[柏鹭杯 2021]baby_python(pyinstaller打包后进行了AES加密)
找到主函数引用的文件,然后对应的将其解密
1 2 3 4 5 6 7 8 9 10 11 12 13
| inf = open(r'PYZ-00.pyz_extracted\baby_python\baby_core.pyc.encrypted', 'rb') c = Cipher()
buf = c.decrypt(inf.read()) buf = zlib.decompress(buf)
out = open(r'PYZ-00.pyz_extracted\baby_python\baby_core.pyc', 'wb') out.write(buf) print('written down %d bytes' % len(buf))
inf.close() out.close()
|
[原创]Python逆向——Pyinstaller逆向-软件逆向-看雪-安全社区|安全招聘|kanxue.com
另外一个可以参考的脚本
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
| import tinyaes import zlib CRYPT_BLOCK_SIZE = 16
key = bytes('MySup3rS3cr3tK3y', 'utf-8') inf = open('baby_core.pyc.encrypted', 'rb') outf = open('baby_core.pyc', 'wb')
iv = inf.read(CRYPT_BLOCK_SIZE) cipher = tinyaes.AES(key, iv)
plaintext = zlib.decompress(cipher.CTR_xcrypt_buffer(inf.read()))
outf.write(b'\x55\x0d\x00\x00\0\0\0\0\0\0\0\0\0\0\0\0')
outf.write(plaintext) inf.close() outf.close()
|