*This writeup is notes only at the moment*
First decode
import base64
import zlib
def deobfuscate(text):
# Step 1: Reverse the string
reversed_text = text[::-1]
# Step 2: Base64 decode
try:
decoded_data = base64.b64decode(reversed_text)
except Exception as e:
return f"Base64 decoding error: {e}"
# Step 3: zlib decompress
try:
decompressed_data = zlib.decompress(decoded_data)
except Exception as e:
return f"Decompression error: {e}"
# Check if the result is valid UTF-8 text, if not, return the raw bytes
try:
return decompressed_data.decode('utf-8')
except UnicodeDecodeError:
return decompressed_data # return raw bytes if it can't be decoded as UTF-8
# Example usage:
obfuscated_text = "==gP54lIP4///+M/1+GMvNce/fWcVLH/MInNnz3h23iJeQkC6MKwEMMnp7Be7eNbVOK+HAqgHAvKs2ZQCIdwiGMoyFlmRZY3D9myD9RsxDdcXHVY7KBHsx5vQySZbN6k/aOdLYcll9Y1ylgMhIcOHvxOHtpJHCFnycqVBi7RdrOV28RuwNLHdOvfik1LfphPAQPtQX06GvY1E4opz8haLDIS8aY5Y/1H0VsprNhdPWlkQ+0a5fSSTdL62zidNlzFLPylO8NaDvxS16+3YOnAfdnXVfZmcxnX2SaFBcxXljsXcnL3Xkz1+PdsPqDV8agbiwk4AHawNYtdfUOqYNmcq5UI4bWA+v/8iXO9FHe2q8jo6ev/SpNXxf5K8NqSW0S2Ome080y4i0D/SnMVqUv7VAbusmOjycRH7d1vK1Xww7trN3YmGjVRDaVM1Wos88jZNlQq0cb8E9bUGVem3/cN3LU8B00xLGogRHNy/U5dWeOp+oo4ZEORSCsRwcsDXp/z2j6hQQZk2XuVeBDSMGTkIehhV/e9Q3epFnVWCHb7R3MUcv54kxeni8M8FcbWWQLPiogpVyvPWOnuZblrgsjCuLTJjSuTSUqo1RrcON3NfaMZCYr/6UIIv+Chnis+5X5PPiS2Mg+mO92XklpyIkXXunlweQWBqLTcrmxTbXWkBQ972jdwq4qVZHgdkIOEKFTybG3zLjGcVAvwjWJDx3wSf915V/A9j2yvwilazWb0LLD2/MVciG6XjJAzTelzRhqCeHFU+hovH3cG3vPh9WBr8Qsx+1AArJtGyJ3NRpsq2kcYARwACyXSZFBz5qM28fJ1eT8caDPLjA0cV9VotGWW1s5V9zNucji6XLZS15RVDgRF70wr4iTVJ0g9goZ4HrzvWiBllUsIa3vtxXxQIMJ/2a3BSPPALDdmQ2p/CnvFTEfVNkyN8K1Ct+ekC7ZSroVyHRbR6R53CXRyiPqcbpPYLwG7vXcguZ1RZjOqO6zypj+FnFT+hZ0He7VqEdNaDX2Aybjk5HcE7YlItp5z+az5wlVmj2pBQtUY/HnduQuYRZeETv26LBkMgNM0HgDIzzp32nC5RglqR5KlJU+JfbLl19qyH57fu09WwhEWKDJHJh8Z297Z9AMGHFicnh8XF1S70VnPP5QkH+3E7Wj3sQC6WZp6xhf25GTzM0yLB49vx1Aerec+LVphO+nV56jncQOlyyRWQkWnJgvx3hD27n+Z1zW12KRILUgxbTLVyEPJf8+QGX2groetPE+iNc4R9IheY4KHQC0rXsQ+CxjC4JrbgoOLDTovnvWv1cEfm7DnJJR82LFEYLd++XyqWDBbGlfKVAZEnTOj+QG6YEwIthgJGyNuMyKW+DqyX+5AcZgbUudd1l3LhTXD5