我也研究了有关Malwarebytes的出色信息
我找不到有意义的字符串,也无法使binwalk对已保存的文件有任何意义。
我缺少什么吗?有人可以建议其他任何方法来产生未固定文件吗?
#1 楼
它只是加法/减法(256模)。#!/usr/bin/python3
# These key bytes are the two's complement of the hex sequence mentioned in the question.
# The string appears twice in the decrypted blob, which makes me think it's what is used.
key = [ord(n) for n in "llp_owon"]
with open("AFG1022_V1.2.4.tfb", "rb") as infile:
data = infile.read()
outdata=bytearray()
for n in range(0, len(data)):
outdata.append((data[n]+key[n%len(key)])&0xff)
with open("decrypted.bin", "wb") as outfile:
outfile.write(outdata)
编辑:一些额外的信息: