最近一直再解密一个东西.到了
marshal.loads(zlib.decompress(urllib.urlopen(url).read()))
就没办法继续下一步了。中间休顿了好久.今天碰巧看到一篇关于这个的文章,记录下
主要应用的是 uncompyle 库
网上增强版众多,有机会还是得深入到原理去学习一下,以待自己能改进.
stackoverflow上面看搜到一些答案(多去多收获啊….)
http://stackoverflow.com/questions/8189352/decompile-python-2-7-pyc
下载库文件
https://github.com/wibiti/uncompyle2
安装
python setup.py install
—————————序列化导—————————
import uncompyle2
import marshal
co = marshal.loads(zlib.decompress(“/x/x/x/x/x/x/xx/x/x/x”))
f=open('/tmp/testa','w');
uncompyle2.uncompyle('2.7.3',co,f);
也不卖关子了.直接贴上
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import urllib, urllib2, marshal, zlib, time, re, sys
import uncompyle2
#第一访问
#re = requests.get('https://www.bugscan.net/0a772492fbe89800')
#print re.content
#re = urllib2.urlopen('https://www.bugscan.net/0a772492fbe89800').read()
#print re
'''
#第一次的结果
#!/usr/bin/env python
import imp
if imp.get_magic() != '\x03\xf3\r\n':
print "Please update to Python 2.7.3 (http://www.python.org/download/)"
exit()
import urllib, marshal, zlib, time, re, sys
for k in sys._getframe(1).f_code.co_consts:
if not isinstance(k, basestring):
continue
m = re.match(r"http[s]*://[\w\.]+/[\?\w]*([0-9a-f]{16})", k)
if m:
_S = "https"
_B = "www.bugscan.net"
_U = m.group(1)
_C = True
count = 30
while _C:
if count <= 0:
break
try:
exec marshal.loads(zlib.decompress(urllib.urlopen('%s://%s/bin/core_new' % (_S, _B)).read()))
except:
time.sleep(240)
count = count - 1
break
'''
#从结果里面找到的
url = 'https://www.bugscan.net/bin/core_new'
data1 = marshal.loads(zlib.decompress(urllib.urlopen(url).read()))
f=open('./bugscan.py','w');
uncompyle2.uncompyle('2.7.3',data1,f);
参考:
http://wcf1987.iteye.com/blog/1672542
http://www.blackh4t.org/archives/969.html
标签:none
是某扫描器框架里面的pyc文件吧,嘿嘿。。。
嘿嘿嘿..就是Bugscan
插件有没有解密呀?呵呵!!!好像被混淆了。。。
哈哈是的