def decrypt_string()

in nightMARE/src/nightmare/malware/stealc/crypto.py [0:0]

• 19 lines of code
• 6 McCabe index (conditional complexity)

def decrypt_string(string: bytes, key: bytes) -> bytes:
    """
    This function implements custom rc4 decryption function used in Stealc.
    Within this implementation, the algo only performs XOR if byte and
    keystream_byte are not equal.
    """
    S = list(range(256))
    j = 0
    key_length = len(key)
    plaintext = bytearray(len(string))

    for i in range(256):
        j = (j + S[i] + key[i % key_length]) % 256
        S[i], S[j] = S[j], S[i]

    i = j = 0
    for idx, byte in enumerate(string):
        i = (i + 1) % 256
        j = (j + S[i]) % 256
        S[i], S[j] = S[j], S[i]
        keystream_byte = S[(S[i] + S[j]) % 256]
        if byte != keystream_byte:  # Only XOR if byte and keystream_byte are not equal
            plaintext[idx] = byte ^ keystream_byte
        else:
            plaintext[idx] = byte

    return bytes(plaintext)