bored-engineer · August 14, 2025 06:29
diff --git a/decrypt_github_enterprise.rb b/decrypt_github_enterprise.rb
 #!/usr/bin/ruby
 #
 # This tool is only used to "decrypt" the github enterprise source code.
 #
 # Run in the /data directory of the instance.

 require "zlib"

 KEY = "This obfuscation is intended to discourage GitHub Enterprise customers "+
 "from making modifications to the VM. We know this 'encryption' is easily broken. "

 class String
  def unescape
    buffer = []
    mode = 0
    tmp = ""

    # https://github.com/ruby/ruby/blob/trunk/doc/syntax/literals.rdoc#strings
    sequences = {
      "a"  => 7,
      "b"  => 8,
      "t"  => 9,
      "n"  => 10,
      "v"  => 11,
      "f"  => 12,
      "r"  => 13,
      "e"  => 27,
      "s"  => 32,
      "\"" => 34,
      "#"  => 35,
      "\\" => 92,
      "{"  => 123,
      "}"  => 125,
    }

    self.chars.each do |c|
      if mode == 0
        if c == "\\"
          mode = 1
          tmp = ""
        else
          buffer << c.ord
        end
      else
        tmp << c

        if tmp[0] == "x"
          if tmp.length == 3
            buffer << tmp[1..2].hex
            mode = 0
            tmp = ""
            next
          else
            next
          end
        end

        if tmp.length == 1 && sequences[tmp]
          buffer << sequences[tmp]
          mode = 0
          tmp = ""
          next
        end

        raise "Unknown sequences: \"\\#{tmp}\""
      end
    end

    buffer.pack("C*")
  end

  def decrypt
    i, plaintext = 0, ''

    Zlib::Inflate.inflate(self).each_byte do |c|
      plaintext << (c ^ KEY[i%KEY.length].ord).chr
      i += 1
    end
    plaintext
  end
 end

 Dir.glob("**/*.rb").each do |file|
  next if File.directory?(file)
  next if not File.exists?(file)
  header = "__ruby_concealer__ \""
  len = header.length
  File.open(file, "r+") do |fh|
    if fh.read(len) == header
      puts file
      ciphertext = fh.read[0..-1].unescape
      plaintext  = ciphertext.decrypt
      fh.truncate(0)
      fh.rewind
      fh.write(plaintext)
    end
  end
 end
diff --git a/zzz_gcp.sh b/zzz_gcp.sh
 GHES_VERSION="3-17-4"
 gcloud compute networks create ghes-$GHES_VERSION --subnet-mode auto
 gcloud compute firewall-rules create ghes-$GHES_VERSION \
  --network ghes-$GHES_VERSION \
  --allow tcp:22,tcp:25,tcp:80,tcp:122,udp:161,tcp:443,udp:1194,tcp:8080,tcp:8443,tcp:9418,icmp
 gcloud compute disks create ghes-$GHES_VERSION-data --size 200G --type pd-balanced --zone us-central1-a
 gcloud compute instances create ghes-$GHES_VERSION \
  --machine-type n2d-standard-8 \
  --image github-enterprise-$GHES_VERSION \
  --disk name=ghes-$GHES_VERSION-data \
  --metadata serial-port-enable=1 \
  --zone us-central1-a \
  --network ghes-$GHES_VERSION \
  --image-project github-enterprise-public

 EXTERNAL_IP="..."
 rsync -Wauhv \
  -e 'ssh -p 122' \
  --progress \
  --rsync-path="sudo rsync" \
  --exclude /data/user/ \
  --exclude /tmp/ \
  --exclude /var/tmp/ \
  --exclude /run/containerd/ \
  --exclude /run/systemd/ \
  --exclude /var/lib/collectd/ \
  --exclude /proc/ \
  --exclude /dev/ \
  --exclude /sys/ \
  --exclude /data/git-hooks/default/usr/share/man/ \
  --exclude /usr/share/man/ \
  --exclude /usr/share/terminfo/ \
  admin@$EXTERNAL_IP:/ \
  ghes-$GHES_VERSION
	#!/usr/bin/ruby
	#
	# This tool is only used to "decrypt" the github enterprise source code.
	#
	# Run in the /data directory of the instance.

	require "zlib"

	KEY = "This obfuscation is intended to discourage GitHub Enterprise customers "+
	"from making modifications to the VM. We know this 'encryption' is easily broken. "

	class String
	def unescape
	buffer = []
	mode = 0
	tmp = ""

	# https://github.com/ruby/ruby/blob/trunk/doc/syntax/literals.rdoc#strings
	sequences = {
	"a" => 7,
	"b" => 8,
	"t" => 9,
	"n" => 10,
	"v" => 11,
	"f" => 12,
	"r" => 13,
	"e" => 27,
	"s" => 32,
	"\"" => 34,
	"#" => 35,
	"\\" => 92,
	"{" => 123,
	"}" => 125,
	}

	self.chars.each do \|c\|
	if mode == 0
	if c == "\\"
	mode = 1
	tmp = ""
	else
	buffer << c.ord
	end
	else
	tmp << c

	if tmp[0] == "x"
	if tmp.length == 3
	buffer << tmp[1..2].hex
	mode = 0
	tmp = ""
	next
	else
	next
	end
	end

	if tmp.length == 1 && sequences[tmp]
	buffer << sequences[tmp]
	mode = 0
	tmp = ""
	next
	end

	raise "Unknown sequences: \"\\#{tmp}\""
	end
	end

	buffer.pack("C*")
	end

	def decrypt
	i, plaintext = 0, ''

	Zlib::Inflate.inflate(self).each_byte do \|c\|
	plaintext << (c ^ KEY[i%KEY.length].ord).chr
	i += 1
	end
	plaintext
	end
	end

	Dir.glob("*/.rb").each do \|file\|
	next if File.directory?(file)
	next if not File.exists?(file)
	header = "__ruby_concealer__ \""
	len = header.length
	File.open(file, "r+") do \|fh\|
	if fh.read(len) == header
	puts file
	ciphertext = fh.read[0..-1].unescape
	plaintext = ciphertext.decrypt
	fh.truncate(0)
	fh.rewind
	fh.write(plaintext)
	end
	end
	end
	GHES_VERSION="3-17-4"
	gcloud compute networks create ghes-$GHES_VERSION --subnet-mode auto
	gcloud compute firewall-rules create ghes-$GHES_VERSION \
	--network ghes-$GHES_VERSION \
	--allow tcp:22,tcp:25,tcp:80,tcp:122,udp:161,tcp:443,udp:1194,tcp:8080,tcp:8443,tcp:9418,icmp
	gcloud compute disks create ghes-$GHES_VERSION-data --size 200G --type pd-balanced --zone us-central1-a
	gcloud compute instances create ghes-$GHES_VERSION \
	--machine-type n2d-standard-8 \
	--image github-enterprise-$GHES_VERSION \
	--disk name=ghes-$GHES_VERSION-data \
	--metadata serial-port-enable=1 \
	--zone us-central1-a \
	--network ghes-$GHES_VERSION \
	--image-project github-enterprise-public

	EXTERNAL_IP="..."
	rsync -Wauhv \
	-e 'ssh -p 122' \
	--progress \
	--rsync-path="sudo rsync" \
	--exclude /data/user/ \
	--exclude /tmp/ \
	--exclude /var/tmp/ \
	--exclude /run/containerd/ \
	--exclude /run/systemd/ \
	--exclude /var/lib/collectd/ \
	--exclude /proc/ \
	--exclude /dev/ \
	--exclude /sys/ \
	--exclude /data/git-hooks/default/usr/share/man/ \
	--exclude /usr/share/man/ \
	--exclude /usr/share/terminfo/ \
	admin@$EXTERNAL_IP:/ \
	ghes-$GHES_VERSION