Use pycryptodome instead of numpy for obfuscated download (#733)

Author: psrok1

mwdb/model/file.py

@@ -4,8 +4,8 @@
 import shutil
 import tempfile
 
-import numpy as np
 import pyzipper
+from Cryptodome.Util.strxor import strxor_c
 from sqlalchemy import or_
 from sqlalchemy.dialects.postgresql.array import ARRAY
 from sqlalchemy.ext.mutable import MutableList
@@ -280,30 +280,25 @@ def iterate(self, chunk_size=1024 * 256):
         finally:
             File.close(fh)
 
-    def negate_bits(self, chunk):
-        """
-        xor data with key equal 255 of length of chunk; using numpy
-        https://stackoverflow.com/questions/23312571/fast-xoring-bytes-in-python-3
-        """
-        key = np.frombuffer(b"\xff" * len(chunk), dtype="uint8")
-        chunk = np.frombuffer(chunk, dtype="uint8")
-        return (key ^ chunk).tobytes()
-
     def iterate_obfuscated(self, chunk_size=1024 * 256):
         r"""
         Iterates over bytes in the file contents with xor applied
         The idea behind xoring before send is to prevent browsers
         from caching original samples (malware). Unxoring is provided
         in mwdb\web\src\components\ShowSample.js in SamplePreview
         """
+
+        def negate_bits(chunk):
+            return strxor_c(chunk, 255)
+
         fh = self.open()
         try:
             if hasattr(fh, "stream"):
-                yield from map(self.negate_bits, fh.stream(chunk_size))
+                yield from map(negate_bits, fh.stream(chunk_size))
             else:
                 while True:
                     chunk = fh.read(chunk_size)
-                    chunk = self.negate_bits(chunk)
+                    chunk = negate_bits(chunk)
                     if chunk:
                         yield chunk
                     else:

requirements.txt

@@ -28,4 +28,4 @@ pyJWT==2.4.0
 Flask-Limiter==2.1.3
 python-dateutil==2.8.2
 pyzipper==0.3.5
-numpy==1.23.5
+pycryptodomex==3.16.0