Snippets

Alexander Hanel JSE Header

Created by Alexander Hanel
jse_test.py
Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
import base64
import sys

"""
JSE Header: dword="#@~^", qword=size of the encoded JS stored in base64 
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000  23 40 7E 5E 6A 68 30 46 41 41 3D 3D 64 6D 33 72  #@~^jh0FAA==dm3r

struct.unpack("<I",base64.b64decode("jh0FAA=="))
(335246,)
""" 

def is_jse(data):
    header = data[:4]
    b64_data = data[4:]

    if "#@~^" in header:
        try:
            base64.decodestring(b64_data)
            return True
        except:
            return False 

with open(sys.argv[1], "rb") as f:
    data = f.read(0xC)

print is_jse(data)

Comments (0)

HTTPS SSH

You can clone a snippet to your computer for local editing. Learn more.