Skip to content

Instantly share code, notes, and snippets.

@drole

drole/GootloaderCyberchefRecipe.txt

Last active July 12, 2024 17:21
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save drole/8f695bd1616ee492f7aa06be9a35c82c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save drole/8f695bd1616ee492f7aa06be9a35c82c to your computer and use it in GitHub Desktop.
Download ZIP
Gootloader Decode Recipe
Raw
GootloaderCyberchefRecipe.txt
// CyberChef Recipe to deobfuscate Gootloader encoded string
// Use: https://github.com/drole/CyberChef
Unescape_string()
Gootloader_Decode()
JavaScript_Beautify('\\t','Auto',true,true)
Regular_expression('User defined','\\(\'(.*?)\'\\)',true,true,false,false,false,false,'List capture groups')
Unescape_string()
Gootloader_Decode()
JavaScript_Beautify('\\t','Auto',true,true)
@drole
Copy link
Author

drole commented Aug 14, 2023

Gootloader .JS sample

https://gist.github.com/drole/b6f1d5240742bba1984fb8ec96bbc7f4

@drole
Copy link
Author

drole commented Aug 14, 2023
edited
Loading

Decode Gootloader encoded string

image

@drole
Copy link
Author

drole commented Aug 14, 2023

You may also want to parse the actual Gootloader code from JS

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment