  
1239 |     c = t11 ^ t13;  
1240 |     t16 = t12 ^ c;  
1241 |     a = t15 ^ t16
1242 |     a = rotl32(a, 13)
1243 |     c = rotl32(c, 3)
1244 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
1245 |     b ^= a ^ c
1246 |     d = rotl32(d, 7)
1247 |     b = rotl32(b, 1)
1248 |     a ^= b ^ d
1249 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
1250 |     a = rotl32(a, 5)
1251 |     c = rotl32(c, 22)
1252 |     a ^= key[4 * 8 +  8]
1253 |     b ^= key[4 * 8 +  9]
1254 |     c ^= key[4 * 8 + 10]
1255 |     d ^= key[4 * 8 + 11]
1256 |     t1 = a ^ d;     
1257 |     t2 = a & d;     
1258 |     t3 = c ^ t1;    
1259 |     t6 = b & t1;    
1260 |     t4 = b ^ t3;    
1261 |     t10 = (~t3) % 0x100000000;      
1262 |     h = t2 ^ t4;    
1263 |     t7 = a ^ t6;    
1264 |     t14 = (~t7) % 0x100000000;      
1265 |     t8 = c | t7;    
1266 |     t11 = t3 ^ t7;  
1267 |     g = t4 ^ t8;    
1268 |     t12 = h & t11;  
1269 |     f = t10 ^ t12;  
1270 |     e = t12 ^ t14
1271 |     e = rotl32(e, 13)
1272 |     g = rotl32(g, 3)
1273 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
1274 |     f ^= e ^ g
1275 |     h = rotl32(h, 7)
1276 |     f = rotl32(f, 1)
1277 |     e ^= f ^ h
1278 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
1279 |     e = rotl32(e, 5)
1280 |     g = rotl32(g, 22)
1281 |     e ^= key[4 * 9 +  8]
1282 |     f ^= key[4 * 9 +  9]
1283 |     g ^= key[4 * 9 + 10]
1284 |     h ^= key[4 * 9 + 11]
1285 |     t1 = (~e) % 0x100000000;        
1286 |     t2 = f ^ t1;    
1287 |     t3 = e | t2;    
1288 |     t4 = h | t2;    
1289 |     t5 = g ^ t3;    
1290 |     c = h ^ t5;     
1291 |     t7 = f ^ t4;    
1292 |     t8 = t2 ^ c;    
1293 |     t9 = t5 & t7;   
1294 |     d = t8 ^ t9;    
1295 |     t11 = t5 ^ t7;  
1296 |     b = d ^ t11;    
1297 |     t13 = t8 & t11; 
1298 |     a = t5 ^ t13
1299 |     a = rotl32(a, 13)
1300 |     c = rotl32(c, 3)
1301 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
1302 |     b ^= a ^ c
1303 |     d = rotl32(d, 7)
1304 |     b = rotl32(b, 1)
1305 |     a ^= b ^ d
1306 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
1307 |     a = rotl32(a, 5)
1308 |     c = rotl32(c, 22)
1309 |     a ^= key[4 * 10 +  8]
1310 |     b ^= key[4 * 10 +  9]
1311 |     c ^= key[4 * 10 + 10]
1312 |     d ^= key[4 * 10 + 11]
1313 |     t1 = (~a) % 0x100000000;        
1314 |     t2 = b ^ d;     
1315 |     t3 = c & t1;    
1316 |     t13 = d | t1;   
1317 |     e = t2 ^ t3;    
1318 |     t5 = c ^ t1;    
1319 |     t6 = c ^ e;     
1320 |     t7 = b & t6;    
1321 |     t10 = e | t5;   
1322 |     h = t5 ^ t7;    
1323 |     t9 = d | t7;    
1324 |     t11 = t9 & t10; 
1325 |     t14 = t2 ^ h;   
1326 |     g = a ^ t11;    
1327 |     t15 = g ^ t13;  
1328 |     f = t14 ^ t15
1329 |     e = rotl32(e, 13)
1330 |     g = rotl32(g, 3)
1331 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
1332 |     f ^= e ^ g
1333 |     h = rotl32(h, 7)
1334 |     f = rotl32(f, 1)
1335 |     e ^= f ^ h
1336 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
1337 |     e = rotl32(e, 5)
1338 |     g = rotl32(g, 22)
1339 |     e ^= key[4 * 11 +  8]
1340 |     f ^= key[4 * 11 +  9]
1341 |     g ^= key[4 * 11 + 10]
1342 |     h ^= key[4 * 11 + 11]
1343 |     t1 = e ^ g;     
1344 |     t2 = h ^ t1;    
1345 |     t3 = e & t2;    
1346 |     t4 = h ^ t3;    
1347 |     t5 = f & t4;    
1348 |     c = t2 ^ t5;    
1349 |     t7 = e | c;     
1350 |     t8 = f | h;     
1351 |     t11 = e | h;    
1352 |     t9 = t4 & t7;   
1353 |     b = t8 ^ t9;    
1354 |     t12 = f ^ t11;  
1355 |     t13 = c ^ t9;   
1356 |     t15 = t3 ^ t8;  
1357 |     d = t12 ^ t13;  
1358 |     t16 = g & t15;  
1359 |     a = t12 ^ t16
1360 |     a = rotl32(a, 13)
1361 |     c = rotl32(c, 3)
1362 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
1363 |     b ^= a ^ c
1364 |     d = rotl32(d, 7)
1365 |     b = rotl32(b, 1)
1366 |     a ^= b ^ d
1367 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
1368 |     a = rotl32(a, 5)
1369 |     c = rotl32(c, 22)
1370 |     a ^= key[4 * 12 +  8]
1371 |     b ^= key[4 * 12 +  9]
1372 |     c ^= key[4 * 12 + 10]
1373 |     d ^= key[4 * 12 + 11]
1374 |     t1 = a ^ d;     
1375 |     t2 = d & t1;    
1376 |     t3 = c ^ t2;    
1377 |     t4 = b | t3;    
1378 |     h = t1 ^ t4;    
1379 |     t6 = (~b) % 0x100000000;        
1380 |     t7 = t1 | t6;   
1381 |     e = t3 ^ t7;    
1382 |     t9 = a & e;     
1383 |     t10 = t1 ^ t6;  
1384 |     t11 = t4 & t10; 
1385 |     g = t9 ^ t11;   
1386 |     t13 = a ^ t3;   
1387 |     t14 = t10 & g;  
1388 |     f = t13 ^ t14
1389 |     e = rotl32(e, 13)
1390 |     g = rotl32(g, 3)
1391 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
1392 |     f ^= e ^ g
1393 |     h = rotl32(h, 7)
1394 |     f = rotl32(f, 1)
1395 |     e ^= f ^ h
1396 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
1397 |     e = rotl32(e, 5)
1398 |     g = rotl32(g, 22)
1399 |     e ^= key[4 * 13 +  8]
1400 |     f ^= key[4 * 13 +  9]
1401 |     g ^= key[4 * 13 + 10]
1402 |     h ^= key[4 * 13 + 11]
1403 |     t1 = (~e) % 0x100000000;        
1404 |     t2 = e ^ f;     
1405 |     t3 = e ^ h;     
1406 |     t4 = g ^ t1;    
1407 |     t5 = t2 | t3;   
1408 |     a = t4 ^ t5;    
1409 |     t7 = h & a;     
1410 |     t8 = t2 ^ a;    
1411 |     t10 = t1 | a;   
1412 |     b = t7 ^ t8;    
1413 |     t11 = t2 | t7;  
1414 |     t12 = t3 ^ t10; 
1415 |     t14 = f ^ t7;   
1416 |     c = t11 ^ t12;  
1417 |     t15 = b & t12;  
1418 |     d = t14 ^ t15
1419 |     a = rotl32(a, 13)
1420 |     c = rotl32(c, 3)
1421 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
1422 |     b ^= a ^ c
1423 |     d = rotl32(d, 7)
1424 |     b = rotl32(b, 1)
1425 |     a ^= b ^ d
1426 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
1427 |     a = rotl32(a, 5)
1428 |     c = rotl32(c, 22)
1429 |     a ^= key[4 * 14 +  8]
1430 |     b ^= key[4 * 14 +  9]
1431 |     c ^= key[4 * 14 + 10]
1432 |     d ^= key[4 * 14 + 11]
1433 |     t1 = (~a) % 0x100000000;        
1434 |     t2 = a ^ d;     
1435 |     t3 = b ^ t2;    
1436 |     t4 = t1 | t2;   
1437 |     t5 = c ^ t4;    
1438 |     f = b ^ t5;     
1439 |     t13 = (~t5) % 0x100000000;      
1440 |     t7 = t2 | f;    
1441 |     t8 = d ^ t7;    
1442 |     t9 = t5 & t8;   
1443 |     g = t3 ^ t9;    
1444 |     t11 = t5 ^ t8;  
1445 |     e = g ^ t11;    
1446 |     t14 = t3 & t11; 
1447 |     h = t13 ^ t14
1448 |     e = rotl32(e, 13)
1449 |     g = rotl32(g, 3)
1450 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
1451 |     f ^= e ^ g
1452 |     h = rotl32(h, 7)
1453 |     f = rotl32(f, 1)
1454 |     e ^= f ^ h
1455 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
1456 |     e = rotl32(e, 5)
1457 |     g = rotl32(g, 22)
1458 |     e ^= key[4 * 15 +  8]
1459 |     f ^= key[4 * 15 +  9]
1460 |     g ^= key[4 * 15 + 10]
1461 |     h ^= key[4 * 15 + 11]
1462 |     t1 = (~g) % 0x100000000;        
1463 |     t2 = f ^ g;     
