Can Someone help me make sense of this.

Ask coding questions

Can Someone help me make sense of this.

Below is a snippet of some code in an unknown language, what is your best guess as to what its purpose is, and
what is your reasoning?

def dc(l)
case l
when l ~= 97 .. 109 or 65 .. 77
l.raw + 0x0D
when l ~= 110 .. 122 or 78 .. 90
l.raw - 0x0D
else
l.raw
end
end
def dw(w)
w[*] do |l|
dc(l)
end.join
end
def handleNetworkMessage(input)
message[] = input.split(32)
if dw(message[0]) == 'gimmie' and message[0].len == 4 and message.len >= 3
rtr = dw(message[2])
if rtr == '2po2qj4;as94kd'
System.file.read(dw(message[1]))
else
TCP.Raw.Fin
else
TCP.Raw.Fin
end
end

Voters

Comments

hot new top

Okay, that is definitely Ruby code.

What is it doing? The dc() and dw() functions both implement a very poor cipher, roughly equivalent to this python code:

def cipher(s):
    rc = ""
    for ch in s:
        if ch in "abcdefghijklm" or ch in "ABCDEFGHIJKLM":
            v = ord(ch) + 13
            rc += chr(v)
        elif ch in "nopqrstuvwxyz" or ch in "NOPQRSTUVWXYZ":
            v = ord(ch) - 13
            rc += chr(v)
        else:
            rc += ch

    return rc

It is looking for a command that would look roughly like:

tvzzr **enciphered-filename** 2cb2dw4;nf94xq

Where the third word is an enciphered password and the second word is the filename to grab.

Unfortunately there appears to be a bug in the code, since it looks for a match with "gimme" (enciphered as "tvzzr") but expects the length to be 4, when it should be 6. So I don't this code can do anything unless I have missed something.

That looks like Ruby.

In particular the case...when constructs in the first function, and the do |var| ... end.join idiom in the second function sure are ruby constructs.

it could be pyc

I am not sure if this is availible on repl. if you look closely you see that if statements don't have an end mark like : or ; so it cant be correct otherwise beside TCP.Raw.Fin and end I would say a wonk version of python. Maybe like an old version maybe 1.4

@DavidSafro very interesting, I think I am going to google the versions and see what I can find.

Wait it might be C++. Where the heck did you find this

@peternielsen112 @DOMENECHE if you found this on a strange file on your computer it could be like a keystroke logger. Also on your markdown for the post, add:

content

To make code block

@peternielsen112 for the first line 'def' is more common on python, please correct me if I am wrong. I am in the learning process.

@peternielsen112 can you elaborate, what makes you believe is a keystroke logger? I posted the code lines like this because I don't know what it is, and I don't want people to run this and get some stuff on their computer.

@DOMENECHE reiteration: where did you find this

@DOMENECHE Also. I believe it could be doing something and sending it based on the TCP port references.

@peternielsen112 I was doing a lab challenge on VM (CTF type), and this was in a hidden file on a web code. And I am trying to find out what it is before I submit a report where I found it.

@DOMENECHE yeah, it might be pyc. I don't know, sorry. Glad to give whatever help I could.

@peternielsen112 what is pyc? If you don't mind me asking, I google it, but I can find a dummy explanation for me to grasp the information.

@DOMENECHE .pyc is usually a python file to be compiled using C. But I don't think that this is it. Did that answer your question?

Wow, idk. Um. Maybe... ummmm... basic? assembly code? Aah.

@peternielsen112 I have no idea how to approach this...

@DOMENECHE Nor I. I've never seen this. Maybe try googling different lines, see if it finds anything? I'll help.