From a617f59a992a1d56328f0c32e3e303db3fef975d Mon Sep 17 00:00:00 2001
From: WitherOrNot
Date: Thu, 13 Feb 2025 18:37:59 -0500
Subject: Add files via upload

---
 splog.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 splog.py

(limited to 'splog.py')

diff --git a/splog.py b/splog.py
new file mode 100644
index 0000000..c2e36b1
--- /dev/null
+++ b/splog.py
@@ -0,0 +1,16 @@
+# Decrypt C:\Windows\System32\spsys.log from Windows 7
+# Can be used to trace functions executed in spsys
+
+from Crypto.Cipher import AES
+from struct import unpack
+
+aeskey = bytes([0x5B, 0x68, 0x49, 0x25, 0x79, 0x7B, 0x81, 0xFE, 0x5C, 0x44, 0x1B, 0x08, 0x2B, 0xEA, 0xEC, 0x4E])
+
+log_data = b""
+
+with open("spsys.log", "rb") as f:
+    aes = AES.new(aeskey, AES.MODE_ECB)
+    log_data = aes.decrypt(f.read()[0x28:])
+
+with open("spsys_log_d.bin", "wb") as f:
+    f.write(log_data)
\ No newline at end of file
-- 
cgit v1.2.3