1464 |     t3 = f | t1;    
1465 |     t4 = h ^ t3;    
1466 |     t5 = e & t4;    
1467 |     t7 = e ^ h;     
1468 |     d = t2 ^ t5;    
1469 |     t8 = f ^ t5;    
1470 |     t9 = t2 | t8;   
1471 |     t11 = h & t3;   
1472 |     b = t7 ^ t9;    
1473 |     t12 = t5 ^ b;   
1474 |     t15 = t1 | t4;  
1475 |     t13 = d & t12;  
1476 |     c = t11 ^ t13;  
1477 |     t16 = t12 ^ c;  
1478 |     a = t15 ^ t16
1479 |     a = rotl32(a, 13)
1480 |     c = rotl32(c, 3)
1481 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
1482 |     b ^= a ^ c
1483 |     d = rotl32(d, 7)
1484 |     b = rotl32(b, 1)
1485 |     a ^= b ^ d
1486 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
1487 |     a = rotl32(a, 5)
1488 |     c = rotl32(c, 22)
1489 |     a ^= key[4 * 16 +  8]
1490 |     b ^= key[4 * 16 +  9]
1491 |     c ^= key[4 * 16 + 10]
1492 |     d ^= key[4 * 16 + 11]
1493 |     t1 = a ^ d;     
1494 |     t2 = a & d;     
1495 |     t3 = c ^ t1;    
1496 |     t6 = b & t1;    
1497 |     t4 = b ^ t3;    
1498 |     t10 = (~t3) % 0x100000000;      
1499 |     h = t2 ^ t4;    
1500 |     t7 = a ^ t6;    
1501 |     t14 = (~t7) % 0x100000000;      
1502 |     t8 = c | t7;    
1503 |     t11 = t3 ^ t7;  
1504 |     g = t4 ^ t8;    
1505 |     t12 = h & t11;  
1506 |     f = t10 ^ t12;  
1507 |     e = t12 ^ t14
1508 |     e = rotl32(e, 13)
1509 |     g = rotl32(g, 3)
1510 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
1511 |     f ^= e ^ g
1512 |     h = rotl32(h, 7)
1513 |     f = rotl32(f, 1)
1514 |     e ^= f ^ h
1515 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
1516 |     e = rotl32(e, 5)
1517 |     g = rotl32(g, 22)
1518 |     e ^= key[4 * 17 +  8]
1519 |     f ^= key[4 * 17 +  9]
1520 |     g ^= key[4 * 17 + 10]
1521 |     h ^= key[4 * 17 + 11]
1522 |     t1 = (~e) % 0x100000000;        
1523 |     t2 = f ^ t1;    
1524 |     t3 = e | t2;    
1525 |     t4 = h | t2;    
1526 |     t5 = g ^ t3;    
1527 |     c = h ^ t5;     
1528 |     t7 = f ^ t4;    
1529 |     t8 = t2 ^ c;    
1530 |     t9 = t5 & t7;   
1531 |     d = t8 ^ t9;    
1532 |     t11 = t5 ^ t7;  
1533 |     b = d ^ t11;    
1534 |     t13 = t8 & t11; 
1535 |     a = t5 ^ t13
1536 |     a = rotl32(a, 13)
1537 |     c = rotl32(c, 3)
1538 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
1539 |     b ^= a ^ c
1540 |     d = rotl32(d, 7)
1541 |     b = rotl32(b, 1)
1542 |     a ^= b ^ d
1543 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
1544 |     a = rotl32(a, 5)
1545 |     c = rotl32(c, 22)
1546 |     a ^= key[4 * 18 +  8]
1547 |     b ^= key[4 * 18 +  9]
1548 |     c ^= key[4 * 18 + 10]
1549 |     d ^= key[4 * 18 + 11]
1550 |     t1 = (~a) % 0x100000000;        
1551 |     t2 = b ^ d;     
1552 |     t3 = c & t1;    
1553 |     t13 = d | t1;   
1554 |     e = t2 ^ t3;    
1555 |     t5 = c ^ t1;    
1556 |     t6 = c ^ e;     
1557 |     t7 = b & t6;    
1558 |     t10 = e | t5;   
1559 |     h = t5 ^ t7;    
1560 |     t9 = d | t7;    
1561 |     t11 = t9 & t10; 
1562 |     t14 = t2 ^ h;   
1563 |     g = a ^ t11;    
1564 |     t15 = g ^ t13;  
1565 |     f = t14 ^ t15
1566 |     e = rotl32(e, 13)
1567 |     g = rotl32(g, 3)
1568 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
1569 |     f ^= e ^ g
1570 |     h = rotl32(h, 7)
1571 |     f = rotl32(f, 1)
1572 |     e ^= f ^ h
1573 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
1574 |     e = rotl32(e, 5)
1575 |     g = rotl32(g, 22)
1576 |     e ^= key[4 * 19 +  8]
1577 |     f ^= key[4 * 19 +  9]
1578 |     g ^= key[4 * 19 + 10]
1579 |     h ^= key[4 * 19 + 11]
1580 |     t1 = e ^ g;     
1581 |     t2 = h ^ t1;    
1582 |     t3 = e & t2;    
1583 |     t4 = h ^ t3;    
1584 |     t5 = f & t4;    
1585 |     c = t2 ^ t5;    
1586 |     t7 = e | c;     
1587 |     t8 = f | h;     
1588 |     t11 = e | h;    
1589 |     t9 = t4 & t7;   
1590 |     b = t8 ^ t9;    
1591 |     t12 = f ^ t11;  
1592 |     t13 = c ^ t9;   
1593 |     t15 = t3 ^ t8;  
1594 |     d = t12 ^ t13;  
1595 |     t16 = g & t15;  
1596 |     a = t12 ^ t16
1597 |     a = rotl32(a, 13)
1598 |     c = rotl32(c, 3)
1599 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
1600 |     b ^= a ^ c
1601 |     d = rotl32(d, 7)
1602 |     b = rotl32(b, 1)
1603 |     a ^= b ^ d
1604 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
1605 |     a = rotl32(a, 5)
1606 |     c = rotl32(c, 22)
1607 |     a ^= key[4 * 20 +  8]
1608 |     b ^= key[4 * 20 +  9]
1609 |     c ^= key[4 * 20 + 10]
1610 |     d ^= key[4 * 20 + 11]
1611 |     t1 = a ^ d;     
1612 |     t2 = d & t1;    
1613 |     t3 = c ^ t2;    
1614 |     t4 = b | t3;    
1615 |     h = t1 ^ t4;    
1616 |     t6 = (~b) % 0x100000000;        
1617 |     t7 = t1 | t6;   
1618 |     e = t3 ^ t7;    
1619 |     t9 = a & e;     
1620 |     t10 = t1 ^ t6;  
1621 |     t11 = t4 & t10; 
1622 |     g = t9 ^ t11;   
1623 |     t13 = a ^ t3;   
1624 |     t14 = t10 & g;  
1625 |     f = t13 ^ t14
1626 |     e = rotl32(e, 13)
1627 |     g = rotl32(g, 3)
1628 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
1629 |     f ^= e ^ g
1630 |     h = rotl32(h, 7)
1631 |     f = rotl32(f, 1)
1632 |     e ^= f ^ h
1633 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
1634 |     e = rotl32(e, 5)
1635 |     g = rotl32(g, 22)
1636 |     e ^= key[4 * 21 +  8]
1637 |     f ^= key[4 * 21 +  9]
1638 |     g ^= key[4 * 21 + 10]
1639 |     h ^= key[4 * 21 + 11]
1640 |     t1 = (~e) % 0x100000000;        
1641 |     t2 = e ^ f;     
1642 |     t3 = e ^ h;     
1643 |     t4 = g ^ t1;    
1644 |     t5 = t2 | t3;   
1645 |     a = t4 ^ t5;    
1646 |     t7 = h & a;     
1647 |     t8 = t2 ^ a;    
1648 |     t10 = t1 | a;   
1649 |     b = t7 ^ t8;    
1650 |     t11 = t2 | t7;  
1651 |     t12 = t3 ^ t10; 
1652 |     t14 = f ^ t7;   
1653 |     c = t11 ^ t12;  
1654 |     t15 = b & t12;  
1655 |     d = t14 ^ t15
1656 |     a = rotl32(a, 13)
1657 |     c = rotl32(c, 3)
1658 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
1659 |     b ^= a ^ c
1660 |     d = rotl32(d, 7)
1661 |     b = rotl32(b, 1)
1662 |     a ^= b ^ d
1663 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
1664 |     a = rotl32(a, 5)
1665 |     c = rotl32(c, 22)
1666 |     a ^= key[4 * 22 +  8]
1667 |     b ^= key[4 * 22 +  9]
1668 |     c ^= key[4 * 22 + 10]
1669 |     d ^= key[4 * 22 + 11]
1670 |     t1 = (~a) % 0x100000000;        
1671 |     t2 = a ^ d;     
1672 |     t3 = b ^ t2;    
1673 |     t4 = t1 | t2;   
1674 |     t5 = c ^ t4;    
1675 |     f = b ^ t5;     
1676 |     t13 = (~t5) % 0x100000000;      
1677 |     t7 = t2 | f;    
1678 |     t8 = d ^ t7;    
1679 |     t9 = t5 & t8;   
1680 |     g = t3 ^ t9;    
1681 |     t11 = t5 ^ t8;  
1682 |     e = g ^ t11;    
1683 |     t14 = t3 & t11; 
1684 |     h = t13 ^ t14
1685 |     e = rotl32(e, 13)
1686 |     g = rotl32(g, 3)
1687 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
1688 |     f ^= e ^ g
1689 |     h = rotl32(h, 7)
