Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import base64
- import dis
- import marshal
- import zlib
- # NB: Paste the string that the tracker.py script tries to load and execute
- PAYLOAD = ''
- l1 = marshal.loads(PAYLOAD)
- print("Names", l1.co_names)
- print(dis.dis(l1.co_code))
- l2 = marshal.loads(l1.co_consts[2])
- print("Names", l2.co_names)
- print(dis.dis(l2.co_code))
- l3 = base64.b64decode(l2.co_consts[2])
- l3_str = l3.split('"')[1]
- l4 = marshal.loads(base64.b32decode(l3_str))
- print("Names", l4.co_names)
- print(dis.dis(l4.co_code))
- l4_str = l4.co_consts[2]
- l4_bin = base64.b64decode(l4_str)
- l5 = zlib.decompress(l4_bin)
- l5_str = l5.split('"')[1]
- l5_bin = base64.b64decode(l5_str)
- l6 = marshal.loads(zlib.decompress(l5_bin))
- print("Names", l6.co_names)
- print(dis.dis(l6.co_code))
- l7 = base64.b32decode(l6.co_consts[2])
- l8 = marshal.loads(zlib.decompress(l7))
- print("Names", l8.co_names)
- print(dis.dis(l8.co_code))
- l9 = base64.b16decode(l8.co_consts[2])
- l10 = marshal.loads(zlib.decompress(l9))
- print("Names", l10.co_names)
- print(dis.dis(l10.co_code))
- l11 = base64.b64decode(l10.co_consts[2])
- with open('deobfuscated.py', 'w') as f:
- f.write(l11)
Add Comment
Please, Sign In to add comment