-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathdeobfuscator.py
64 lines (51 loc) · 1.66 KB
/
deobfuscator.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
'''
Deobfuscate python code obfuscated by Apollyon (https://github.com/billythegoat356/Apollyon)
Author : namdevel (https://github.com/namdevel/)
'''
import codecs
import importlib
import os
import re
import sys
sys.dont_write_bytecode = True
strings = "abcdefghijklmnopqrstuvwxyz0123456789"
file_name = "src/_run.py"
def disX():
generatePyc()
dis = os.popen(f'disx {file_name[:-3]}.pyc && disx {file_name[:-3]}.pyc > disx.log')
byte = re.search("4: '((.+?))'", dis.read()).group(1)
dis.close()
data = codecs.decode(byte, "unicode-escape").encode('latin1').decode('utf-8')
deob = decrypt(data)
os.unlink("src/_run.pyc")
os.unlink("tmp.py")
with open("file_deobfuscated.py", "w") as file:
file.write(deob)
# Show real code in terminal
print(deob)
def generatePyc():
with open(file_name) as file:
code = "disX=" + file.read()[4:]
with open("tmp.py", "w") as file:
file.write(code)
from tmp import disX as codeObject
l = importlib.machinery.SourceFileLoader('<py_compile>', file_name)
sb = l.get_data(file_name)
sh = importlib.util.source_hash(sb)
bytecode = importlib._bootstrap_external._code_to_hash_pyc(codeObject, sh)
with open(file_name[:-3] + ".pyc", "wb") as file:
file.write(bytecode)
def decrypt(text: str, key: str = 49348):
t = [chr(ord(t)-key) if t != "ζ" else "\n" for t in text]
ts = "".join(t)
r = ""
for a in ts:
if a in strings:
i = strings.index(a)+1
if i >= len(strings):
i = 0
a = strings[i]
r += a
return r
if __name__ == "__main__":
disX()