The batch is so obfuscated with Chinese it is so sus.

iwannet / LanschoolBlocker

A program that stops the lanschool and lanschool air program from starting

http://www.iwannet.cc/LanschoolBlocker/

GNU Affero General Public License v3.0

4 stars 1 forks source link

The batch is so obfuscated with Chinese it is so sus. #2

Closed Nikolaaa24 closed 10 months ago

Nikolaaa24 commented 10 months ago

Describe the feature

Why the fuck would you obfuscate it so bad when it is not malware (unless it is)?

Before submitting a suggestion

[X] This feature doesn't already exist.
[X] This wasn't already suggested. (I have searched suggestions on GitHub and read the FAQ)

iwannet commented 10 months ago

Yeah, it's a long story, it's actually because I was using this myself and I didn't want my teachers to find out. And then I actually forgot that it was still obfuscated. Do you want me to put the source code online, or deobfuscate the script ?

Nikolaaa24 commented 10 months ago

whatever you want just notify me when you do one of those, if you don't want to post the source code then just deobfuscate it

SmilerRyan commented 10 months ago

I can't comment on the original code (I got round the chiniese, but theres still too many substitutions for me to work though), but based on my runnings in a sandbox (and as expected) it just runs 4 commands on a loop.

I made a one-liner that kills the same 3 processes and loops itself, to re-create this.

Kill_Lanschool.bat.txt

iwannet commented 10 months ago

Here is the source code. Yes i know the code is really easy. But remember i made this project so its easier to use by non-techy people.

@echo off

msg * "LanschoolAir_Blocker started successfully. Credits to iwannet, Check my website: www.iwannet.cc" 

for /l %%i in (1,1,2147483647) do (

    taskkill /im LSAirClient.exe /f 
    taskkill /im LSAirClientUI.exe /f 
    taskkill /im student.exe /f
    timeout /t 1

)