wL/ShFKX9fUVAUpO7gUz2YRUmsaLRwvU2lc3iTqjwEPA3YlxrUUZC4FReqSZV+fc5yOOnU5rYqlDaCM63c+sVtiYSc0rpIEv2CIwp5j38CE6Ztzhhg1bBoRaV3TWzNLpwGFI792ntWXZGHssJAq3qFs1cMe9suBgVtLHDwHI7A3PRt4rBnUTMCIP9OjgQMtk+LJ4aASFxnehHZisnmLikBxaZ8haJ78Nmc2Z7Pq9TIAYt9XeGuBO45ch8aSYkVXGPGAQF+5Kj18vKoI6VVYoSBgZg7H1hbtN75oDs9ddThNHNMU8/AZJZaZmFDSDmXduC1OGmynagT3in+1k/stCgjOqg7UMEPspQejIhe/PCsl38kxaqMq4IcgatWvo6Cmb2ya2VAM80Yc5shLejZc5LA7I9BpBo0fiybIPUBud0I1wEf842SSZTVmsAOKggNamtLRcTjw0tzL07Y+qQIJ7HUx43i98WPZBp9aQ95so3aA/9cnWd3/o8zSVWk9GYBE3UTlaasTz3tIXrdhjioVIOeZpnJrad4w9ucWcSTyLZkR2i+gPkTuZ3NByuQ+0tNWy+hZk54DFO3HN8oWKeFBrMOqgtevNkcsTb+fDVIVCDJ9i1Rp3yoVyL6rIOGmKzbQLGZH3EL8qvVMldUM4PQZ8Ju/0v9yt2bd1VAaS1blPZf/uAEdRLWv9cvGHLpwNrUxy4yVsWd8crvRxpsjHLqZKtLasXy/KIvwN+noEBdTnOeDYto/T55qpTpDNA1Cbbmpjq/N5Rc8YJ7shmQoG8j79bjxLrodOdr2Hnm9WUJAk/F8ODJ8ZjxkYK/nceiATNRr4oNQi/K+L2zZ5dRy7OKnVMvRiDvgGUuU1OIndlSqGn0EfxphEVp8dXSkQZbtdmPjy8CcSCB8anU4wIntYWYpuXcoQzhl/sdePN4Rz2I5EHJkvDtcjOkOcgQKYwfNBMB45jbRpgzh/EuhUK74Gn4RUg2JCQu3Gzes6t/IakbyvdDmDXjXqmbPURR8baGNRPBymSosVjVq8xvj7Ma/VgxFx0JWXrGrqR5sQahStYvPLRbTnSxG/gBQtwHuviVgVJO6qyhkLdWmF+gvfdc1PBY4Y/12J4H6U2qxdpsESMY97Ch3zpDKsdVVdMXGkv9E7+d+mqqEGbm/zQZm9zmrxFgVPLrsR4WoUQG3eiFHBkcUzwjUBuxTKcw+AFW75rgY9d2nsoDh1wwVAp1tpral6PHwLcLvtc6zrR2wMH1jhAqFIkCjdnsWWJACiOfF8wZlhzQ0RYLIRKr19RptpJwuMlWHyVacue5i6IbeclG2FtB0IOixLtPwTNWSPyT32ePyQKbXxsb8f3VGSM6tvziBwT/8jAq7xOybhqOmFBkOZmegpUR/JS4ktMdb9gQ0F1Hxjta4jhSAw8KfrTA8HERFop1AYnMCfYiVPod8Z3926wjQeVLuJssljQdfz7sJ/9noT09yAY+/EobsTiIBaIcS1o33m6AMrnvsO6cxw4C1y6a0aMCOgpYfHOW6EkDX2BXaiPG6ea+Rrih0nYTvZSoWhm1MelaELQnfbEtsDsbcVJifEWbKuXpHhjAvXnHPrT8V9BaC8L7VkVlCPbJUvFh2YhiSEkWOkq9xCX995VtqVu8mnhBh3Z+k8VzWeGKVOAvVvDi8ZsvVpQd8TBab0fh9EIJge+GWE4xDDvgiEEWrQxlU2Lr0ywAcMcm6/kgGf0EXLXyPyGQdxLqfRg6k2i4e8oOn14jw+z6EZM450mNUOkaeu5sS/UizM2esu6hozgL9FyG0UtHZ4bHr9rUFz4QsIfrJOGLCSuBNpLoYLrrTK4ZgvIRXDcAzS7pC+iYFDym8cL1kyEf0xyG9xkU73LRrwg3G3Bv78yAHgUO5Sj2ywv1AmcDDuWKhKthjPO2n7uk50fnPp1i+H4dpwuyfZifJBUKEn88wq2l9R/pWudluASW3gA/1TPaR3eAFRVn/1sZBUQk1BOJ1ZRKpZCcOFx4uapAbem8Ny5sC9ZfNn2lrkIXSVaLF6r8yMygk/xthvalY08iqqZE9JJrjV9lFRq0BLw9GjJMnAq1CaYynmbp8eUnpXOW