Lmk if you have any other challenges, this one was shitty (was just marshalling, base64, and compression aka zlib).
wtf was that
nigga i dont need no source
i wanna know how u did it
i think this comes only with expereince
checking the output like how its formatted , guessing the obfuscate and then hit and trial to deobf.
you must have used that deobf script before , so you re able to even figure out what tool he used
big brain i clapbooty
nice nice
and what tool did you used to deobfuscate it
Lmk if you have any other challenges, this one was shitty (was just marshalling, base64, and compression aka zlib).
wtf was that
nigga i dont need no source
i wanna know how u did it
i think this comes only with expereince
checking the output like how its formatted , guessing the obfuscate and then hit and trial to deobf.
you must have used that deobf script before , so you re able to even figure out what tool he used
big brain i clapbooty
nice nice
and what tool did you used to deobfuscate it
Nope I've never seen this obfuscator, but it was really easy to reverse.
Eval/Exec functions take in a code object, this can come in a couple of forms but the most popular are normal source-code or a marshalled object.
In this case the user was just loading marshalled code after decompressing it with zlib. You just have to back-track and you'll be fine. I might make a deobfuscator
for this, dunno.
If you want to get good at reversing a language, start by learning how the language works and writing programs in it. It'll help you out when you're reversing,
as you'll know exactly what does what just by looking at it. I'll give you an example:
1) We see theres an eval function, but we can ignore that for now because we know it'll take in a string or code object.
2) A lambda is created, what is a lambda? Lambda's are anonymous functions, so we can already tell he's using this function for something.
3) The function takes in 3 params, the first one is empty as we can see when he calls it he passes in the following arguments
4) The first function is what the list of strings is being joined with as it's being used when calling "string.join(args)".
5) The second is just a list of numbers, which are ascii character codes.
6) The last arg is the builtin function chr. This function takes in an ascii character code and returns its normalized ascii character.
7) Okay, we know what everything does now let's reverse it.
8) The lambda is being called with the args, we ca just take the list of numbers and write our own program to get the output we need.
9) Running this code snippet returns "__import__('marshal').loads"
10) Now you know how basic static analysis works with Python. Hf.
Lmk if you have any other challenges, this one was shitty (was just marshalling, base64, and compression aka zlib).
wtf was that
nigga i dont need no source
i wanna know how u did it
i think this comes only with expereince
checking the output like how its formatted , guessing the obfuscate and then hit and trial to deobf.
you must have used that deobf script before , so you re able to even figure out what tool he used
big brain i clapbooty
nice nice
and what tool did you used to deobfuscate it
Nope I've never seen this obfuscator, but it was really easy to reverse.
Eval/Exec functions take in a code object, this can come in a couple of forms but the most popular are normal source-code or a marshalled object.
In this case the user was just loading marshalled code after decompressing it with zlib. You just have to back-track and you'll be fine. I might make a deobfuscator
for this, dunno.
If you want to get good at reversing a language, start by learning how the language works and writing programs in it. It'll help you out when you're reversing,
as you'll know exactly what does what just by looking at it. I'll give you an example:
1) We see theres an eval function, but we can ignore that for now because we know it'll take in a string or code object.
2) A lambda is created, what is a lambda? Lambda's are anonymous functions, so we can already tell he's using this function for something.
3) The function takes in 3 params, the first one is empty as we can see when he calls it he passes in the following arguments
4) The first function is what the list of strings is being joined with as it's being used when calling "string.join(args)".
5) The second is just a list of numbers, which are ascii character codes.
6) The last arg is the builtin function chr. This function takes in an ascii character code and returns its normalized ascii character.
7) Okay, we know what everything does now let's reverse it.
8) The lambda is being called with the args, we ca just take the list of numbers and write our own program to get the output we need.
9) Running this code snippet returns "__import__('marshal').loads"
10) Now you know how basic static analysis works with Python. Hf.
that really helped , quite neatly explained
thanks af