1690 |     f = rotl32(f, 1)
1691 |     e ^= f ^ h
1692 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
1693 |     e = rotl32(e, 5)
1694 |     g = rotl32(g, 22)
1695 |     e ^= key[4 * 23 +  8]
1696 |     f ^= key[4 * 23 +  9]
1697 |     g ^= key[4 * 23 + 10]
1698 |     h ^= key[4 * 23 + 11]
1699 |     t1 = (~g) % 0x100000000;        
1700 |     t2 = f ^ g;     
1701 |     t3 = f | t1;    
1702 |     t4 = h ^ t3;    
1703 |     t5 = e & t4;    
1704 |     t7 = e ^ h;     
1705 |     d = t2 ^ t5;    
1706 |     t8 = f ^ t5;    
1707 |     t9 = t2 | t8;   
1708 |     t11 = h & t3;   
1709 |     b = t7 ^ t9;    
1710 |     t12 = t5 ^ b;   
1711 |     t15 = t1 | t4;  
1712 |     t13 = d & t12;  
1713 |     c = t11 ^ t13;  
1714 |     t16 = t12 ^ c;  
1715 |     a = t15 ^ t16
1716 |     a = rotl32(a, 13)
1717 |     c = rotl32(c, 3)
1718 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
1719 |     b ^= a ^ c
1720 |     d = rotl32(d, 7)
1721 |     b = rotl32(b, 1)
1722 |     a ^= b ^ d
1723 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
1724 |     a = rotl32(a, 5)
1725 |     c = rotl32(c, 22)
1726 |     a ^= key[4 * 24 +  8]
1727 |     b ^= key[4 * 24 +  9]
1728 |     c ^= key[4 * 24 + 10]
1729 |     d ^= key[4 * 24 + 11]
1730 |     t1 = a ^ d;     
1731 |     t2 = a & d;     
1732 |     t3 = c ^ t1;    
1733 |     t6 = b & t1;    
1734 |     t4 = b ^ t3;    
1735 |     t10 = (~t3) % 0x100000000;      
1736 |     h = t2 ^ t4;    
1737 |     t7 = a ^ t6;    
1738 |     t14 = (~t7) % 0x100000000;      
1739 |     t8 = c | t7;    
1740 |     t11 = t3 ^ t7;  
1741 |     g = t4 ^ t8;    
1742 |     t12 = h & t11;  
1743 |     f = t10 ^ t12;  
1744 |     e = t12 ^ t14
1745 |     e = rotl32(e, 13)
1746 |     g = rotl32(g, 3)
1747 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
1748 |     f ^= e ^ g
1749 |     h = rotl32(h, 7)
1750 |     f = rotl32(f, 1)
1751 |     e ^= f ^ h
1752 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
1753 |     e = rotl32(e, 5)
1754 |     g = rotl32(g, 22)
1755 |     e ^= key[4 * 25 +  8]
1756 |     f ^= key[4 * 25 +  9]
1757 |     g ^= key[4 * 25 + 10]
1758 |     h ^= key[4 * 25 + 11]
1759 |     t1 = (~e) % 0x100000000;        
1760 |     t2 = f ^ t1;    
1761 |     t3 = e | t2;    
1762 |     t4 = h | t2;    
1763 |     t5 = g ^ t3;    
1764 |     c = h ^ t5;     
1765 |     t7 = f ^ t4;    
1766 |     t8 = t2 ^ c;    
1767 |     t9 = t5 & t7;   
1768 |     d = t8 ^ t9;    
1769 |     t11 = t5 ^ t7;  
1770 |     b = d ^ t11;    
1771 |     t13 = t8 & t11; 
1772 |     a = t5 ^ t13
1773 |     a = rotl32(a, 13)
1774 |     c = rotl32(c, 3)
1775 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
1776 |     b ^= a ^ c
1777 |     d = rotl32(d, 7)
1778 |     b = rotl32(b, 1)
1779 |     a ^= b ^ d
1780 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
1781 |     a = rotl32(a, 5)
1782 |     c = rotl32(c, 22)
1783 |     a ^= key[4 * 26 +  8]
1784 |     b ^= key[4 * 26 +  9]
1785 |     c ^= key[4 * 26 + 10]
1786 |     d ^= key[4 * 26 + 11]
1787 |     t1 = (~a) % 0x100000000;        
1788 |     t2 = b ^ d;     
1789 |     t3 = c & t1;    
1790 |     t13 = d | t1;   
1791 |     e = t2 ^ t3;    
1792 |     t5 = c ^ t1;    
1793 |     t6 = c ^ e;     
1794 |     t7 = b & t6;    
1795 |     t10 = e | t5;   
1796 |     h = t5 ^ t7;    
1797 |     t9 = d | t7;    
1798 |     t11 = t9 & t10; 
1799 |     t14 = t2 ^ h;   
1800 |     g = a ^ t11;    
1801 |     t15 = g ^ t13;  
1802 |     f = t14 ^ t15
1803 |     e = rotl32(e, 13)
1804 |     g = rotl32(g, 3)
1805 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
1806 |     f ^= e ^ g
1807 |     h = rotl32(h, 7)
1808 |     f = rotl32(f, 1)
1809 |     e ^= f ^ h
1810 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
1811 |     e = rotl32(e, 5)
1812 |     g = rotl32(g, 22)
1813 |     e ^= key[4 * 27 +  8]
1814 |     f ^= key[4 * 27 +  9]
1815 |     g ^= key[4 * 27 + 10]
1816 |     h ^= key[4 * 27 + 11]
1817 |     t1 = e ^ g;     
1818 |     t2 = h ^ t1;    
1819 |     t3 = e & t2;    
1820 |     t4 = h ^ t3;    
1821 |     t5 = f & t4;    
1822 |     c = t2 ^ t5;    
1823 |     t7 = e | c;     
1824 |     t8 = f | h;     
1825 |     t11 = e | h;    
1826 |     t9 = t4 & t7;   
1827 |     b = t8 ^ t9;    
1828 |     t12 = f ^ t11;  
1829 |     t13 = c ^ t9;   
1830 |     t15 = t3 ^ t8;  
1831 |     d = t12 ^ t13;  
1832 |     t16 = g & t15;  
1833 |     a = t12 ^ t16
1834 |     a = rotl32(a, 13)
1835 |     c = rotl32(c, 3)
1836 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
1837 |     b ^= a ^ c
1838 |     d = rotl32(d, 7)
1839 |     b = rotl32(b, 1)
1840 |     a ^= b ^ d
1841 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
1842 |     a = rotl32(a, 5)
1843 |     c = rotl32(c, 22)
1844 |     a ^= key[4 * 28 +  8]
1845 |     b ^= key[4 * 28 +  9]
1846 |     c ^= key[4 * 28 + 10]
1847 |     d ^= key[4 * 28 + 11]
1848 |     t1 = a ^ d;     
1849 |     t2 = d & t1;    
1850 |     t3 = c ^ t2;    
1851 |     t4 = b | t3;    
1852 |     h = t1 ^ t4;    
1853 |     t6 = (~b) % 0x100000000;        
1854 |     t7 = t1 | t6;   
1855 |     e = t3 ^ t7;    
1856 |     t9 = a & e;     
1857 |     t10 = t1 ^ t6;  
1858 |     t11 = t4 & t10; 
1859 |     g = t9 ^ t11;   
1860 |     t13 = a ^ t3;   
1861 |     t14 = t10 & g;  
1862 |     f = t13 ^ t14
1863 |     e = rotl32(e, 13)
1864 |     g = rotl32(g, 3)
1865 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
1866 |     f ^= e ^ g
1867 |     h = rotl32(h, 7)
1868 |     f = rotl32(f, 1)
1869 |     e ^= f ^ h
1870 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
1871 |     e = rotl32(e, 5)
1872 |     g = rotl32(g, 22)
1873 |     e ^= key[4 * 29 +  8]
1874 |     f ^= key[4 * 29 +  9]
1875 |     g ^= key[4 * 29 + 10]
1876 |     h ^= key[4 * 29 + 11]
1877 |     t1 = (~e) % 0x100000000;        
1878 |     t2 = e ^ f;     
1879 |     t3 = e ^ h;     
1880 |     t4 = g ^ t1;    
1881 |     t5 = t2 | t3;   
1882 |     a = t4 ^ t5;    
1883 |     t7 = h & a;     
1884 |     t8 = t2 ^ a;    
1885 |     t10 = t1 | a;   
1886 |     b = t7 ^ t8;    
1887 |     t11 = t2 | t7;  
1888 |     t12 = t3 ^ t10; 
1889 |     t14 = f ^ t7;   
1890 |     c = t11 ^ t12;  
1891 |     t15 = b & t12;  
1892 |     d = t14 ^ t15
1893 |     a = rotl32(a, 13)
1894 |     c = rotl32(c, 3)
1895 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
1896 |     b ^= a ^ c
1897 |     d = rotl32(d, 7)
1898 |     b = rotl32(b, 1)
1899 |     a ^= b ^ d
1900 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
1901 |     a = rotl32(a, 5)
1902 |     c = rotl32(c, 22)
1903 |     a ^= key[4 * 30 +  8]
1904 |     b ^= key[4 * 30 +  9]
1905 |     c ^= key[4 * 30 + 10]
1906 |     d ^= key[4 * 30 + 11]
1907 |     t1 = (~a) % 0x100000000;        
1908 |     t2 = a ^ d;     
1909 |     t3 = b ^ t2;    
1910 |     t4 = t1 | t2;   
1911 |     t5 = c ^ t4;    
1912 |     f = b ^ t5;     
1913 |     t13 = (~t5) % 0x100000000;      
1914 |     t7 = t2 | f;    