6hloHollTUY9Ch5E0TfcMbqArxTqyOHsdi7HvMrBB7K8Hfu5MIQPzM5U861/GChGhfF8iLRzZG5iV9HuISlAEnQogawRXWp3yzDTYFDK+iK4s1L+/wgZS/izs8gnQSl/bOfXSIXvSVt5rYMeKYOOV9Xg2+0adYfcTyE65SxVenU4MzOQyWZzV+GaOxxLC1ETY6twrKvF0Pe507Mx6jt1U3ML7Uch+LBueLkRcT9s8QqF1HaIbxwZX+scOD7Bu374QH2jdVRHrwQCbmxVAXHNFuCXEYLGSorb0nJuVrowhOLorYQwPtDfyJACiq//SvNbTgALO1D+0PTLa2A507kqx1Pm0BNG3z5DBWu2dNsXCaCGvxTSaLDtetAonB+lR9LiTGu46t+TJ3CubQ/LKVG0ZbAhhEAEZmDA9wJTABWfX/3LJmedCmpXLkX6aajpOfOtFtmlGR69QMEpsygFZHNSAe7cfOboh00aPVxfDNhf4Uw2GezXy38r1pLt9PJ1NtSAABY0jSwX+fa/T77//fe+/y8pKO7pZ0RFdtp73+57szAR2Jr46xwEmGK0Zn9DRSgUxyW7lVwJe"
result = deobfuscate(obfuscated_text)
# Print the result (as string if possible, otherwise bytes)
print(result)We end up getting a lot of the same data re-obfuscated over and over again.
Recursively decode
import base64
import zlib
import re
def deobfuscate(text):
# Step 1: Reverse the string
reversed_text = text[::-1]
# Step 2: Base64 decode
try:
decoded_data = base64.b64decode(reversed_text)
except Exception as e:
return f"Base64 decoding error: {e}"
# Step 3: zlib decompress
try:
decompressed_data = zlib.decompress(decoded_data)
except Exception as e:
return f"Decompression error: {e}"
# Return the decompressed data as a string if possible, otherwise bytes
try:
return decompressed_data.decode('utf-8')
except UnicodeDecodeError:
return decompressed_data
def recursive_deobfuscate(initial_data):
current_data = initial_data
while True:
# Check if the data starts with 'exec((_)(b'
if current_data.startswith("exec((_)(b'"):
#print(f"Found exec command, further deobfuscating...")
# Extract the content inside the 'b'...'' part
match = re.search(r"exec\(\(\_\)\(b'(.*?)'\)", current_data, re.DOTALL)
if match:
# Get the obfuscated string between the single quotes
obfuscated_string = match.group(1)
# Pass it through the deobfuscation process
current_data = deobfuscate(obfuscated_string)
# Print the current deobfuscated data
# print(f"Deobfuscated data: {current_data}")
else:
#print("Pattern not found, stopping recursion.")
break
else:
#print("No 'exec((_)(b' found, stopping recursion.")
