def __pixels_extraction_implementation()

in nightMARE/src/nightmare/malware/ghostpulse/payload.py [0:0]

• 21 lines of code
• 5 McCabe index (conditional complexity)

def __pixels_extraction_implementation(data: bytes) -> bytes | None:
    """
    Extracts the configuration from the pixels of the PNG file.

    :param data: The PNG file data.
    :return: The decrypted configuration or None.
    """
    image_file = BytesIO()
    image = Image.open(BytesIO(data))
    width, height = image.size
    pixels_data = bytearray(
        [
            component
            for i in range(height)
            for j in range(width)
            for component in image.getpixel((j, i))
        ]
    )

    if not (tag_offset := __find_tag_offset(pixels_data)):
        return None
    start_data = pixels_data[tag_offset:]
    encrypted_data = utils.get_data(start_data, ENCRYPTED_DATA_OFFSET)
    xor_key = utils.get_data(start_data, XOR_KEY_OFFSET_PIXELS, size=4)
    length = int.from_bytes(utils.get_data(start_data, LENGTH_OFFSET, size=4), "little")
    decrypted_data = bits.xor(utils.get_data(encrypted_data, 0, size=length), xor_key)
    image_file.close()
    return decrypted_data