[android] Decrypting malware

	import os
	import sys
	class FileManager:
	_instance = None
	def __new__(cls):
	if cls._instance is None:
	cls._instance = super().__new__(cls)
	return cls._instance
	def open(self, file_path, mode):
	return open(file_path, mode)
	class FileDecryptor:
	def __init__(self, asset_manager):
	self.asset_manager = asset_manager
	def decrypt_and_read_file(self, input_path, output_path):
	try:
	with self.asset_manager.open(input_path, 'rb') as input_stream:
	byte_array = self._read_input_file(input_stream)
	self._decrypt_bytes(byte_array)
	self._write_output_file(output_path, byte_array)
	except Exception:
	return None
	def _read_input_file(self, input_stream):
	byte_array = bytearray()
	arr_b = bytearray(0x8000)
	while True:
	v1 = input_stream.readinto(arr_b)
	if v1 == 0:
	break
	byte_array.extend(arr_b[:v1])
	return byte_array
	def _decrypt_bytes(self, byte_array):
	for v in range(min(50000, len(byte_array))):
	byte_array[v] ^= 50
	def _write_output_file(self, output_path, byte_array):
	with open(output_path, 'wb') as file_output_stream:
	file_output_stream.write(byte_array)
	class FileProcessing:
	def __init__(self, input_file):
	self.input_file = input_file
	def process(self):
	file_manager = FileManager()
	file_decryptor = FileDecryptor(file_manager)
	file_name_without_ext, _ = os.path.splitext(self.input_file)
	output_file_name = f"{file_name_without_ext}_result.apk"
	count = 0
	while os.path.exists(output_file_name):
	count += 1
	output_file_name = f"{file_name_without_ext}_result{count}.apk"
	file_decryptor.decrypt_and_read_file(self.input_file, output_file_name)
	print(f"Decrypted file saved as {output_file_name}")
	if __name__ == "__main__":
	if len(sys.argv) < 2:
	print("Usage: python script_name.py <input_file>")
	sys.exit(1)
	file_processing = FileProcessing(sys.argv[1])
	file_processing.process()

view raw dec3.py hosted with ❤ by GitHub

 

https://www.youtube.com/watch?v=4je_ugb-2Tk