最近一直再解密一个东西.到了
marshal.loads(zlib.decompress(urllib.urlopen(url).read()))
就没办法继续下一步了。中间休顿了好久.今天碰巧看到一篇关于这个的文章,记录下
主要应用的是 uncompyle 库
网上增强版众多,有机会还是得深入到原理去学习一下,以待自己能改进.
stackoverflow上面看搜到一些答案(多去多收获啊….)
http://stackoverflow.com/questions/8189352/decompile-python-2-7-pyc
下载库文件
https://github.com/wibiti/uncompyle2
安装
python setup.py install
—————————序列化导—————————
import uncompyle2 import marshal co = marshal.loads(zlib.decompress(“/x/x/x/x/x/x/xx/x/x/x”)) f=open('/tmp/testa','w'); uncompyle2.uncompyle('2.7.3',co,f);
也不卖关子了.直接贴上
#!/usr/bin/env python # -*- coding: utf-8 -*- import urllib, urllib2, marshal, zlib, time, re, sys import uncompyle2 #第一访问 #re = requests.get('https://www.bugscan.net/0a772492fbe89800') #print re.content #re = urllib2.urlopen('https://www.bugscan.net/0a772492fbe89800').read() #print re ''' #第一次的结果 #!/usr/bin/env python import imp if imp.get_magic() != '\x03\xf3\r\n': print "Please update to Python 2.7.3 (http://www.python.org/download/)" exit() import urllib, marshal, zlib, time, re, sys for k in sys._getframe(1).f_code.co_consts: if not isinstance(k, basestring): continue m = re.match(r"http[s]*://[\w\.]+/[\?\w]*([0-9a-f]{16})", k) if m: _S = "https" _B = "www.bugscan.net" _U = m.group(1) _C = True count = 30 while _C: if count <= 0: break try: exec marshal.loads(zlib.decompress(urllib.urlopen('%s://%s/bin/core_new' % (_S, _B)).read())) except: time.sleep(240) count = count - 1 break ''' #从结果里面找到的 url = 'https://www.bugscan.net/bin/core_new' data1 = marshal.loads(zlib.decompress(urllib.urlopen(url).read())) f=open('./bugscan.py','w'); uncompyle2.uncompyle('2.7.3',data1,f);
参考:
http://wcf1987.iteye.com/blog/1672542
http://www.blackh4t.org/archives/969.html
标签:none
是某扫描器框架里面的pyc文件吧,嘿嘿。。。
嘿嘿嘿..就是Bugscan
插件有没有解密呀?呵呵!!!好像被混淆了。。。
哈哈是的