1915 |     t8 = d ^ t7;    
1916 |     t9 = t5 & t8;   
1917 |     g = t3 ^ t9;    
1918 |     t11 = t5 ^ t8;  
1919 |     e = g ^ t11;    
1920 |     t14 = t3 & t11; 
1921 |     h = t13 ^ t14
1922 |     e = rotl32(e, 13)
1923 |     g = rotl32(g, 3)
1924 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
1925 |     f ^= e ^ g
1926 |     h = rotl32(h, 7)
1927 |     f = rotl32(f, 1)
1928 |     e ^= f ^ h
1929 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
1930 |     e = rotl32(e, 5)
1931 |     g = rotl32(g, 22)
1932 |     e ^= key[4 * 31 +  8]
1933 |     f ^= key[4 * 31 +  9]
1934 |     g ^= key[4 * 31 + 10]
1935 |     h ^= key[4 * 31 + 11]
1936 |     t1 = (~g) % 0x100000000;        
1937 |     t2 = f ^ g;     
1938 |     t3 = f | t1;    
1939 |     t4 = h ^ t3;    
1940 |     t5 = e & t4;    
1941 |     t7 = e ^ h;     
1942 |     d = t2 ^ t5;    
1943 |     t8 = f ^ t5;    
1944 |     t9 = t2 | t8;   
1945 |     t11 = h & t3;   
1946 |     b = t7 ^ t9;    
1947 |     t12 = t5 ^ b;   
1948 |     t15 = t1 | t4;  
1949 |     t13 = d & t12;  
1950 |     c = t11 ^ t13;  
1951 |     t16 = t12 ^ c;  
1952 |     a = t15 ^ t16
1953 |     a ^= key[4 * 32 +  8]
1954 |     b ^= key[4 * 32 +  9]
1955 |     c ^= key[4 * 32 + 10]
1956 |     d ^= key[4 * 32 + 11]
1957 |     if WORD_BIGENDIAN:
1958 |         a = byteswap32(a)
1959 |         b = byteswap32(b)
1960 |         c = byteswap32(c)
1961 |         d = byteswap32(d)    
1962 |     in_blk[0] = a
1963 |     in_blk[1] = b
1964 |     in_blk[2] = c
1965 |     in_blk[3] = d
1966 | 
1967 | def decrypt(key, in_blk):
1968 |     # serpent_generate.py
1969 |     a = in_blk[0]
1970 |     b = in_blk[1]
1971 |     c = in_blk[2]
1972 |     d = in_blk[3]
1973 |     if WORD_BIGENDIAN:
1974 |         a = byteswap32(a)
1975 |         b = byteswap32(b)
1976 |         c = byteswap32(c)
1977 |         d = byteswap32(d)
1978 |     e = 0
1979 |     f = 0
1980 |     g = 0
1981 |     h = 0
1982 |     t1 = 0
1983 |     t2 = 0
1984 |     t3 = 0
1985 |     t4 = 0
1986 |     t5 = 0
1987 |     t6 = 0
1988 |     t7 = 0
1989 |     t8 = 0
1990 |     t9 = 0
1991 |     t10 = 0
1992 |     t11 = 0
1993 |     t12 = 0
1994 |     t13 = 0
1995 |     t14 = 0
1996 |     t15 = 0
1997 |     t16 = 0
1998 |     a ^= key[4 * 32 +  8]
1999 |     b ^= key[4 * 32 +  9]
2000 |     c ^= key[4 * 32 + 10]
2001 |     d ^= key[4 * 32 + 11]
2002 |     t1 = a & b;     
2003 |     t2 = a | b;     
2004 |     t3 = c | t1;    
2005 |     t4 = d & t2;    
2006 |     h = t3 ^ t4;    
2007 |     t6 = (~d) % 0x100000000;        
2008 |     t7 = b ^ t4;    
2009 |     t8 = h ^ t6;    
2010 |     t11 = c ^ t7;   
2011 |     t9 = t7 | t8;   
2012 |     f = a ^ t9;     
2013 |     t12 = d | f;    
2014 |     e = t11 ^ t12;  
2015 |     t14 = a & h;    
2016 |     t15 = t3 ^ f;   
2017 |     t16 = e ^ t14;  
2018 |     g = t15 ^ t16
2019 |     e ^= key[4 * 31 +  8]
2020 |     f ^= key[4 * 31 +  9]
2021 |     g ^= key[4 * 31 + 10]
2022 |     h ^= key[4 * 31 + 11]
2023 |     g = rotr32(g, 22)
2024 |     e = rotr32(e, 5)
2025 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
2026 |     e ^= f ^ h
2027 |     h = rotr32(h, 7)
2028 |     f = rotr32(f, 1)
2029 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
2030 |     f ^= e ^ g
2031 |     g = rotr32(g, 3)
2032 |     e = rotr32(e, 13)
2033 |     t1 = (~e) % 0x100000000;        
2034 |     t2 = e ^ f;     
2035 |     t3 = g ^ t2;    
2036 |     t4 = g | t1;    
2037 |     t5 = h ^ t4;    
2038 |     t13 = h & t1;   
2039 |     b = t3 ^ t5;    
2040 |     t7 = t3 & t5;   
2041 |     t8 = t2 ^ t7;   
2042 |     t9 = f | t8;    
2043 |     d = t5 ^ t9;    
2044 |     t11 = f | d;    
2045 |     a = t8 ^ t11;   
2046 |     t14 = t3 ^ t11; 
2047 |     c = t13 ^ t14
2048 |     a ^= key[4 * 30 +  8]
2049 |     b ^= key[4 * 30 +  9]
2050 |     c ^= key[4 * 30 + 10]
2051 |     d ^= key[4 * 30 + 11]
2052 |     c = rotr32(c, 22)
2053 |     a = rotr32(a, 5)
2054 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
2055 |     a ^= b ^ d
2056 |     d = rotr32(d, 7)
2057 |     b = rotr32(b, 1)
2058 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
2059 |     b ^= a ^ c
2060 |     c = rotr32(c, 3)
2061 |     a = rotr32(a, 13)
2062 |     t1 = (~c) % 0x100000000;        
2063 |     t2 = b & t1;    
2064 |     t3 = d ^ t2;    
2065 |     t4 = a & t3;    
2066 |     t5 = b ^ t1;    
2067 |     h = t4 ^ t5;    
2068 |     t7 = b | h;     
2069 |     t8 = a & t7;    
2070 |     f = t3 ^ t8;    
2071 |     t10 = a | d;    
2072 |     t11 = t1 ^ t7;  
2073 |     e = t10 ^ t11;  
2074 |     t13 = a ^ c;    
2075 |     t14 = b & t10;  
2076 |     t15 = t4 | t13; 
2077 |     g = t14 ^ t15
2078 |     e ^= key[4 * 29 +  8]
2079 |     f ^= key[4 * 29 +  9]
2080 |     g ^= key[4 * 29 + 10]
2081 |     h ^= key[4 * 29 + 11]
2082 |     g = rotr32(g, 22)
2083 |     e = rotr32(e, 5)
2084 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
2085 |     e ^= f ^ h
2086 |     h = rotr32(h, 7)
2087 |     f = rotr32(f, 1)
2088 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
2089 |     f ^= e ^ g
2090 |     g = rotr32(g, 3)
2091 |     e = rotr32(e, 13)
2092 |     t1 = g ^ h;     
2093 |     t2 = g | h;     
2094 |     t3 = f ^ t2;    
2095 |     t4 = e & t3;    
2096 |     b = t1 ^ t4;    
2097 |     t6 = e ^ h;     
2098 |     t7 = f | h;     
2099 |     t8 = t6 & t7;   
2100 |     d = t3 ^ t8;    
2101 |     t10 = (~e) % 0x100000000;       
2102 |     t11 = g ^ d;    
2103 |     t12 = t10 | t11;
2104 |     a = t3 ^ t12;   
2105 |     t14 = g | t4;   
2106 |     t15 = t7 ^ t14; 
2107 |     t16 = d | t10;  
2108 |     c = t15 ^ t16
2109 |     a ^= key[4 * 28 +  8]
2110 |     b ^= key[4 * 28 +  9]
2111 |     c ^= key[4 * 28 + 10]
2112 |     d ^= key[4 * 28 + 11]
2113 |     c = rotr32(c, 22)
2114 |     a = rotr32(a, 5)
2115 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
2116 |     a ^= b ^ d
2117 |     d = rotr32(d, 7)
2118 |     b = rotr32(b, 1)
2119 | 
2120 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
2121 |     b ^= a ^ c
2122 |     c = rotr32(c, 3)
2123 |     a = rotr32(a, 13)
2124 |     t1 = b ^ c;     
2125 |     t2 = b | c;     
2126 |     t3 = a ^ c;     
2127 |     t7 = a ^ d;     
2128 |     t4 = t2 ^ t3;   
2129 |     t5 = d | t4;    
2130 |     t9 = t2 ^ t7;   
2131 |     e = t1 ^ t5;    
2132 |     t8 = t1 | t5;   
2133 |     t11 = a & t4;   
2134 |     g = t8 ^ t9;    
2135 |     t12 = e | t9;   
2136 |     f = t11 ^ t12;  
2137 |     t14 = a & g;    
2138 |     t15 = t2 ^ t14; 
2139 |     t16 = e & t15;  
2140 |     h = t4 ^ t16
2141 |     e ^= key[4 * 27 +  8]
2142 |     f ^= key[4 * 27 +  9]
2143 |     g ^= key[4 * 27 + 10]
2144 |     h ^= key[4 * 27 + 11]
2145 |     g = rotr32(g, 22)
2146 |     e = rotr32(e, 5)
2147 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
2148 |     e ^= f ^ h
2149 |     h = rotr32(h, 7)
2150 |     f = rotr32(f, 1)
2151 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
2152 |     f ^= e ^ g