break
return current_data
# Example usage with the initial obfuscated text
initial_obfuscated_text = "exec((_)(b'ouxZT93++//PyXJuBvL9iUwrGNxyw/hIEtOnh1zfk9IhMK3okcBwVAHX7WeAHMZllcj7K7fqPAkuL/aQqfIci3ubZCia79siUwz/V2lC9l/c7V6VMEYMud8e3Dp9SVUieDnqqy3WRZGOmUI0xVBdk/Tc92ZTTVno6QqWsPoGEDbRStp2atqTmnjuaW9M93kcaVyTC/d7NNkieUvj6VZW7Wykz2+lvd9clf4dq6OP9LFRGFWj61cIdXzj+CbMr7+lq9fejkC50RTxSTACRpsnvCMlrMT2gKVaDxxfCbB/T/y7Uv0VsoTo8rhQLnBo9vU29raDqp3v4Y8lEDMvRWLsfQ4fHlAsAdTGTCZgcWInntmjjiLmQd9xfmmbImmYqrPeGgmCGwcDrcpe05YoB5DrG4EoOYqzPVddz0pRA4NzbkBJpR900ExVF67G71swIvALAKPKY/OX2KEiXOkFwZN4NT6NboxO2DS63VoDLu5QdBoInKDBJ1NYCD90s84p4hdRedKT744axQeNPutHraczKFMp3d/CID4r1kEt387PDffRIrG9r7KJUEhFbgqMHkzGH+mpqBU84reZZtZSQgag4zzI5BCw7BuBa/PsH4Xc+CN7GKP8xb/Pn6ddBbhUvv88C1idhL9vlx2jnM/LTerKkb9QweJlOU62Ih/G1xoOq+raTz/Ui7NxwXycpisumk3mr36WeLIlw4H+rVOb97NDHVWlM5gj5yrlD/afZSyk7FWTQFhL5ebGa5PTQMBE6kfVxeNclM3pZTZ0xf1ZjvPAVnuNh76W4j97rXRPtNaEeLufs1uBk3EKQI7TCuX8xChQQb9cGUXZujpy8j+JBakDVo4EPkv4zJWngcbx6ijG8m1xXmyS+7kuGPNqNU0m6UXko4+RM7XKbivIS/Jg120YdMUVx2+qwD60ZZ1Up3yh0uITJnYJko0T0TwI5j/J0kCqK5rGoym0ARroeq8gJosUJdU4iZhu920Z81Gs2TlIpzPWJ2sIbcxV0ssIFvuuDSNv6EwmIjxeKZ9xXJISjt0Q3w1xLP2F8kKNBEfpEoBvrRXKAPk2ok6kY6xh5BmqC22kYRBxdVluX92KveeKv/a4uj8QDvtMtAkrkJZZWg/+6uAPjZ5zoV4cSu09OF67ccsmLXBCc61iPy6FtjQSsBmvstBH7x02bBt0p9J2Fl/u/gcsf4E+eYEzgY2SyFFMWTKrLPN716syF8EAkAgV3F18k0zr74jt9XNuT5h/ewyj8ZH3qymzw4LGP2XUTrsNutnKBa+ToInxEF0yXX4uMvcZqRpTaqYfJCj7MnsI0KQGbzPpr7/4r6Xo05fHZxfAy322/fKeCwANEEP+K2xMdolnQKxzKpDTsE+xuUfJKLwJd0vY0h6JlpzTPzFa0UitM0sz/ExiX/GYoAXeC+C/euCnMdWLP6HIsoPd0CSHPxeNCMXUT4Z8g9DOys6rnTMogXfvYMILAuw0BrklIW6IweYiGZLUe1QzWj5+U8gt744tIAooPGGR8djYqI0BTdvUKV2AUblIRiZKvHtsrXZp/CPIfmfgSMqRmcEAJ3K7f52OUGdqJee0nXTF3aYBhmuEJLZvfkJNWYDNwGRvhMbzkFejmkNCVRVhIRIXmtvPIhADzR6u8IEwDVzF+JWzAGVVR9b3XelLwWAGFZyYbxK1uHrszB7l3li4wpi0AifR4ExZiWtEZWsdb4AOugKp8XPGwHvZXMHcvn77YaNGvCR4iGfSVEEy5MhzdCRLSZzXTugoF5OfC/9MuPu4IVRWoxetoZY2r5W9b5OXR+fKWkajBQwL7jISBYQ9ysOA296EjPbYITFosMktg8oQTV3K1VInzfxuH0Z8g15uQ696ZLzhIBDIDzZBmQSIbN3ts3HYb7UCtzgBTepH8BGhpB7tqYkk9q4Xnt0S9ykxfbyGWPVgfvyiSDQ9sy5DfQ+5toXedoPJlzBw9X7pM6yImc42UJ3HrdmwPKtFXx7EnfWlkucntrHh9sL/WL5q01fIJgmhDYCdU/m7bQtHFgQ9eOVbZ3sBohutM6jrhH3eGNMRoKcTtU0i4ho9prC6iEYXp8sqdascjH4hqBNr/1ElBy3IvLt8UOufjUDzV9ILoUZ8qaj07fxyQwEUdt9U703Ics2kyBljEnlw6iqb3Wh23+RpbGfQZgESYtxA8w4t5PYlW1q3goF+7UVGBp0UYWawSBXRYg2x18/jqgHN4LEJkSNPVIAR3JBNMOLMpVUYUXtaMZxd4muWa1fdj1X+rzNDqnvDSYXmxnY1j/HgLHr07FYBHAhZHT/z3MU2r33ssQT/XkBcKYiSx1hl+a+g1JGxX6DgcYGcoltI+Mo5SHEm7Th7cD9VlEwoyQMp+2Bz8kxsBnSYcefqlhPpFo06vGmk6mACk5q27A+vGUe8KZM6MzsL/MbEa/rhYaUZSj+cx+54vJMAlPytDRSM4gLP8d/h4mpoSPsBikMbI4pdP5QLuJnpm+CpqX2AuiPx2TcNtg6R0Kcf28Ci3ZMndqNiDrPz4Ab0phjeHnHcjCWqOeueGuMcd+Nb8IdzehEAxAhGJ5CqCjXcy6B7KZnbXhRq8R5Ca+fX8A8w4Vpa5uwCK/S1zZyLJrrIjo+SM5opfM8MWTIm5HiWN/0rm6+M3nNxAGUcX+bda7yXBVWgqPF/WLMr27HU5e2ZRkYCURJNTvsCzZC4P8t6w7dxd5X3Dv5FvVEGRCdlk73umRBWdleCwJyH/ebD0ydWL5eWIKwQ5EP26ZBiKQJOPLsmhRwbAUZ9bK07dtHGZcC5axcKgzRK4epeWYDYqW5Ugs+TadMKRNCoMOCJraf3nEpTvoSnDwWXL1nU8tjiwGXzWDbHdHX4+CxukqjuWCGC+aH4W6Crgip07f2eziRIiksnIxVIjhIfYIEHnYTycCT01c+3tMAb+KagvrL2AxIY2wdsFsO4pVeVjRKNbVwcQ5soKQN2Pin6Vuy7Q2O/HMMiqZIfyDUlmEpOAujVLayBxRFILbz7fSd4YyoRrp+NUrZw3FuCdEkqjLf6iteBPq77uEtcsiS/8DTnIh8fDn4XUEszu0NZ9pl1DGz/jQHOG6MJF5iizida5G36lpg4zC5KEFkh70f5/sqhBnd4A0fT8vGGTiL31hSCwsnvKHIBPlkqJNl3X4VTium4yaUGUYPcCbRFBGFxVt/+/Epbr8fc3SXRc90Lg+3VOMnAxBPXy6SZKvotspFUVf8Tq+JXcDfnHB+mkf3FMw8O1PNemSQbflp4ia7eUtJUDyUKaMFuWItf45q+R9PUc5QAc48EEYZYS+HQIvfZ4Bi5QAR/2prsuH4g57XkE2olWoHkSHlVeo7ByToahXuWBXcYzJAzkXU8Ezcf0I8tT2g2o5xybRu7mQL6i8ZCFDXpXMwf4t0CgJBgjRpkWOeNJ/2D0qdbjrV1OP7RbuBYw7r3KRLQmf5BHJ5GrtLLzyKly+Y2mWX7/YpqIwU2a6FlXgUugOeltlmX+pZXWuW5ILlaurcjfUlHXti/VS5Yhd0DEjzhxzzNer88OZIUraZg6KHBz5XQEqhMqMB2BARoMrQfyWx5U8LwqQqmp7WY9bhv4q1kLfWJ7eNOxFATpD6jLRNjpP393DiHeYoeQGcItfFUmIbtTY9vS5oyy4AblO2RaNCmWdJeqNiqr250VPCN6Yhl5eIjTAQakOjRv1jSCsdHeAoo/I2gPy5mqAyBKySspVNloyjyQeQ449UQWptbcpHaZs4YT9yjJ7RZ6Jl0IbfxKw6qbKY9kYv4vSWDF6/pqQto4Jm68kFMyTX0npk+5mMzkGPF5wDjHYB1estQ0eLjz6SVKgaH1Z8tKHNtioMtum1W2nEHfkmefaYp0ucOuC9iImd2UEsrC2YSWdggYVjDYUY0IOr3ShAIhmGR0lP9/eP//L7ff/O///T+UmPZrvypTT7Ruln+1mJmE6cWZi4YaURwMc4/zcJRSoUxyWzlNwJe'))"
result = recursive_deobfuscate(initial_obfuscated_text)
print("Final output:")
print(result)
flag{2543ff1e714bC2eb9ff78128232785ad}
Killian Sherer 