我正在尝试对经过混淆的代码进行反混淆处理using opy:
# coding: UTF-8
import sys
l1l1ll11lll1l_opy_ = sys.version_info [0] == 2
l11l11lll1_opy_ = 2048
l111l1llllll_opy_ = 7
def l1l1l11ll11ll_opy_ (l1111111lllll_opy_):
global l1l11111ll1l1_opy_
l11ll1ll1l_opy_ = ord (l1111111lllll_opy_ [-1])
l1lll1l1llll_opy_ = l1111111lllll_opy_ [:-1]
l1lll1l1ll1111_opy_ = l11ll1ll1l_opy_ % len (l1lll1l1llll_opy_)
l1l1l111ll1_opy_ = l1lll1l1llll_opy_ [:l1lll1l1ll1111_opy_] + l1lll1l1llll_opy_ [l1lll1l1ll1111_opy_:]
if l1l1ll11lll1l_opy_:
l11l11111ll1_opy_ = l1ll1ll111ll_opy_ () .join ([l111l1111l_opy_ (ord (char) - l11l11lll1_opy_ - (l1lll1_opy_ + l11ll1ll1l_opy_) % l111l1llllll_opy_) for l1lll1_opy_, char in enumerate (l1l1l111ll1_opy_)])
else:
l11l11111ll1_opy_ = str () .join ([chr (ord (char) - l11l11lll1_opy_ - (l1lll1_opy_ + l11ll1ll1l_opy_) % l111l1llllll_opy_) for l1lll1_opy_, char in enumerate (l1l1l111ll1_opy_)])
return eval (l11l11111ll1_opy_)
obf.py。 我真的不知道从哪里开始......有什么想法吗?
答案 0 :(得分:1)
第一步可能是使用正则表达式查找变量(所有变量名称都以某些l和1 s开头)。
如果您拥有set个变量名称,则可以使用'a'..'z'重命名为更易识别的名称(例如dict)。
查看这些变量上使用的方法和运算符,您可以识别哪一个应该是字符串,整数或列表。
text = """# coding: UTF-8
import sys
l1l1ll11lll1l_opy_ = sys.version_info [0] == 2
l11l11lll1_opy_ = 2048
l111l1llllll_opy_ = 7
def l1l1l11ll11ll_opy_ (l1111111lllll_opy_):
global l1l11111ll1l1_opy_
l11ll1ll1l_opy_ = ord (l1111111lllll_opy_ [-1])
l1lll1l1llll_opy_ = l1111111lllll_opy_ [:-1]
l1lll1l1ll1111_opy_ = l11ll1ll1l_opy_ % len (l1lll1l1llll_opy_)
l1l1l111ll1_opy_ = l1lll1l1llll_opy_ [:l1lll1l1ll1111_opy_] + l1lll1l1llll_opy_ [l1lll1l1ll1111_opy_:]
if l1l1ll11lll1l_opy_:
l11l11111ll1_opy_ = l1ll1ll111ll_opy_ () .join ([l111l1111l_opy_ (ord (char) - l11l11lll1_opy_ - (l1lll1_opy_ + l11ll1ll1l_opy_) % l111l1llllll_opy_) for l1lll1_opy_, char in enumerate (l1l1l111ll1_opy_)])
else:
l11l11111ll1_opy_ = str () .join ([chr (ord (char) - l11l11lll1_opy_ - (l1lll1_opy_ + l11ll1ll1l_opy_) % l111l1llllll_opy_) for l1lll1_opy_, char in enumerate (l1l1l111ll1_opy_)])
return eval (l11l11111ll1_opy_)"""
pattern = re.compile(r'\b[l1]{3,}\w+\b')
original_names = set(re.findall(pattern, text))
possible_names = 'abcdefghijklmno'
variable_conversion = dict(zip(original_names, possible_names))
# {'l1ll1ll111ll_opy_': 'a', 'l111l1111l_opy_': 'b', 'l1l1ll11lll1l_opy_': 'c', 'l1111111lllll_opy_': 'm', 'l1l1l111ll1_opy_': 'd', 'l1lll1l1llll_opy_': 'g', 'l11l11lll1_opy_': 'l', 'l1l1l11ll11ll_opy_': 'f', 'l111l1llllll_opy_': 'n', 'l11ll1ll1l_opy_': 'j', 'l1l11111ll1l1_opy_': 'h', 'l1lll1l1ll1111_opy_': 'k', 'l11l11111ll1_opy_': 'e', 'l1lll1_opy_': 'i'}
def replace_by_clearer_name(matchobj):
original_name = matchobj.group(0)
return variable_conversion[original_name]
print re.sub(pattern, replace_by_clearer_name, text)
输出:
# coding: UTF-8
import sys
c = sys.version_info [0] == 2
l = 2048
n = 7
def f (m):
global h
j = ord (m [-1])
g = m [:-1]
k = j % len (g)
d = g [:k] + g [k:]
if c:
e = a () .join ([b (ord (char) - l - (i + j) % n) for i, char in enumerate (d)])
else:
e = str () .join ([chr (ord (char) - l - (i + j) % n) for i, char in enumerate (d)])
return eval (e)
现在看起来更易于管理,对吧?