diff options
| author | WitherOrNot | 2025-02-13 23:37:59 +0000 |
|---|---|---|
| committer | GitHub | 2025-02-13 23:37:59 +0000 |
| commit | a617f59a992a1d56328f0c32e3e303db3fef975d (patch) | |
| tree | 1fa65b0b728e8787a6cccd138712281c63006414 /splog.py | |
| parent | 634b353ebbfc6f465b13a18ae178f0bfd96510f8 (diff) | |
| download | spp-stuff-a617f59a992a1d56328f0c32e3e303db3fef975d.zip | |
Add files via upload
Diffstat (limited to 'splog.py')
| -rw-r--r-- | splog.py | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/splog.py b/splog.py new file mode 100644 index 0000000..c2e36b1 --- /dev/null +++ b/splog.py @@ -0,0 +1,16 @@ +# Decrypt C:\Windows\System32\spsys.log from Windows 7
+# Can be used to trace functions executed in spsys
+
+from Crypto.Cipher import AES
+from struct import unpack
+
+aeskey = bytes([0x5B, 0x68, 0x49, 0x25, 0x79, 0x7B, 0x81, 0xFE, 0x5C, 0x44, 0x1B, 0x08, 0x2B, 0xEA, 0xEC, 0x4E])
+
+log_data = b""
+
+with open("spsys.log", "rb") as f:
+ aes = AES.new(aeskey, AES.MODE_ECB)
+ log_data = aes.decrypt(f.read()[0x28:])
+
+with open("spsys_log_d.bin", "wb") as f:
+ f.write(log_data)
\ No newline at end of file |