decrypt.py

#!/usr/bin/env python3
import sys
import os
import gzip
import io
from zipfile import BadZipFile, ZipFile
import xxtea
import jsbeautifier

# You can change these keys as needed:
KEY_XOR = "jycrypt"
KEY_XXTEA = "65485d8a-8161-4c"

def main():
    if len(sys.argv) < 2:
        print("Usage: python decrypt.py <input_file>")
        sys.exit(1)

    input_file = sys.argv[1]

    # Read the entire input file as bytes
    with open(input_file, 'rb') as f:
        data = f.read()

    # XOR step with KEY_XOR
    key_bytes = KEY_XOR.encode('utf-8')
    key_len = len(key_bytes)
    xored_data = bytearray(len(data))
    for i in range(len(data)):
        xored_data[i] = data[i] ^ key_bytes[i % key_len]

    # Remove the first 7 bytes after XOR
    if len(xored_data) < 7:
        print("Error: XORed data is too short to remove 7 bytes.")
        sys.exit(1)
    xored_data = xored_data[7:]

    # XXTEA decrypt
    decrypted_data = xxtea.decrypt(xored_data, KEY_XXTEA)
    if not decrypted_data:
        print("Error: XXTEA decryption failed. Possibly a wrong key?")
        sys.exit(1)

    # Attempt GZIP decompression
    is_gzip_file = True
    try:
        final_data = gzip.decompress(decrypted_data)
        print("It IS a GZIP archive.")
    except gzip.BadGzipFile:
        print("It's NOT a GZIP archive.")
        is_gzip_file = False
        final_data = decrypted_data

    # Construct the output filename
    # (take the input filename without extension, add .js or .zip accordingly)
    base_name = os.path.splitext(input_file)[0]

    if not is_gzip_file:
        # Check if it's a ZIP archive
        try:
            zip_file = io.BytesIO(final_data)
            with ZipFile(zip_file) as _:
                pass  # If this succeeds, it's a valid ZIP
            output_file = base_name + ".zip"
            print("It IS a ZIP archive.")
        except BadZipFile:
            output_file = base_name + ".js"
            print("It is NOT a ZIP archive.")
    else:
        output_file = base_name + ".js"

    # If the output is a JS file, try to beautify it
    if output_file.endswith(".js"):
        try:
            # Attempt to decode final data as UTF-8
            decoded_str = final_data.decode("utf-8")
            # Beautify the JS code
            beautified_str = jsbeautifier.beautify(decoded_str)
            final_data = beautified_str.encode("utf-8")
        except UnicodeDecodeError:
            print("Warning: Could not decode final data as UTF-8. Skipping beautification.")

    # Write final data
    with open(output_file, 'wb') as out_f:
        out_f.write(final_data)

    print(f"Decrypted file written to: {output_file}")

if __name__ == "__main__":
    main()

encrypt.py

#!/usr/bin/env python3

import sys
import os
import io
import gzip
import xxtea
from jsmin import jsmin

# You can change these keys as needed:
KEY_XOR = "jycrypt"
KEY_XXTEA = "65485d8a-8161-4c"

def main():
    if len(sys.argv) < 2:
        print("Usage: python encrypt.py <input_file>")
        sys.exit(1)

    input_file = sys.argv[1]

    # Read the entire input file (expected JS code)
    with open(input_file, 'rb') as f:
        data = f.read()

    # Convert to text (UTF-8) for JS minification
    # (If your file has a different encoding, adjust accordingly)
    try:
        text_data = data.decode('utf-8')
    except UnicodeDecodeError:
        print("Warning: Could not fully decode file as UTF-8. Proceeding with 'replace' errors policy.")
        text_data = data.decode('utf-8', errors='replace')

    # Minify using jsmin
    minified_text = jsmin(text_data)
    minified_data = minified_text.encode('utf-8')

    # GZIP compress the minified data
    gzip_buffer = io.BytesIO()
    with gzip.GzipFile(fileobj=gzip_buffer, mode='wb') as gz:
        gz.write(minified_data)
    compressed_data = gzip_buffer.getvalue()

    # XXTEA encrypt the compressed data
    encrypted_data = xxtea.encrypt(compressed_data, KEY_XXTEA)

    # XOR with KEY_XOR
    key_bytes = KEY_XOR.encode('utf-8')
    key_len = len(key_bytes)
    xored_data = bytearray(len(encrypted_data))
    for i in range(len(encrypted_data)):
        xored_data[i] = encrypted_data[i] ^ key_bytes[i % key_len]

    # Construct output filename (same base name, .jsc extension)
    base_name = os.path.splitext(input_file)[0]
    output_file = base_name + ".jsc"

    # Write the "jycrypt" literal first, then the XOR'ed data
    with open(output_file, 'wb') as out_f:
        out_f.write(key_bytes)    # Write the 7 bytes of "jycrypt"
        out_f.write(xored_data)   # Then the encrypted (XXTEA) + XOR'ed data

    print(f"Encrypted file written to: {output_file}")

if __name__ == "__main__":
    main()

regsearch.py

#!/usr/bin/env python3

import sys
import re

def main():
    if len(sys.argv) != 3:
        print(f"Usage: {sys.argv[0]} <filename> <regex>")
        sys.exit(1)

    filename = sys.argv[1]
    pattern_str = sys.argv[2]

    # Read the file in binary mode
    with open(filename, "rb") as f:
        data = f.read()

    # Compile the pattern as bytes (using .encode()).
    # DOTALL allows '.' to match any character including newlines.
    pattern_bytes = pattern_str.encode()
    regex = re.compile(pattern_bytes, flags=re.DOTALL)

    # Find all matches
    matches = regex.findall(data)

    # Print each match found
    # Note that each 'match' is a bytes object
    for match in matches:
        print(match)

if __name__ == "__main__":
    main()