This post is by a banned member (Blepop) - Unhide
OP 03 July, 2022 - 06:58 PM
(This post was last modified: 03 July, 2022 - 07:00 PM by Blepop. Edited 1 time in total.)
someone sent me a code in eval
any way i can decipher it back to normal code ? the code: https://paste.gg/p/anonymous/37902b94620...440ba8bf8a @clap @
This post is by a banned member (straipie2) - Unhide
03 July, 2022 - 06:59 PM
(03 July, 2022 - 06:58 PM)Blepop Wrote: Show More page is not longer available ![[Image: e3oKtX1.png]](https://imgur.com/e3oKtX1.png) ![[Image: ZEDanVL.png]](https://imgur.com/ZEDanVL.png) ![[Image: PfSeCcZ.png]](https://imgur.com/PfSeCcZ.png)
This post is by a banned member (Blepop) - Unhide
(03 July, 2022 - 06:58 PM)Blepop Wrote: Show More @clap @ANG @UberFuck @tufaahhr] (03 July, 2022 - 06:59 PM)straipie2 Wrote: Show More updated pastebin is shit af
This post is by a banned member (01270) - Unhide
03 July, 2022 - 08:44 PM
(This post was last modified: 03 July, 2022 - 08:45 PM by 01270. Edited 1 time in total.)
@Blepop I don't think it's possible
I also tried long time ago to decode it and I search every where I found nothing  But if you found a way tag me I need it af 
![[Image: standard.gif]](https://i.ibb.co/r5t4jqC/standard.gif) SEARCH THROUGH THOUSANDS OF COMBOLISTS EFFORTLESSLY.
This post is by a banned member (clap) - Unhide
03 July, 2022 - 10:16 PM
(This post was last modified: 04 July, 2022 - 08:36 AM by clap. Edited 3 times in total.)
@Blepop
Unpacked file: https://anonfiles.com/1dG2D7ucy2/unpacked_pyc Here's the obfuscator he used: https://github.com/caturmahdialfurqon/encrypt-python3 (very shit). Lmk if you have any other challenges, this one was shitty (was just marshalling, base64, and compression aka zlib). Always confirm via PM before dealing with me.
This post is by a banned member (Blepop) - Unhide
OP 04 July, 2022 - 05:14 AM
(03 July, 2022 - 10:16 PM)clap Wrote: Show More wtf was that nigga i dont need no source i wanna know how u did it i think this comes only with expereince checking the output like how its formatted , guessing the obfuscate and then hit and trial to deobf. you must have used that deobf script before , so you re able to even figure out what tool he used  big brain i clapbooty nice nice and what tool did you used to deobfuscate it
This post is by a banned member (clap) - Unhide
04 July, 2022 - 08:10 AM
(This post was last modified: 14 July, 2022 - 09:46 PM by clap. Edited 12 times in total.)
(04 July, 2022 - 05:14 AM)Blepop Wrote: Show More Nope I've never seen this obfuscator, but it was really easy to reverse. Here's an unpacker I wrote for it: https://github.com/iclapcheeks/Straight/...s/Encrypt3 Eval/Exec functions take in a code object, this can come in a couple of forms but the most popular are normal source-code or a marshalled object. In this case the user was just loading marshalled code after decompressing it with zlib. You just have to back-track and you'll be fine. I might make a deobfuscator for this, dunno. If you want to get good at reversing a language, start by learning how the language works and writing programs in it. It'll help you out when you're reversing, as you'll know exactly what does what just by looking at it. I'll give you an example: Code: eval((lambda ____,__,_ : ____.join([_(___) for ___ in __]))('',[95, 95, 105, 109, 112, 111, 114, 116, 95, 95, 40, 39, 109, 97, 114, 115, 104, 97, 108, 39, 41, 46, 108, 111, 97, 100, 115],chr))Let's go through this step-by-step. 1) We see theres an eval function, but we can ignore that for now because we know it'll take in a string or code object. 2) A lambda is created, what is a lambda? Lambda's are anonymous functions, so we can already tell he's using this function for something. 3) The function takes in 3 params, the first one is empty as we can see when he calls it he passes in the following arguments ('',[95, 95, 105, 109, 112, 111, 114, 116, 95, 95, 40, 39, 109, 97, 114, 115, 104, 97, 108, 39, 41, 46, 108, 111, 97, 100, 115],chr) 4) The first function is what the list of strings is being joined with as it's being used when calling "string.join(args)". 5) The second is just a list of numbers, which are ascii character codes. 6) The last arg is the builtin function chr. This function takes in an ascii character code and returns its normalized ascii character. 7) Okay, we know what everything does now let's reverse it. 8) The lambda is being called with the args, we ca just take the list of numbers and write our own program to get the output we need. 9) Running this code snippet returns "__import__('marshal').loads" 10) Now you know how basic static analysis works with Python. Hf. Always confirm via PM before dealing with me.
This post is by a banned member (Blepop) - Unhide
OP 04 July, 2022 - 03:28 PM
(04 July, 2022 - 08:10 AM)clap Wrote: Show More that really helped , quite neatly explained thanks af |
| Create an account or sign in to comment | ||
| You need to be a member in order to leave a comment | ||
|
Create an account
Sign up for a new account in our community. It's easy!
|
or |
Sign in
Already have an account? Sign in here.
|
![[Image: G3RU3aI.gif]](https://i.imgur.com/G3RU3aI.gif)
