Description

Translate.py is a Python script written by Didier Stevens to perform bitwise operations on files (like XOR, ROL/ROR, …). You specify the bitwise operation to perform as a Python expression, and pass it as a command-line argument.

Installation

$ cd /data/src/
$ wget http://www.didierstevens.com/files/software/translate.zip
$ unzip translate.zip
$ chmod +x translate.py

Usage

$ ./translate.py infile outfile 'command [script-file]' 

Example

We have an intial hex-encoded string (saved in encoded.hex) that we know being XOR-encoded with the key 0x5b. Let's first convert it to raw format:

$ xxd -r -p encoded.hex > encoded.raw

Now, let's use translate.py to decode the raw data by XOR'ing each of its bytes with the key:

$ ./translate.py encoded.raw decoded.txt 'byte ^ 0x5b' 
$ cat decoded.txt
Idle;System;smss.exe;csrss.exe;winlogon.exe;services.exe;lsass.exe;vmacthlp.exe;svchost.exe;svchost.exe;svchost.exe;svchost.exe;svchost.exe;
explorer.exe;spoolsv.exe;vmtoolsd.exe;jqs.exe;sqlservr.exe;vmtoolsd.exe;TPAutoConnSvc.exe;alg.exe;TPAutoConnect.exe;wscntfy.exe;wmiapsrv.exe;
ProcessHacker.exe;brbbot.exe

Comments