-
Notifications
You must be signed in to change notification settings - Fork 11
/
xamarin-decompress.py
72 lines (64 loc) · 2.07 KB
/
xamarin-decompress.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
import lz4.block
import os
import sys
#Usage
def printUsageAndExit():
print("Check a file or directory for Xamarin .NET compressed assemblies and")
print("decompresses them ready to decompile.")
print("")
print("Usage: xamarin-decompress.py [-o] <file-or-dir-path>")
print(" If a file is specified, that file is decompressed, otherwise the")
print(" directory is walked and all compressed .exe and .dll files are")
print(" decompressed.")
print("")
print(" -o if specified, the original files will be overwritten with the")
print(" decompressed data, otherwise the decompressed data will be written")
print(" to <original-name>.decompressed.ext.")
sys.exit(1)
#Check args
if len(sys.argv) < 2 or len(sys.argv) > 3:
printUsageAndExit()
#Grab args
target = ""
overwrite = False
if len(sys.argv) == 3:
if sys.argv[1] == "-o":
overwrite = True
target = sys.argv[2]
elif sys.argv[2] == "-o":
overwrite = True
target = sys.argv[1]
else:
printUsageAndExit()
else:
target = sys.argv[1]
#Check if a file is compressed and, if so, decompress it
def checkAndDecompress(filename):
global overwrite
print("Checking: " + filename)
fh = open(filename, "rb")
hdr = fh.read(8)
print(hdr)
if hdr[:4] == "XALZ".encode("utf-8"):
print("[+] Found XALZ in header, decompressing...")
dd = fh.read()
fh.close()
try:
dd = lz4.block.decompress(dd)
filenameout = filename
if overwrite == False:
filenameout = filename[:-3] + "decompressed" + filename[-4:]
fh = open(filenameout, "wb")
fh.write(dd)
fh.close()
print("[+] Decompressed assembly written to " + filenameout)
except Exception as ex:
print("[-] Decompression failed.\n" + str(ex))
#Check if the target is a file or directory
if os.path.isfile(target):
checkAndDecompress(target)
else:
for root, dirs, files in os.walk(target):
for filename in files:
if filename.lower().endswith(".exe") or filename.lower().endswith(".dll"):
checkAndDecompress(os.path.join(root, filename))