Decrypts the config file for the Fake-TextSecure Online Banking Trojan.

Decrypt the config file of “FakeToken” / “FakeTextsecure” Online Banking Trojans.
+ The Config is blowfish encrypted
+ The Config is a XML file and contains URLs and Phonenumbers of the attacker
+ “FakeTextSecure” uses the Textsecure open source app to disguise itself

Prequisites:
+ Python 3.x
+ Pycrypto: https://www.dlitz.net/software/pycrypto/

Tested on Windows 8.1 and Ubuntu 14.04

Usage
– decrypt_config.py:
– Copy blfs.key and config.cfg from /res/raw folder in APK
– run decrypt_config.py blfs.key config.cfg

decrypt_banksersecure.py:
– Specify an APK or a directory of APKs as an argument for -i or –input
– run python decrypt_bankersecure.py -i <APK_or_Directory>

decrypt_config.py Script:

decrypt_bankersecure.py Script:

Source : https://github.com/IKARUSSoftwareSecurity