2153 |     g = rotr32(g, 3)
2154 |     e = rotr32(e, 13)
2155 |     t1 = f ^ h;     
2156 |     t2 = (~t1) % 0x100000000;       
2157 |     t3 = e ^ g;     
2158 |     t4 = g ^ t1;    
2159 |     t7 = e | t2;    
2160 |     t5 = f & t4;    
2161 |     t8 = h ^ t7;    
2162 |     t11 = (~t4) % 0x100000000;      
2163 |     a = t3 ^ t5;    
2164 |     t9 = t3 | t8;   
2165 |     t14 = h & t11;  
2166 |     d = t1 ^ t9;    
2167 |     t12 = a | d;    
2168 |     b = t11 ^ t12;  
2169 |     t15 = t3 ^ t12; 
2170 |     c = t14 ^ t15
2171 |     a ^= key[4 * 26 +  8]
2172 |     b ^= key[4 * 26 +  9]
2173 |     c ^= key[4 * 26 + 10]
2174 |     d ^= key[4 * 26 + 11]
2175 |     c = rotr32(c, 22)
2176 |     a = rotr32(a, 5)
2177 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
2178 |     a ^= b ^ d
2179 |     d = rotr32(d, 7)
2180 |     b = rotr32(b, 1)
2181 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
2182 |     b ^= a ^ c
2183 |     c = rotr32(c, 3)
2184 |     a = rotr32(a, 13)
2185 |     t1 = a ^ d;     
2186 |     t2 = a & b;     
2187 |     t3 = b ^ c;     
2188 |     t4 = a ^ t3;    
2189 |     t5 = b | d;     
2190 |     t7 = c | t1;    
2191 |     h = t4 ^ t5;    
2192 |     t8 = b ^ t7;    
2193 |     t11 = (~t2) % 0x100000000;      
2194 |     t9 = t4 & t8;   
2195 |     f = t1 ^ t9;    
2196 |     t13 = t9 ^ t11; 
2197 |     t12 = h & f;    
2198 |     g = t12 ^ t13;  
2199 |     t15 = a & d;    
2200 |     t16 = c ^ t13;  
2201 |     e = t15 ^ t16
2202 |     e ^= key[4 * 25 +  8]
2203 |     f ^= key[4 * 25 +  9]
2204 |     g ^= key[4 * 25 + 10]
2205 |     h ^= key[4 * 25 + 11]
2206 |     g = rotr32(g, 22)
2207 |     e = rotr32(e, 5)
2208 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
2209 |     e ^= f ^ h
2210 |     h = rotr32(h, 7)
2211 |     f = rotr32(f, 1)
2212 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
2213 |     f ^= e ^ g
2214 |     g = rotr32(g, 3)
2215 |     e = rotr32(e, 13)
2216 |     t1 = (~e) % 0x100000000
2217 |     t2 = e ^ f
2218 |     t3 = t1 | t2
2219 |     t4 = h ^ t3
2220 |     t7 = h & t2
2221 |     t5 = g ^ t4
2222 |     t8 = t1 ^ t7
2223 |     c = t2 ^ t5
2224 |     t11 = e & t4
2225 |     t9 = c & t8
2226 |     t14 = t5 ^ t8
2227 |     b = t4 ^ t9
2228 |     t12 = t5 | b
2229 |     d = t11 ^ t12
2230 |     a = d ^ t14
2231 |     a ^= key[4 * 24 +  8]
2232 |     b ^= key[4 * 24 +  9]
2233 |     c ^= key[4 * 24 + 10]
2234 |     d ^= key[4 * 24 + 11]
2235 |     c = rotr32(c, 22)
2236 |     a = rotr32(a, 5)
2237 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
2238 |     a ^= b ^ d
2239 |     d = rotr32(d, 7)
2240 |     b = rotr32(b, 1)
2241 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
2242 |     b ^= a ^ c
2243 |     c = rotr32(c, 3)
2244 |     a = rotr32(a, 13)
2245 |     t1 = a & b;     
2246 |     t2 = a | b;     
2247 |     t3 = c | t1;    
2248 |     t4 = d & t2;    
2249 |     h = t3 ^ t4;    
2250 |     t6 = (~d) % 0x100000000;        
2251 |     t7 = b ^ t4;    
2252 |     t8 = h ^ t6;    
2253 |     t11 = c ^ t7;   
2254 |     t9 = t7 | t8;   
2255 |     f = a ^ t9;     
2256 |     t12 = d | f;    
2257 |     e = t11 ^ t12;  
2258 |     t14 = a & h;    
2259 |     t15 = t3 ^ f;   
2260 |     t16 = e ^ t14;  
2261 |     g = t15 ^ t16
2262 |     e ^= key[4 * 23 +  8]
2263 |     f ^= key[4 * 23 +  9]
2264 |     g ^= key[4 * 23 + 10]
2265 |     h ^= key[4 * 23 + 11]
2266 |     g = rotr32(g, 22)
2267 |     e = rotr32(e, 5)
2268 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
2269 |     e ^= f ^ h
2270 |     h = rotr32(h, 7)
2271 |     f = rotr32(f, 1)
2272 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
2273 |     f ^= e ^ g
2274 |     g = rotr32(g, 3)
2275 |     e = rotr32(e, 13)
2276 |     t1 = (~e) % 0x100000000;        
2277 |     t2 = e ^ f;     
2278 |     t3 = g ^ t2;    
2279 |     t4 = g | t1;    
2280 |     t5 = h ^ t4;    
2281 |     t13 = h & t1;   
2282 |     b = t3 ^ t5;    
2283 |     t7 = t3 & t5;   
2284 |     t8 = t2 ^ t7;   
2285 |     t9 = f | t8;    
2286 |     d = t5 ^ t9;    
2287 |     t11 = f | d;    
2288 |     a = t8 ^ t11;   
2289 |     t14 = t3 ^ t11; 
2290 |     c = t13 ^ t14
2291 |     a ^= key[4 * 22 +  8]
2292 |     b ^= key[4 * 22 +  9]
2293 |     c ^= key[4 * 22 + 10]
2294 |     d ^= key[4 * 22 + 11]
2295 |     c = rotr32(c, 22)
2296 |     a = rotr32(a, 5)
2297 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
2298 |     a ^= b ^ d
2299 |     d = rotr32(d, 7)
2300 |     b = rotr32(b, 1)
2301 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
2302 |     b ^= a ^ c
2303 |     c = rotr32(c, 3)
2304 |     a = rotr32(a, 13)
2305 |     t1 = (~c) % 0x100000000;        
2306 |     t2 = b & t1;    
2307 |     t3 = d ^ t2;    
2308 |     t4 = a & t3;    
2309 |     t5 = b ^ t1;    
2310 |     h = t4 ^ t5;    
2311 |     t7 = b | h;     
2312 |     t8 = a & t7;    
2313 |     f = t3 ^ t8;    
2314 |     t10 = a | d;    
2315 |     t11 = t1 ^ t7;  
2316 |     e = t10 ^ t11;  
2317 |     t13 = a ^ c;    
2318 |     t14 = b & t10;  
2319 |     t15 = t4 | t13; 
2320 |     g = t14 ^ t15
2321 |     e ^= key[4 * 21 +  8]
2322 |     f ^= key[4 * 21 +  9]
2323 |     g ^= key[4 * 21 + 10]
2324 |     h ^= key[4 * 21 + 11]
2325 |     g = rotr32(g, 22)
2326 |     e = rotr32(e, 5)
2327 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
2328 |     e ^= f ^ h
2329 |     h = rotr32(h, 7)
2330 |     f = rotr32(f, 1)
2331 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
2332 |     f ^= e ^ g
2333 |     g = rotr32(g, 3)
2334 |     e = rotr32(e, 13)
2335 |     t1 = g ^ h;     
2336 |     t2 = g | h;     
2337 |     t3 = f ^ t2;    
2338 |     t4 = e & t3;    
2339 |     b = t1 ^ t4;    
2340 |     t6 = e ^ h;     
2341 |     t7 = f | h;     
2342 |     t8 = t6 & t7;   
2343 |     d = t3 ^ t8;    
2344 |     t10 = (~e) % 0x100000000;       
2345 |     t11 = g ^ d;    
2346 |     t12 = t10 | t11;
2347 |     a = t3 ^ t12;   
2348 |     t14 = g | t4;   
2349 |     t15 = t7 ^ t14; 
2350 |     t16 = d | t10;  
2351 |     c = t15 ^ t16
2352 |     a ^= key[4 * 20 +  8]
2353 |     b ^= key[4 * 20 +  9]
2354 |     c ^= key[4 * 20 + 10]
2355 |     d ^= key[4 * 20 + 11]
2356 |     c = rotr32(c, 22)
2357 |     a = rotr32(a, 5)
2358 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
2359 |     a ^= b ^ d
2360 |     d = rotr32(d, 7)
2361 |     b = rotr32(b, 1)
2362 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
2363 |     b ^= a ^ c
2364 |     c = rotr32(c, 3)
2365 |     a = rotr32(a, 13)
2366 |     t1 = b ^ c;     
2367 |     t2 = b | c;     
2368 |     t3 = a ^ c;     
2369 |     t7 = a ^ d;     
2370 |     t4 = t2 ^ t3;   
2371 |     t5 = d | t4;    
2372 |     t9 = t2 ^ t7;   
2373 |     e = t1 ^ t5;    
2374 |     t8 = t1 | t5;   
2375 |     t11 = a & t4;   
2376 |     g = t8 ^ t9;    
2377 |     t12 = e | t9;   
2378 |     f = t11 ^ t12;  
2379 |     t14 = a & g;    
2380 |     t15 = t2 ^ t14; 
2381 |     t16 = e & t15;  
2382 |     h = t4 ^ t16
2383 |     e ^= key[4 * 19 +  8]
2384 |     f ^= key[4 * 19 +  9]
2385 |     g ^= key[4 * 19 + 10]
2386 |     h ^= key[4 * 19 + 11]
2387 |     g = rotr32(g, 22)
2388 |     e = rotr32(e, 5)
2389 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
2390 |     e ^= f ^ h
2391 |     h = rotr32(h, 7)
2392 |     f = rotr32(f, 1)
2393 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
2394 |     f ^= e ^ g
2395 |     g = rotr32(g, 3)
2396 |     e = rotr32(e, 13)
2397 |     t1 = f ^ h;     
2398 |     t2 = (~t1) % 0x100000000;       
2399 |     t3 = e ^ g;     
2400 |     t4 = g ^ t1;    
2401 |     t7 = e | t2;    
2402 |     t5 = f & t4;    
2403 |     t8 = h ^ t7;    
2404 |     t11 = (~t4) % 0x100000000;      
2405 |     a = t3 ^ t5;    
2406 |     t9 = t3 | t8;   
2407 |     t14 = h & t11;  
2408 |     d = t1 ^ t9;    
2409 |     t12 = a | d;    
2410 |     b = t11 ^ t12;  
2411 |     t15 = t3 ^ t12; 
2412 |     c = t14 ^ t15
2413 |     a ^= key[4 * 18 +  8]
2414 |     b ^= key[4 * 18 +  9]
2415 |     c ^= key[4 * 18 + 10]
2416 |     d ^= key[4 * 18 + 11]
2417 |     c = rotr32(c, 22)
2418 |     a = rotr32(a, 5)
2419 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
2420 |     a ^= b ^ d
2421 |     d = rotr32(d, 7)
2422 |     b = rotr32(b, 1)
2423 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
2424 |     b ^= a ^ c
2425 |     c = rotr32(c, 3)
2426 |     a = rotr32(a, 13)
2427 |     t1 = a ^ d;     
2428 |     t2 = a & b;     
2429 |     t3 = b ^ c;     
2430 |     t4 = a ^ t3;    
2431 |     t5 = b | d;     
2432 |     t7 = c | t1;    
2433 |     h = t4 ^ t5;    
2434 |     t8 = b ^ t7;    
2435 |     t11 = (~t2) % 0x100000000;      
2436 |     t9 = t4 & t8;   
2437 |     f = t1 ^ t9;    
2438 |     t13 = t9 ^ t11; 
2439 |     t12 = h & f;    
2440 |     g = t12 ^ t13;  
2441 |     t15 = a & d;    
2442 |     t16 = c ^ t13;  
2443 |     e = t15 ^ t16
2444 |     e ^= key[4 * 17 +  8]
2445 |     f ^= key[4 * 17 +  9]
2446 |     g ^= key[4 * 17 + 10]
2447 |     h ^= key[4 * 17 + 11]
2448 |     g = rotr32(g, 22)
2449 |     e = rotr32(e, 5)
2450 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
2451 |     e ^= f ^ h
2452 |     h = rotr32(h, 7)
2453 |     f = rotr32(f, 1)
2454 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
2455 |     f ^= e ^ g
2456 |     g = rotr32(g, 3)
2457 |     e = rotr32(e, 13)
2458 |     t1 = (~e) % 0x100000000
2459 |     t2 = e ^ f
2460 |     t3 = t1 | t2
2461 |     t4 = h ^ t3
2462 |     t7 = h & t2
2463 |     t5 = g ^ t4
2464 |     t8 = t1 ^ t7
2465 |     c = t2 ^ t5
2466 |     t11 = e & t4
2467 |     t9 = c & t8
2468 |     t14 = t5 ^ t8
2469 |     b = t4 ^ t9
2470 |     t12 = t5 | b
2471 |     d = t11 ^ t12
2472 |     a = d ^ t14
2473 |     a ^= key[4 * 16 +  8]
2474 |     b ^= key[4 * 16 +  9]
2475 |     c ^= key[4 * 16 + 10]
2476 |     d ^= key[4 * 16 + 11]
2477 |     c = rotr32(c, 22)
2478 |     a = rotr32(a, 5)
2479 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
2480 |     a ^= b ^ d
2481 |     d = rotr32(d, 7)
2482 |     b = rotr32(b, 1)
2483 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
2484 |     b ^= a ^ c
2485 |     c = rotr32(c, 3)
2486 |     a = rotr32(a, 13)
2487 |     t1 = a & b;     
2488 |     t2 = a | b;     
2489 |     t3 = c | t1;    
2490 |     t4 = d & t2;    
2491 |     h = t3 ^ t4;    
2492 |     t6 = (~d) % 0x100000000;        
2493 |     t7 = b ^ t4;    
2494 |     t8 = h ^ t6;    
2495 |     t11 = c ^ t7;   
2496 |     t9 = t7 | t8;   
2497 |     f = a ^ t9;     
2498 |     t12 = d | f;    
2499 |     e = t11 ^ t12;  
2500 |     t14 = a & h;    
2501 |     t15 = t3 ^ f;   
2502 |     t16 = e ^ t14;  
2503 |     g = t15 ^ t16
2504 |     e ^= key[4 * 15 +  8]
2505 |     f ^= key[4 * 15 +  9]
2506 |     g ^= key[4 * 15 + 10]
2507 |     h ^= key[4 * 15 + 11]
2508 |     g = rotr32(g, 22)
2509 |     e = rotr32(e, 5)
2510 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
2511 |     e ^= f ^ h
2512 |     h = rotr32(h, 7)
2513 |     f = rotr32(f, 1)
2514 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
2515 |     f ^= e ^ g
2516 |     g = rotr32(g, 3)
2517 |     e = rotr32(e, 13)
2518 |     t1 = (~e) % 0x100000000;        
2519 |     t2 = e ^ f;     
2520 |     t3 = g ^ t2;    
2521 |     t4 = g | t1;    
2522 |     t5 = h ^ t4;    
2523 |     t13 = h & t1;   
2524 |     b = t3 ^ t5;    
2525 |     t7 = t3 & t5;   
2526 |     t8 = t2 ^ t7;   
2527 |     t9 = f | t8;    
2528 |     d = t5 ^ t9;    
2529 |     t11 = f | d;    
2530 |     a = t8 ^ t11;   
2531 |     t14 = t3 ^ t11; 
2532 |     c = t13 ^ t14
2533 |     a ^= key[4 * 14 +  8]
2534 |     b ^= key[4 * 14 +  9]
2535 |     c ^= key[4 * 14 + 10]
2536 |     d ^= key[4 * 14 + 11]
2537 |     c = rotr32(c, 22)
2538 |     a = rotr32(a, 5)
2539 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
2540 |     a ^= b ^ d
2541 |     d = rotr32(d, 7)
2542 |     b = rotr32(b, 1)
2543 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
2544 |     b ^= a ^ c
2545 |     c = rotr32(c, 3)
2546 |     a = rotr32(a, 13)
2547 |     t1 = (~c) % 0x100000000;        
2548 |     t2 = b & t1;    
2549 |     t3 = d ^ t2;    
2550 |     t4 = a & t3;    
2551 |     t5 = b ^ t1;    
2552 |     h = t4 ^ t5;    
2553 |     t7 = b | h;     
2554 |     t8 = a & t7;    
2555 |     f = t3 ^ t8;    
2556 |     t10 = a | d;    
2557 |     t11 = t1 ^ t7;  
2558 |     e = t10 ^ t11;  
2559 |     t13 = a ^ c;    
2560 |     t14 = b & t10;  
2561 |     t15 = t4 | t13; 
2562 |     g = t14 ^ t15
2563 |     e ^= key[4 * 13 +  8]
2564 |     f ^= key[4 * 13 +  9]
2565 |     g ^= key[4 * 13 + 10]
2566 |     h ^= key[4 * 13 + 11]
2567 |     g = rotr32(g, 22)
2568 |     e = rotr32(e, 5)
2569 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
2570 |     e ^= f ^ h
2571 |     h = rotr32(h, 7)
2572 |     f = rotr32(f, 1)
2573 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
2574 |     f ^= e ^ g
2575 |     g = rotr32(g, 3)
2576 |     e = rotr32(e, 13)
2577 |     t1 = g ^ h;     
2578 |     t2 = g | h;     
2579 |     t3 = f ^ t2;    
2580 |     t4 = e & t3;    
2581 |     b = t1 ^ t4;    
2582 |     t6 = e ^ h;     
2583 |     t7 = f | h;     
2584 |     t8 = t6 & t7;   
2585 |     d = t3 ^ t8;    
2586 |     t10 = (~e) % 0x100000000;       
2587 |     t11 = g ^ d;    
2588 |     t12 = t10 | t11;
2589 |     a = t3 ^ t12;   
2590 |     t14 = g | t4;   
2591 |     t15 = t7 ^ t14; 
2592 |     t16 = d | t10;  
2593 |     c = t15 ^ t16
2594 |     a ^= key[4 * 12 +  8]
2595 |     b ^= key[4 * 12 +  9]
2596 |     c ^= key[4 * 12 + 10]
2597 |     d ^= key[4 * 12 + 11]
2598 |     c = rotr32(c, 22)
2599 |     a = rotr32(a, 5)
2600 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
2601 |     a ^= b ^ d
2602 |     d = rotr32(d, 7)
2603 |     b = rotr32(b, 1)
2604 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
2605 |     b ^= a ^ c
2606 |     c = rotr32(c, 3)
2607 |     a = rotr32(a, 13)
2608 |     t1 = b ^ c;     
2609 |     t2 = b | c;     
