Hacker News new | ask | show | jobs
by spiorf 1180 days ago
Playbook files are password protected archives. Anyone cares to reverse engineer the password from the executable?
4 comments
Kwpolska 1180 days ago
The password seems to be "malte". The executable is completely unobfuscated .NET, and all you need for "reverse engineering" is ILSpy or DotPeek.

    public static void ExtractFile(string apbx, string file, string targetDir, bool recursive = false)
    {
      if (recursive)
        APBX.RunCommand("x \"" + file + "\" -o\"" + targetDir + "\" -p\"malte\" -y -r");
      else
        APBX.RunCommand("x \"" + apbx + "\" -o\"" + targetDir + "\" -p\"malte\" \"" + file + "\" -y -r-");
    }

    public static void ExtractArchive(string apbx, string targetDir, string exclude = null)
    {
      if (exclude != null)
        APBX.RunCommand("x \"" + apbx + "\" -o\"" + targetDir + "\" -p\"malte\" -x!\"" + exclude + "\" -y");
      else
        APBX.RunCommand("x \"" + apbx + "\" -o\"" + targetDir + "\" -p\"malte\" -y");
    }
link
dijit 1180 days ago
Interesting; Malte is a common Danish, Swedish and Germanic male name.
link
anaisbetts 1180 days ago
Yikes, this alone is grounds to never ever ever use this tool, intentionally obfuscating what commands are being run is malware-level behavior
link
justsomehnguy 1180 days ago
> Set the Archive format to 7z, and set malte as the password

https://docs.ameliorated.io/developers/playbooks/creation.ht...

link
rootw0rm 1180 days ago
password is "malte"

https://ibb.co/BNtHF1X

link
Kwpolska 1179 days ago
Huh, IDA can do .NET IL? Interesting.
link