这是一个简单的批处理代码混淆案例,查看原始内容的方法也是很简单,大佬们只需要去掉文件开头的 0xFF/0xFE 就可以看了嗷..
import re
key = 'ayjVGtkSeWniFrOzUNfDlvhCgcboZwBYHMETqIKpmxRuXPJdQsAL'
replacestr = 'Bullshit'
#encode
#%tbmc:~11,1%
fin = open("decode.txt","r")
alllines = fin.readlines();
fin.close()
fout = open("encode.txt","a")
for line in alllines:
if line[0]==':':
fout.write(line)
continue
strout = ''
strlen = len(line)
flag =True
##1 == %xx% 2 == %~ 3 == %%i
mode = 0
for i in xrange(0,strlen):
if line[i]=='%' and line[i+1]=='%' and mode==0:
flag = False
mode =3
strout = strout+line[i]
continue
elif line[i]=='%' and line[i+1]=='~' and mode==0:
flag = False
mode =2
strout = strout+line[i]
continue
elif line[i]=='%' and key.find(line[i+1])>=0 and mode==0:
flag = False
mode =1
strout = strout+line[i]
continue
elif mode ==3 and line[i]=='%':
strout = strout+line[i]
continue
if line[i]=='%' and mode ==1:
mode =0
flag = True
strout = strout+line[i]
continue
elif line[i]=='"' and mode ==2 or mode ==3:
mode =0
flag = True
strout = strout+line[i]
continue
elif line[i]==' ' and mode ==3:
mode =0
flag = True
strout = strout+line[i]
continue
nPos = key.find(line[i])
if nPos>=0 and flag == True:
temp = '%'+replacestr+':~'+str(nPos)+',1%'
strout = strout + temp
else:
strout = strout+line[i]
fout.write(strout)
fout.close()