2610 |     t3 = a ^ c;     
2611 |     t7 = a ^ d;     
2612 |     t4 = t2 ^ t3;   
2613 |     t5 = d | t4;    
2614 |     t9 = t2 ^ t7;   
2615 |     e = t1 ^ t5;    
2616 |     t8 = t1 | t5;   
2617 |     t11 = a & t4;   
2618 |     g = t8 ^ t9;    
2619 |     t12 = e | t9;   
2620 |     f = t11 ^ t12;  
2621 |     t14 = a & g;    
2622 |     t15 = t2 ^ t14; 
2623 |     t16 = e & t15;  
2624 |     h = t4 ^ t16
2625 |     e ^= key[4 * 11 +  8]
2626 |     f ^= key[4 * 11 +  9]
2627 |     g ^= key[4 * 11 + 10]
2628 |     h ^= key[4 * 11 + 11]
2629 |     g = rotr32(g, 22)
2630 |     e = rotr32(e, 5)
2631 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
2632 |     e ^= f ^ h
2633 |     h = rotr32(h, 7)
2634 |     f = rotr32(f, 1)
2635 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
2636 |     f ^= e ^ g
2637 |     g = rotr32(g, 3)
2638 |     e = rotr32(e, 13)
2639 |     t1 = f ^ h;     
2640 |     t2 = (~t1) % 0x100000000;       
2641 |     t3 = e ^ g;     
2642 |     t4 = g ^ t1;    
2643 |     t7 = e | t2;    
2644 |     t5 = f & t4;    
2645 |     t8 = h ^ t7;    
2646 |     t11 = (~t4) % 0x100000000;      
2647 |     a = t3 ^ t5;    
2648 |     t9 = t3 | t8;   
2649 |     t14 = h & t11;  
2650 |     d = t1 ^ t9;    
2651 |     t12 = a | d;    
2652 |     b = t11 ^ t12;  
2653 |     t15 = t3 ^ t12; 
2654 |     c = t14 ^ t15
2655 |     a ^= key[4 * 10 +  8]
2656 |     b ^= key[4 * 10 +  9]
2657 |     c ^= key[4 * 10 + 10]
2658 |     d ^= key[4 * 10 + 11]
2659 |     c = rotr32(c, 22)
2660 |     a = rotr32(a, 5)
2661 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
2662 |     a ^= b ^ d
2663 |     d = rotr32(d, 7)
2664 |     b = rotr32(b, 1)
2665 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
2666 |     b ^= a ^ c
2667 |     c = rotr32(c, 3)
2668 |     a = rotr32(a, 13)
2669 |     t1 = a ^ d;     
2670 |     t2 = a & b;     
2671 |     t3 = b ^ c;     
2672 |     t4 = a ^ t3;    
2673 |     t5 = b | d;     
2674 |     t7 = c | t1;    
2675 |     h = t4 ^ t5;    
2676 |     t8 = b ^ t7;    
2677 |     t11 = (~t2) % 0x100000000;      
2678 |     t9 = t4 & t8;   
2679 |     f = t1 ^ t9;    
2680 |     t13 = t9 ^ t11; 
2681 |     t12 = h & f;    
2682 |     g = t12 ^ t13;  
2683 |     t15 = a & d;    
2684 |     t16 = c ^ t13;  
2685 |     e = t15 ^ t16
2686 |     e ^= key[4 * 9 +  8]
2687 |     f ^= key[4 * 9 +  9]
2688 |     g ^= key[4 * 9 + 10]
2689 |     h ^= key[4 * 9 + 11]
2690 |     g = rotr32(g, 22)
2691 |     e = rotr32(e, 5)
2692 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
2693 |     e ^= f ^ h
2694 |     h = rotr32(h, 7)
2695 |     f = rotr32(f, 1)
2696 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
2697 |     f ^= e ^ g
2698 |     g = rotr32(g, 3)
2699 |     e = rotr32(e, 13)
2700 |     t1 = (~e) % 0x100000000
2701 |     t2 = e ^ f
2702 |     t3 = t1 | t2
2703 |     t4 = h ^ t3
2704 |     t7 = h & t2
2705 |     t5 = g ^ t4
2706 |     t8 = t1 ^ t7
2707 |     c = t2 ^ t5
2708 |     t11 = e & t4
2709 |     t9 = c & t8
2710 |     t14 = t5 ^ t8
2711 |     b = t4 ^ t9
2712 |     t12 = t5 | b
2713 |     d = t11 ^ t12
2714 |     a = d ^ t14
2715 |     a ^= key[4 * 8 +  8]
2716 |     b ^= key[4 * 8 +  9]
2717 |     c ^= key[4 * 8 + 10]
2718 |     d ^= key[4 * 8 + 11]
2719 |     c = rotr32(c, 22)
2720 |     a = rotr32(a, 5)
2721 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
2722 |     a ^= b ^ d
2723 |     d = rotr32(d, 7)
2724 |     b = rotr32(b, 1)
2725 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
2726 |     b ^= a ^ c
2727 |     c = rotr32(c, 3)
2728 |     a = rotr32(a, 13)
2729 |     t1 = a & b;     
2730 |     t2 = a | b;     
2731 |     t3 = c | t1;    
2732 |     t4 = d & t2;    
2733 |     h = t3 ^ t4;    
2734 |     t6 = (~d) % 0x100000000;        
2735 |     t7 = b ^ t4;    
2736 |     t8 = h ^ t6;    
2737 |     t11 = c ^ t7;   
2738 |     t9 = t7 | t8;   
2739 |     f = a ^ t9;     
2740 |     t12 = d | f;    
2741 |     e = t11 ^ t12;  
2742 |     t14 = a & h;    
2743 |     t15 = t3 ^ f;   
2744 |     t16 = e ^ t14;  
2745 |     g = t15 ^ t16
2746 |     e ^= key[4 * 7 +  8]
2747 |     f ^= key[4 * 7 +  9]
2748 |     g ^= key[4 * 7 + 10]
2749 |     h ^= key[4 * 7 + 11]
2750 |     g = rotr32(g, 22)
2751 |     e = rotr32(e, 5)
2752 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
2753 |     e ^= f ^ h
2754 |     h = rotr32(h, 7)
2755 |     f = rotr32(f, 1)
2756 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
2757 |     f ^= e ^ g
2758 |     g = rotr32(g, 3)
2759 |     e = rotr32(e, 13)
2760 |     t1 = (~e) % 0x100000000;        
2761 |     t2 = e ^ f;     
2762 |     t3 = g ^ t2;    
2763 |     t4 = g | t1;    
2764 |     t5 = h ^ t4;    
2765 |     t13 = h & t1;   
2766 |     b = t3 ^ t5;    
2767 |     t7 = t3 & t5;   
2768 |     t8 = t2 ^ t7;   
2769 |     t9 = f | t8;    
2770 |     d = t5 ^ t9;    
2771 |     t11 = f | d;    
2772 |     a = t8 ^ t11;   
2773 |     t14 = t3 ^ t11; 
2774 |     c = t13 ^ t14
2775 |     a ^= key[4 * 6 +  8]
2776 |     b ^= key[4 * 6 +  9]
2777 |     c ^= key[4 * 6 + 10]
2778 |     d ^= key[4 * 6 + 11]
2779 |     c = rotr32(c, 22)
2780 |     a = rotr32(a, 5)
2781 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
2782 |     a ^= b ^ d
2783 |     d = rotr32(d, 7)
2784 |     b = rotr32(b, 1)
2785 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
2786 |     b ^= a ^ c
2787 |     c = rotr32(c, 3)
2788 |     a = rotr32(a, 13)
2789 |     t1 = (~c) % 0x100000000;        
2790 |     t2 = b & t1;    
2791 |     t3 = d ^ t2;    
2792 |     t4 = a & t3;    
2793 |     t5 = b ^ t1;    
2794 |     h = t4 ^ t5;    
2795 |     t7 = b | h;     
2796 |     t8 = a & t7;    
2797 |     f = t3 ^ t8;    
2798 |     t10 = a | d;    
2799 |     t11 = t1 ^ t7;  
2800 |     e = t10 ^ t11;  
2801 |     t13 = a ^ c;    
2802 |     t14 = b & t10;  
2803 |     t15 = t4 | t13; 
2804 |     g = t14 ^ t15
2805 |     e ^= key[4 * 5 +  8]
2806 |     f ^= key[4 * 5 +  9]
2807 |     g ^= key[4 * 5 + 10]
2808 |     h ^= key[4 * 5 + 11]
2809 |     g = rotr32(g, 22)
2810 |     e = rotr32(e, 5)
2811 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
2812 |     e ^= f ^ h
2813 |     h = rotr32(h, 7)
2814 |     f = rotr32(f, 1)
2815 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
2816 |     f ^= e ^ g
2817 |     g = rotr32(g, 3)
2818 |     e = rotr32(e, 13)
2819 |     t1 = g ^ h;     
2820 |     t2 = g | h;     
2821 |     t3 = f ^ t2;    
2822 |     t4 = e & t3;    
2823 |     b = t1 ^ t4;    
2824 |     t6 = e ^ h;     
2825 |     t7 = f | h;     
2826 |     t8 = t6 & t7;   
2827 |     d = t3 ^ t8;    
2828 |     t10 = (~e) % 0x100000000;       
2829 |     t11 = g ^ d;    
2830 |     t12 = t10 | t11;
2831 |     a = t3 ^ t12;   
2832 |     t14 = g | t4;   
2833 |     t15 = t7 ^ t14; 
2834 |     t16 = d | t10;  
2835 |     c = t15 ^ t16
2836 |     a ^= key[4 * 4 +  8]
2837 |     b ^= key[4 * 4 +  9]
2838 |     c ^= key[4 * 4 + 10]
2839 |     d ^= key[4 * 4 + 11]
2840 |     c = rotr32(c, 22)
2841 |     a = rotr32(a, 5)
2842 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
2843 |     a ^= b ^ d
2844 |     d = rotr32(d, 7)
2845 |     b = rotr32(b, 1)
2846 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
2847 |     b ^= a ^ c
2848 |     c = rotr32(c, 3)
2849 |     a = rotr32(a, 13)
2850 |     t1 = b ^ c;     
2851 |     t2 = b | c;     
2852 |     t3 = a ^ c;     
2853 |     t7 = a ^ d;     
2854 |     t4 = t2 ^ t3;   
2855 |     t5 = d | t4;    
2856 |     t9 = t2 ^ t7;   
2857 |     e = t1 ^ t5;    
2858 |     t8 = t1 | t5;   
2859 |     t11 = a & t4;   
2860 |     g = t8 ^ t9;    
2861 |     t12 = e | t9;   
2862 |     f = t11 ^ t12;  
2863 |     t14 = a & g;    
2864 |     t15 = t2 ^ t14; 
2865 |     t16 = e & t15;  
2866 |     h = t4 ^ t16
2867 |     e ^= key[4 * 3 +  8]
2868 |     f ^= key[4 * 3 +  9]
2869 |     g ^= key[4 * 3 + 10]
2870 |     h ^= key[4 * 3 + 11]
2871 |     g = rotr32(g, 22)
2872 |     e = rotr32(e, 5)
2873 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
2874 |     e ^= f ^ h
2875 |     h = rotr32(h, 7)
2876 |     f = rotr32(f, 1)
2877 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
2878 |     f ^= e ^ g
2879 |     g = rotr32(g, 3)
2880 |     e = rotr32(e, 13)
2881 |     t1 = f ^ h;     
2882 |     t2 = (~t1) % 0x100000000;       
2883 |     t3 = e ^ g;     
2884 |     t4 = g ^ t1;    
2885 |     t7 = e | t2;    
2886 |     t5 = f & t4;    
2887 |     t8 = h ^ t7;    
2888 |     t11 = (~t4) % 0x100000000;      
2889 |     a = t3 ^ t5;    
2890 |     t9 = t3 | t8;   
2891 |     t14 = h & t11;  
2892 |     d = t1 ^ t9;    
2893 |     t12 = a | d;    
2894 |     b = t11 ^ t12;  
2895 |     t15 = t3 ^ t12; 
2896 |     c = t14 ^ t15
2897 |     a ^= key[4 * 2 +  8]
2898 |     b ^= key[4 * 2 +  9]
2899 |     c ^= key[4 * 2 + 10]
2900 |     d ^= key[4 * 2 + 11]
2901 |     c = rotr32(c, 22)
2902 |     a = rotr32(a, 5)
2903 |     c ^= d ^ ((b << 7) & 0xFFFFFFFF)
2904 |     a ^= b ^ d
2905 |     d = rotr32(d, 7)
2906 |     b = rotr32(b, 1)
2907 |     d ^= c ^ ((a << 3) & 0xFFFFFFFF)
2908 |     b ^= a ^ c
2909 |     c = rotr32(c, 3)
2910 |     a = rotr32(a, 13)
2911 |     t1 = a ^ d;     
2912 |     t2 = a & b;     
2913 |     t3 = b ^ c;     
2914 |     t4 = a ^ t3;    
2915 |     t5 = b | d;     
2916 |     t7 = c | t1;    
2917 |     h = t4 ^ t5;    
2918 |     t8 = b ^ t7;    
2919 |     t11 = (~t2) % 0x100000000;      
2920 |     t9 = t4 & t8;   
2921 |     f = t1 ^ t9;    
2922 |     t13 = t9 ^ t11; 
2923 |     t12 = h & f;    
2924 |     g = t12 ^ t13;  
2925 |     t15 = a & d;    
2926 |     t16 = c ^ t13;  
2927 |     e = t15 ^ t16
2928 |     e ^= key[4 * 1 +  8]
2929 |     f ^= key[4 * 1 +  9]
2930 |     g ^= key[4 * 1 + 10]
2931 |     h ^= key[4 * 1 + 11]
2932 |     g = rotr32(g, 22)
2933 |     e = rotr32(e, 5)
2934 |     g ^= h ^ ((f << 7) & 0xFFFFFFFF)
2935 |     e ^= f ^ h
2936 |     h = rotr32(h, 7)
2937 |     f = rotr32(f, 1)
2938 |     h ^= g ^ ((e << 3) & 0xFFFFFFFF)
2939 |     f ^= e ^ g
2940 |     g = rotr32(g, 3)
2941 |     e = rotr32(e, 13)
2942 |     t1 = (~e) % 0x100000000
2943 |     t2 = e ^ f
2944 |     t3 = t1 | t2
2945 |     t4 = h ^ t3
2946 |     t7 = h & t2
2947 |     t5 = g ^ t4
2948 |     t8 = t1 ^ t7
2949 |     c = t2 ^ t5
2950 |     t11 = e & t4
2951 |     t9 = c & t8
2952 |     t14 = t5 ^ t8
2953 |     b = t4 ^ t9
2954 |     t12 = t5 | b
2955 |     d = t11 ^ t12
2956 |     a = d ^ t14
2957 |     a ^= key[4 * 0 +  8]
2958 |     b ^= key[4 * 0 +  9]
2959 |     c ^= key[4 * 0 + 10]
2960 |     d ^= key[4 * 0 + 11]
2961 |     if WORD_BIGENDIAN:
2962 |         a = byteswap32(a)
2963 |         b = byteswap32(b)
2964 |         c = byteswap32(c)
2965 |         d = byteswap32(d)    
2966 |     in_blk[0] = a
2967 |     in_blk[1] = b
2968 |     in_blk[2] = c
2969 |     in_blk[3] = d
2970 | 
2971 | __testkey = '\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f'
2972 | __testdat = '\x00\x01\x02\x03\x04\x05\x06\x07\x08\t\n\x0b\x0c\r\x0e\x0f'
2973 | assert '\xde&\x9f\xf83\xe42\xb8[.\x88\xd2p\x1c\xe7\\' == Serpent(__testkey).encrypt(__testdat)
2974 | assert __testdat == Serpent(__testkey).decrypt('\xde&\x9f\xf83\xe42\xb8[.\x88\xd2p\x1c\xe7\\')
2975 | 
2976 | #key = "A79CE7E04B4C9A6A"
2977 | #data = "dostr=uck&soft=1&version=214798&user=2949313305b9366b409f722912cd3c02&server=110&id=1000&crc=5912855"+'\x00'*12
2978 | 
2979 | #key = binascii.unhexlify('cb038339c965453a0f5f15e3f574e889')
2980 | #Key for explorer inject c2 response
2981 | #key = binascii.unhexlify('72297443c66de8275af19c4b2eb590af')
2982 | #key for explorer update binary
2983 | #key = binascii.unhexlify('79841356bdf8f7ea41ac1bbe05a07fd2')
2984 | #key=binascii.unhexlify('96363e00b0349100e8fb1a01df560100')
2985 | #key = binascii.unhexlify('b7aa016cdb7ec5603f92c994e3e60d08')
2986 | #key= "87654321POIUYTRE"
2987 | #data = open(sys.argv[1],'rb').read()
2988 | #data = base64.b64decode('9MWxJHQB2U3H9YKoHCiv/qN8a0i1LF3AIhXHwptsOgu4kuPr2qVg2UKV/09xVYsTgxrVVJpqXIkpwi1twjnKZbGBRrI5rQGdthYPBThI1lxJqlAOQB+dXa8nw71VAqf6Ojn1d6Y/ZIWNsF/wYEq85E'+'==')
2989 | key = "77694321POIRYTRI"
2990 | data = base64.b64decode('07cQjh78kh9/7Bko9MXaAhDpedgnuZyGeOKKI2LsDNQQF+chxOxhOXrqgnPAATLfeB9jQkF4RR3sJVr7rWAOT485anqeUiMzjqdcswwKNtn9pscKWpK/RFsaO8k83UR6VeLIC6oQJsgGGfOaxiDJZi'+'==')
2991 | '''
2992 | #CBC Encrypt
2993 | def serpent_cbc_encrypt(key, data):
2994 |     out = ""
2995 |     last = '\x00'*16
2996 |     for i in range((len(data)/16)):
2997 |         temp = data[i*16:(i+1)*16]
2998 |         to_encode = ""
2999 |         for j in range(4):
3000 |             temp1 = struct.unpack_from('<I', temp[j*4:])[0]
3001 |             temp2 = struct.unpack_from('<I', last[j*4:])[0]
3002 |             to_encode += struct.pack('<I',((temp1 ^ temp2) & 0xffffffff))
3003 |         last= Serpent(key).encrypt(to_encode)
3004 |         out += last
3005 |     #print(binascii.hexlify(Serpent(key).encrypt(data)))
3006 |     return out
3007 | '''
3008 | #CBC Decrypt
3009 | 
3010 | #data = out
3011 | #data = base64.b64decode('m89YU8FR+Lnh4BjlLxDt7+v438LF/bJ8xe7ol0u0cwYZkh0DXcEFUPxp/lFGWJNB7hXLQHerxCTURJJPaTVSnxx8JvjuSIi183z9S4gxxnr32llYlmn6SSylEN/16gIsyhMazJwpDyN3tfg7FYfye4==')
3012 | def serpent_cbc_decrypt(key,data):
3013 |     out2 = ""
3014 |     last = '\x00'*16
3015 |     for i in range((len(data)/16)):
3016 |         temp = Serpent(key).decrypt(data[i*16:(i+1)*16])
3017 |         to_decode = ""
3018 |         for j in range(4):
3019 |             temp1 = struct.unpack_from('<I', temp[j*4:])[0]
3020 |             temp2 = struct.unpack_from('<I', last[j*4:])[0]
3021 |             to_decode += struct.pack('<I',((temp1 ^ temp2) & 0xffffffff))
3022 |         out2 += to_decode
3023 |         last = data[i*16:(i+1)*16]
3024 |     return out2
3025 | #print(serpent_cbc_decrypt(key,data))
3026 | #open(sys.argv[1]+'.decr','wb').write(serpent_cbc_decrypt(key,data))
3027 | 


--------------------------------------------------------------------------------