2

I would like to verify that a script its running what it claims. The target script (tracker.py) seems to be obsofucated with this other script (also obsofucated) using marshal, zlib, base64, base32 and base16 because its mentioned in the comments of tracker.py.

I've got to a point that the right path definetly seems to decode/decompress with base64 and/or zlib because I'm following the same patterns I used to solve the first base64 deobsofucation step.

In other words, the following script produces the following output:

script.py

import marshal,base64

# exec(
print(marshal.dumps(base64.b32decode("MMAAAAAAAAAAAAADAAAAAQAAAAAHGNQAAAAGIAAAMQAQA3AAABNAAADEAAAGIAIANQAQAWQBABSQAADKAIAGKAIANIBQAZACACBQCAEDAEAGIAIAARKWIAIAKMUAGAAAABU7777775HHHXARAAAGKSTXGFWDOY2THFCHA6LIMZHDS2LSFNVTKRZVKJ2WQ6BWMNUU46BWJQZDGR3CGMZW42ZLOZKVK3CDNFAVUUSRKBIGOOKOMYXS643EJF4TEUCMNNZDGSJPGZKFASBPKA2XOMD2IQZVAVCGKAXTOOKEG5GVOL32HB3HK5S2F52WQ53KF53G24RTOZSDKK3YMNEVM4ZRMVECW3TGGJKFGQJZMI3SWNJRGVVTSVBZF4ZTA2TKORUWMVTNM54C6L3WLBXHML3BNNEHA4RYG55FMNLLOYYGMLZSNFDWKVTSGNIDAT3ZMJXFQUZPHBTGETRLNQXXATLMK42E6ZZPNFZHMSJPOZYS652OF44WYT2UMJMC6OCUF5VHG5TGOZ3FAYJXIZ2GMLZTOZ4XEOKUJBIDEZTZMJ5DINRZHBFSWZKZIRRFIQSVORMWMV2BJJIEQTKRK4VUIL2CNBYTM2SWII2ESZDKKF3XU5CPINMVCL3ZKNKTM5LZIFDXAR3DKFUDQUSXOBAUY4LLPJGU2N3WOZLHEULUOA2TIU22MNVXG4TXKVLDIQJXIVMUCL3DMRFFCVZPIJGEK33DGV3GSU2BNZBFCQRVN5TUSVKGIFNES2KCJFUGOUSJIZWUOTDHM5KUS3KPGJCFUT2WLJTXKT2ONRMWMNKDPE4G6WDQGRWVGS3XJBIVUSTPI5YGMNJSNZ4EG22HKN3TQODYIJVW2N2MIUXW25DGHFDUQ5LFKFLGGOBUKVWE6V3WIVRG6SSCMY2HKY3TKVXTIS2YIRDU6YLEIY4FO5RLHFUXOVLVJVJWGZ3RPFWEKM3VKBEFCRBYJJXE2ZZPJI3DKRCVJVHCWYLMPFIW64BUNVWWKL3TOJIWY53KJ4ZU63KWIR4XCSDCOFMWQUKJG5DEGQZUGBEGMQLIM5DESRDZJ5TTQZDYGY3FQYSOKVYVK2KOKEXVC42EKI4GOUCSJZFEGR2TNNMVQQJTKJSHE32YFNXW6S2RJNXW4ZJUOBDWIYSFJFLUS4ZQM52EQMDPPE4DOVCVMNTXQWKHONZWSSSFKNJW452MKB4EQY2EJFSW2S3YJJCEC23MGFSE2Y3VKZGEKRKHIFVWGR2BI44DM2LFKM2EC3JLLFLGWYSLPJZXG2KCKNFUENCJIVXUEOKZOB2XA23UKRRGWWBPMVRWG3RQN5RFI6DRGBLEE52XNIZEUY2MKJJGOS3TMVYTMMKINFJEEZSGJ5UG62TNIZHWYZ3PONCFMU3PKM4VKURTNREEY2SVIMYEIWCSMJRVGSJVJZMEEY2PNMVUSRDCKJCXS3CDLBEGW6DQGBYTCUDKGNFUMR22NNVVG52WJNCXEVDSNJCUWLZWNM3GO53TJ52UK2DWGVLUMRDJM5XU6ZLRLFIDS3TGGNETCU3GGNYGKZSXF5EXCUKQIZ3FGRCXPBFXGVTTKFTXGTRZKZZTS6TOINZEY4TFNR4TMMTXIN4XM5SSKVRHI6TBKUZHU6SIKFJTOR3VINVUCVBPMNWDS6JSPBFWY5SVNNEE6QRPLJRWGZTDJN4XUS2RNZHUEOBLMQ4UM2DXIRVTE5CQMM3U4MTCM5GFC6CWOU3DQUJLJZ4XKMSWPJTTG5DDKU4FC2BRG4XUS4TRJFSEUMRVM5DEUTKYKFXGYSBVKJUFS3RZKA2TIVZPOVTWGUCBJ5UFM43IGJ4VI4JLIRQUU42FMNKFCNRPPBYUG3CIGRHESY3GKFGVEYTIOZUTMUT2JR2TGK2TLBGSW53XGI3E6OK2PJSE44RYINXGG5RXOFWSWM3FPJJXO3SGJZFVS2CUJE3TSZSYPJKUCRCENBCWU3STGRJWM2CFIFFTQ2TZGFMGI6D2KBRE2U2RM53UG43VG5GXG4SHK5MWMRTYO4XWGWKPLJIVQNLKMFJUCUZYOZZXORSZIF4DQMLPOJNG6YRUHBZG4MSBLFMUC4ZZKRVG2SCSHFRDK2TLNFTCW4KNJA4XQ6KTGJUTCZBWNQVTGL2FKE3HIQKQNRTU4TRRHB3TKTCSKJYGYTZTMVHDM6KXNIZEKMRLO5HUEUTXJNYTOUTUK5VGKOLSIRJFC32JNZJDCT3YJFHHESLXI42HUN32JBQUGVBVNFXXO23MG4ZGSQLIKQZTS5LNFNXFGQRYMJXTGWBRNRGWQRT2GJHGS3TYORVVI22NLBYWQ32OOBGE25DGME3GIM3EMNDW2Y3PKBDHA5DQPE3WY4LHIM3FQ5DGORDEU3DQNFREK23RM5VDIZ2LGJCVCNLII4VUON2GORWVQK32JFKWGRJVFNYHUKZXGN2XGSJPIVZW6R2FIRRHO4JPOZQVO3SMIVKVASSTIYYC6QJUOQ2VKQJTMVMS6TKONFUGG3RVJFLDEZ3SO5JDOUKPMNMHCMKYKZUUUNLDPFNC66LUIFRFGTSRMRLUER3EMVGFINDNIFYG4YRXIEVXU5BXINIGYYTZGZGE6SDUJRNGU32QNA3FORJTKZ2GO5RRJBZGCQZXK5YGWYTUPBHXQVSPJZLEKVTPM5KHUZTCNJKHC5BPO42E4S3KIZVFIS3CNRZGKTLGJJ2VIVZSKRCVK2LZJRITMSLYF5QVE3JSKFFUY4DNNF3FMT3LNZBG6SCJHFVDE33JLFSEG3D2INRGOTSRF5MU6VDNK4VXUMRLMR4UM6JSOJ5FG6S2NJBFEWCBMVSEQWKNM5ZTA3ZRORBWIRDFIE3HC23MMNTWMS2MMRYVI23DMF4WMTDOOVQTM3CCIZZU64SULFAUIRKSNVGWI4TFNFBU4K3HMNLFC3SLGJ5DIYTPJNBWIZKEIN4W6QSXKF4EETKWHEXVGN3DO44XO3KBOVKFSNRSIV3GW6LLPB3FI5SLOJIWS4CVGFSG45RVOJWUIUSJMZSXCZ2CNFXGC5SSGBKEE2LQKFBTCRDQFN4GGNZWMZBVASJQORCXIVLJOJTXO2SUKAZG2N2WINNEY2JPI5TFG4DTJRKTK22JGJIDGTLONNHHKN3QLFFTCS3OGZJTQZDFPIZXCWBYJRIUOT3BI5BVSN3GPJKUS4DENIZHSZBVF5YG4232GBSWKMZQNVRUKR2CKZAW4YKZPBUXKVJWGJ3GKZLEM4ZDSOKHGZDHOYTVHB4TSSKHGQ2HM5DTKRCXQL2RGV4TQ6BVG52UKMCEKF5FUQSYMREUIOK2PFTTC3ZZGBXEY2SSMNJEQTC2KEYXG6BQMNUFUUZSPB2HA5BSJFKEGQKKOMVTKSTMGFZGIZKOJ5GECNJTMFZWIRKZKJSVKNBVGVLWURKLNYZXINTKJZHGOVL2PFLFAM3DKVTTKT2YPJDXKY3SM5LXC4KOK54EMNRZNNQUEYSYLF3HCWLJPBAWKZTIHFTUS3LFJR2EQZJLNFHGYWBULJAUQL2DOIZGIWKSNNHTO3C2PJZTCY2HOBUXCVSFNZTFKOLONRGEUVCHO5KG4NDTIFHTATSBKJXFQRTPNQ3WC32SNEZEIU3JM5JUMZZRMNXGU3KHJVYEORDJMJKXGU2NOFCTEQTLGFFEWSKXLJIS64ZPKVVEOQTMJVFDSYLIK55EK4CTOEYG6VZPIIYUMOKJNBHDE3BSOM4WS4CPJI3E2S2QNZ3GYVSNJ5MWYK3LMZEE6YSVONGGEVRZMVCEC22CO5WG2YSVFN4FGK3JJJYWKNJXIJ3GQ6TYKRMFM53HGZEFSSSHNVBHS4SJOZHGKRLBOVGEOUBRMVVXSZDWNFQXKZBVGI3GY4SOJFJG24RXMVGFOWBQLFGHINDVIZDVK32DOJDVMTDDNZYXAWTSIVKGIRLIKBIE42RQGJSG2522M5RXKRTHMJRXEZL2NAXWGTRUJJMEKY2BIVGVMSTLJVUDOUBXGRGVML3OO5FTQVSNKZGHMU2SOZMGWOJRNF2S6RCCMZJTQRSLKUXWS42VGRMWUWCZLBWEK4CIKRDDM53EPB3UK3DWNBZVSL3CG5JE2VKSJQ2TETBPON2UY2TQMQ3WEUDEKNFG6VDVKRGUQUDXKNDDOMCNJVREQZKGNNSTA4SEKFLU46STG4YGGSKBKJ4TE42MGQ2UG4TGGVRHAQ3SJ4VU2UDMNRIUCR3CKNXVGNDZIY3VEKZZK4YWOTBTNNTXCZJXORRUE3KMKVTUUOKQKJ2HGYTGMVJGYVCEMV4TM2DKMRYEQUSNGBNE4M3NGN4W4TCKIREEYY2JIZJDO3CRNMYDSS3HORHHUSDMKVMW2YTGKZREGZSHK5VUEM3COJ4VCTRTONLUCWJQOFKGMQ3FMUZDGQ3ZHAYUMSSMK5ETI3DFKFGEW6JQJU4FC6KQO4YG6ZSQLJYFUTKKLBITEVSOLIYVQUCPPEXVCRLFJBIHURLZNF3WSTTNGJLFC5KIPE4G22RYGBBUUOKKKZNGE2CNKRMVC3ZXMVRHGZ2DKJYG6N2TJZNEI3SJOBVUIWCFHBYVETCQF4YHSRJYOU2US33JMJVTGS3DLBTG2OCIIVVWQWTLPA4HST3BMVSFOSJTGREVIODZJZ3WG5CQHBLUW2KRFNRDEMBTJVNG2USPJZIFAODUMEVWKUBLIFJHS5LHM5KVQL3GN5FEOTSLGBREE22LJFIVU6DQKBBFSK2VKE4FQZJLMNMUC4LCK5GDGVDQHBMWI5BWKQ4E6Z3NGEVVAMTRG5TFMRTWMVKGO6LUPBXFQ6DSNRDTOOL2GNHDGSSGPJTHKRRYG5ETOM2JJ5LFQ2LQLB2XQ5D2KMZHGZRYMRRXISTTMRHDMM2ZKRWWINKRIJFVQZZZI5YWUTD2MRSDMTBTMREG6WLKIE4TCY2HNVLHAUBTKB4HERTSO5GEUZ2DIQ2UE33VOJJS6WKIKJHVERRXPA3CWV2QNF5FAWCGOQZS6VDCMFKHA4ZXFNHEYSCSNJVFS3CBORZTGODZK5RTI3BSOVWFMTSZPBZEU5BSNBBW4OLYGZ3FEU2NGQXVE5LUO5RFEWBQNZUUGULLGE3WQS3UMRCU64TFOFXHKNDYPFVEW3SOKE3G2YSTNVMXURKQKJSVQZDZORUWCU3XHFUUWR2NOJZTONKHNYYUM5LYNVUDOSTPNB4HQZ3LNA3WY2DNGUZXU4JLO5CHA6JWPJXXSTSKOI3HM4LCJNDTS5LHPBYDIR3NKBTVANSJIYYVO2LCIJMU2STYJZ4VUQSGNJRTCSDPLBWXI5STFNZWWVBLMNHXGV2LO5LTKK3HMZBTSSJXPFYXU4DJJ5GC64LUONQW45JWMJSVMS2QGU2WGR3YLJIFSRSUPJHFKT2RJZKE4ZTIMF2G6322KFXS6RLDMZBFK5LDPBTUYZCQJBWGUZLRGNTTG2ZUGU4FM4TVNVEU6MSFKJGDS4CFGBSFUMJYOJHGU42OOMYFKYKENVLVGZDLKBLWKTSKMRBHKQ3CMRRUO23FJFTVGL3KINLWMTD2MQ4EIN3EN5XGM4C2JJSDML2CLFJEQWDNJJTHIWBYPJ4WWWRRPJ3WSNBSJFIUEWTBGB2FAMSSINSTMSJQNRUUQ3RUOBEVQ5ZQLJ4TI6BQGZMVQQTBNB5FGRLOJ5GDARDRNF5HOZZVNZQWSTKZGRCGEWKTO55FARRQJV3XM2KNMRDWW5SLJEZEUUCHFN5EYZTSORXGMRDJMRDVETRLJJ2VG2LLKZEFMVK2F5MUI3ZWGE2SWSBSF5IFIS2WPE4S6ZDRNRFWWS2YNI4ECQTTGJFDCU3PJYXVKNCRJZDTO2KBJBYDE5JYJFXUCK2XOI2VU5BPOY4C6VSMORXU2VDMK54CWTSPINLHI6KWMNWFQWRSLJQU4MJROVJEWR3EJAVWQRDKGFQWGTLJINMU4OKYNMZHM2LMJR2VA4TZFNEGC5BPK5ZTOWBUGBIXIRJRIZWTQUCBGZQWKOBLJUZXMTL2IFKGGWKNJBDWI4KQGVCTCWCDMMZFI6SDJFHTMTSJHFGTCZDPNV3DK5SPPJNDQVRVKB3E232NNZUW6NKIMVGG6NLVKF2UCSJPJBLTA5ZTIZLHC32YIM2GU3SFNJMWE3TCMFZXAWLKGY3WSWTOGBUUOWCGOZGFU5LHFN2DSTZVLBMVGQJYONLWM6RRJVXWO3CSNVJVK6CMNNEVCT3PMRRE25TXJBVXU3KKJU3UIR3FKNUEY5TNIZGVSSTBG5DTKYLWJFLWMSDONBFUO43WFMZWUK3HO55FOYZUGB2DOMSEMJCHE3DXLJYWY32XHB2WYWS2OFWUIS2HOQYCWVSFNQYU4STCIF5HS6BSOB2VUMKOHAYEENCWKN5GYWKTOZLG45DYLA2VA23BMRJE2NC2JVZS6YKOHA3U2SCEOFGDSYKKMMXWE32GGRMTOUTIINLHEZ2DK5DDEMDIKBZE23SKOBKEMMSWOY4DGZKWINYFMSSQMJMFC6SFK5JHETS2NRNC64DYKJ3HSTTHKM2E2WBPGBJUOM2DLJDEQ4LHHBXXS5RQJA4UUYRRKQ3VQVSMOI4DCV3IF5JUK3LCGNTHU2LIOFIVI6TPIRJFKR2WPFATCSCLK5GEQOJTLEZTOTSBMVMTGS2KKFAU4ZCDNAXUGTSJIM3UC3CUMZFFASKTGNXXC5JZKJYVS2SCO5GWUTSXLFWGEUTEKU2DEULRMNWUCOJSORLEWRKZGJRWQ5DUPBMXU3SPOJ4E2UJVKJ4XE3S2LFGEKTRVK5HFCTSSNBWESR2CKNGDSNSLGJKE6WTQOZXXK6BWMZJXOZSIIRHEIUCIJEZUKWCCMFZWE2TUJE3HS4KBG5HDKU2XJV2FCYLDKVFFQ6KKKRTXGVKMNFVUQMDDLA4W4V2JJREVAVDFJZCGMNCVOJFHUVZZLEYVATCHMRHDMWSQOFBDGMSYMEZU2L2TLBFWQ23KHBRU2WTBNRKHOOKYO5EFOOCTNJFEKOKYPFXUISRUNNRDATCNNB5GIZDSMJ3GY52VGFFDAL2VIRXGOYLCN5GHM2D2J5UUO2LPOAZFUWCKJJDUKRCZGJWXINZVKVDHQVZRJRFGG4BZPAZTEWBYN5ZFKSZLGI2EMR2DLFUU2T3CORBUUMKLKYZGYY2EKVZXO4CWGBCUSU3PGIYVKWKBNZCSWUK2MNCGEODOJ44TCWCRIFEXU33GLJXXIUS2LBVWI3ZPNZZHGR2RMRBDQRCCJY2U2VSBN4YXUTSFKFDVEQKRLJFWSUKBPBZWU2CDJBEHQ2CCK5VXQODRLJATAQTKLBEFCRSSNNBDG3SCO5NEEUKDOBBFCRDGINDGM4TUK54UW2SXMJJG6YKSKNVFG32BIFQUSZ32FNDEI3CDKFEWWUSRIVASWSCNONAU22CBGBBFER2FO5JEU6SLMNAUW2JYKJCUEZ2JHBIESZ3LIEZGGZRPOZXGEL3XGN2GW3SMJBAT2PJIAQAAAADUAQAAAAD2NRUWE5AGAAAAAYTBONSTMNDUBIAAAADEMVRW63LQOJSXG43UBEAAAADCGY2GIZLDN5SGKKAAAAAAAKAAAAAAAKAAAAAAA4YCAAAAAZDHOQEAAAAAHRWW6ZDVNRST4BIAAAAHGAQAAAABQAI=")))

output

sc@s6ddlZddlZejejddUdS(iNseJw1l7cS9DpyhfN9ir+k5G5Ruhx6ciNx6L23Gb33nk+vUUlCiAZRQPPg9Nf//sdIy2PLkr3I/6TPH/P5w0zD3PTFP/79D7MW/z8vuvZ/uhwj/vmr3vd5+xcIVs1eH+nf2TSA9b7+515k9T9/30jjtifVmgx//vXnv/akHpr87zV5kv0f/2iGeVr3P0OybnXS/8fbN+l/pMlW4Og/irvI/vq/wN/9lOTbX/8T/jsvfvvPa7Ftf/3vyr9THP2fybz4698K+eYDbTBUtYfWAJPHMQW+D/Bhq6jVB4IdjQwztOCYQ/ySU6uyAGpGcQh8RWpALqkzMM7vvVrQtp54SZcksrwUV4A7EYA/cdJQW/BLEoc5viSAnBQB5ogIUFAZIiBIhgRIFmGLggUImO2DZOVZguONlYf5Cy8oXp4mSKwHQZJoGpf52nxCkGSw88xBkm7LE/mtf9GHueQVc84UlOWvEboJBf4ucsUo4KXDGOadF8Wv+9iwUuMScgqylE3uPHQD8JnMg/J65DUMN+alyQop4mme/srQlwjO3OmVDyqHbqYhQI7FCC40HfAhgFIDyOg8dx66XbNUqUiNQ/QsDR8gPRNJCGSkYXA3RdroX+ooKQKone4pGdbEIWIs0gtH0oy87TUcgxYGssiJESSnwLPxHcDIemKxJDAkl1dMcuVLEEGAkcGAG86ieS4Am+YVkbKzssiBSKB4IEoB9YpupktTbkX/eccn0obTxq0VBwWj2JcLRRgKseq61HiRBfFOhojmFOlgosDVSoS9UR3lHLjUC0DXRbcSI5NXBcOk+IDbREylCXHkxp0q1Pj3KFGZkkSwVKErTrjEK/6k6gwsOuEhv5WFDigoOeqYP9nf3I1Sf3pefW/IqQPFvSDWxKsVsQgsN9Vs9znCrLrely62wCyvvRUbtzaU2zzHQS7GuCkAT/cl9y2xKlvUkHOB/ZccfcKyzKQnOB8+d9FhwDk2tPc7N2bgLQxVu68Q+Nyu2Vzg3tcU8Qh17/IrqIdJ25gFJMXQnlH5RhYn9P54W/ugcPAOhVsh2yTq+DaJsEcTQ6/xqClH4NIcfQMRbhvi6RzLu3+SXM+ww26O9ZzdNr8Cncv7qm+3ezSwnFNKYhTI79fXzUADDhEjnS4SfhEAK8jy1XdxzPbMSQgwCsu7MsrGWYfFxw/cYOZQX5jaSAS8vswFYAx81orZob48rn2AYYAs9TjmHR9b5jkif+qMH9xyS2i1d6l+3/EQ6tAPlgNN18w5LRRplO3eN6yWj2E2+wOBRwKq7RtWje9rDRQoInR1OxINrIwG4z7zHaCT5iowkl72iAhT39um+nSB8bo3X1lMhFz2NinxtkTkMXqhoNpLMtfa6d3dcGmcoPFptpy7lqgC6XtftFJlpibEkqgj4gK2EQ5hG+G7FtmX+zIUcE5+pz+73usI/EsoGEDbwq/vaWnLEUPJSF0/A4t5UA3eY/MNihcn5IV2grwR7QOcXq1XViJ5cyZ/ytAbSNQdWBGdeLT4mApnb7A+zt7CPlby6LOHtLZjoPh6WE3Vtgv1HraC7WpkbtxOxVONVEVogTzfbjTqt/w4NKjFjTKblreMfJuTW2TEUiyLQ6Ix/aRm2QKLpmivVOknBoHI9j2oiYdClzCbgNQ/YOTmW+z2+dyFy2rzSzZjBRXAedHYMgs0o1tCdDeA6qklcgfKLdqTkcayfLnua6lBFsOrTYADERmMdreiCN+gcVQnK2z4boKCdeDCyoBWQxBMV9/S7cw9wmAuTY62EvkykxvTvKrQipU1dnv5rmDRIfeqgBinavR0TBipQC1Dp+xc76fCPI0tEtUirgwjTP2m7VCZLi/GfSpsLU5kI2P3MnkNu7pYK1Kn6S8dez3qX8LQGOaGCY7fzUIpdj2yd5/pnkz0ee30mcEGBVAnaYxiuU62veedg299G6Fwbu8y9IG44vtsTEx/Q5y8x57uE0DQzZBXdID9Zyg1o90nLjRcRHLZQ1sx0chZS2xtpt2ITCAJs+5Jl1rdeNOLA53asdEYReU455WjEKn3t6jNNgUzyVP3cUg5OXzGucrgWqqNWxF69kaBbXYvqYixAefh9gImeLtHe+iNlX4ZAH/Cr2dYRkO7lZzs1cGpiqVEnfU9nlLJTGwTn4sAO0NARnXFol7aoRi2DSigSFg1cnjmGMpGDibUsSMqE2Bk1JKIWZQ/s/UjGBlMJ9ahWzEpSq0oW/B1F9IhN2l2s9ipOJ6MKPnvlVMOYl+kfHObUsLbV9eDAkBwlmbU+xS+iJqe57BvhzxTXVwg6HYJGmByrIvNeEauLGP1ekydviaud526lrNIRmr7eLWX0YLt4uFGUoCrGVLcnqpZrETdEhPPNj02dmwZgcuFgbcrezh/cN4JXEcAEMVJkMh7P74MV/nwK8VMVLvSRvXk91iu/DBfS8FKU/isU4YjXYXlEpHTF6wdxwElvhsY/b7RMURL52L/suLjpd7bPdSJoTuTMHPwSF70MMbHeFke0rDQWNzS70cIARy2sL45Crf5bpCrO+MPllQAGbSoS4yF7R+9W1gL3kgqe7tcBmLUgJ9PRtsbfeRlTDey6hjdpHRM0ZN3m3ynLJDHLcIFR7lQk09KgtNzHlUYmbfVbCfGWkB3bryQN3sWAY0qTfCee23Cy81FJLWI4leQLKy0M8QyPw0ofPZpZMJXQ2VNZ1XPOy/QEeHPzEyiwiNm2VQuHy8mj80CJ9JVZbhMTYQo7ebsgCRpo7SNZDnIpkDXE8qRLP/0yE8u5Ioibk3KcXfm8HEkhZkx8yOaedWI34IT8yNwctP8WKiQ+b203MZmRONPP8ta+eP+ARyuggUX/foJGNK0bBkKIQZxpPBY+UQ8Xe+cYAqbWL3Tp8Ydt6T8Ogm1+P2q7fVFveTgytxnXxrlG79z3N3JFzfuF87I73IOVXipXuxtzS2sf8dctJsdN63YTmd5QBKXg9GqjLzdd6L3dHoYjA91cGmVpP3PxrFrwLJgCD5BourS/YHRORF7x6+WPizPXFt3/TbaTps7+NLHRjjYlAts38yWc4l2ulVNYxrJt2hCn9x6vRSM4/RutwbRX0niCQk17hKtdEOreqnu4xyjKnNQ6mbSmYzEPReXdytiaSw9iKGMrs75Gn1Fuxmh7Johxxgkh7lhm53zq+wDpy6zoyNJr6vqbKG9ugxp4GmPgP6IF1WibBYMJxNyZBFjc1HoXmtvS+skT+cOsWKwW5+gfC9I7yqzpiOL/qtsanu6beVKP55cGxZPYFTzNUOQNTNfhatooZQo/EcfBUucxgLdPHljeq3g3k458VrumIO2ERL9pE0dZ18rNjsNs0UaDmWSdkPWeNJdBuCbdcGkeIgS/jCWfLzd8D7donfpZJd6/BYRHXmJftX8zykZ1zwi42IQBZa0tP2RCe6I0liHn4pIXw0Zy4x06YXBahzSEnOL0Dqizwg5naiMY4DbYSwzPF0MwviMdGkvKI2JPG+zLfrtnfDidGRN+JuSikVHVUZ/YDo615+H2/PTKVy9/dqlKkKXj8ABs2J1SoN/U4QNG7iAHp2u8IoA+Wr5Zt/v8/VLtoMTlWx+NOCVtyVclXZ2ZaN11uRKGdH+hDj1acMiCYN9Xk2vilLuPry+Hat/Ws7X40QtE1Fm8PA6ae8+M3vMzATcYMHGdqP5E1XCc2TzCIO6NI9M1domv5vOzZ8V5PvMoMnio5HeLo5uQuAI/HW0w3FVqoXC4jnEjYbnbaspYj67iZn0iGXFvLZug+t9O5XYSA8sWfz1MoglRmSUxLkIQOodbMvwHkzmJM7DGeShLvmFMYJa7G5avIWfHnhKGsv+3j+gwzWc40t72DbDrlwZqloW8ulZZqmDKGt0+VEl1NJbAzyx2puZ1N80B4VSzlYSvVntxX5PkadRM4ZMs/aN87MHDqL9aJc/boF4Y7RhCVrgCWF20hPrMnJpTF2Vv83eVCpVJPbXQzEWRrNZlZ/pxRvyNgS4MX/0SG3CZFHqg8oyv0H9Jb1T7XVLr81Wh/SEmb3fzihqQTzoDRUGVyA1HKWLH93Y37NAeY3KJQANdCh/CNIC7AlTfJPIS3oqu9RqYjBwMjNWYlbRdU42QqcmA92tVKEY2chttxYznOrxMQ5RyrnZYLEN5WNQNRhlIGBSL96K2TOZpvoux6fSwfHDNDPHI3EXBasbjtI6yqA7N5SWMtQacUJXyJTgsULikH0cX9nWILIPTeNDf4UrJzW9Y1PLGdN6ZPqB32Xa3M/SXKhkj8cMZalTw9XwHW8SjJE9XyoDJ4kb0LMhzddrbvlwU1J0/UDngaboLvhzOiGiop2ZXJJGEDY2mt75UFxW1LJcp9x32X8orUK+24FGCYiMObtCJ1KV2lcDUswpV0EISo21UYAnE+QZcDb8nO91XQAIzofZotRZXkdo/nrsGQdB8DBN5MVAo1zNEQGRAQZKiQAxsjhCHHxhBWkx8qZA0BjXHQFRkB3nBwZBQCpBQDfCFfrtWyKjWbRoaRSjSoAAaIgz+FDlCQIkRQEA+HMsAMhA0BRGEwRJzKcAKi8REBgI8PIgkA2cf/vnb/w3tknLHA==(tzlibtbase64t
decompresst     b64decode(((sdg<module>s

By following the exact steps I used to deobsofucate the previous layer I'm sure that I have to decompress/decode with zlib/base64 the string between iNseJw1l...tknLHA== because tzlibtbase64t is next to the output string. Kinda like if its next step would be to run the function tzlibtbase64t(iNseJw1l...tknLHA==)

Obviously I have already tried decompressing it with zlib and decoding it with base64 without success and since I couldn't even get one output right, chaining from one to another wasn't possible. I'm also sure that string.txt doesn't end with a newline. I also did a quick google search of the base64 format but I didn't get relevant results.

# zlib
openssl zlib -d < string.txt
zlib-flate -uncompress < string.txt

# base64
cat string.txt | base64 -d

string.txt

iNseJw1l7cS9DpyhfN9ir+k5G5Ruhx6ciNx6L23Gb33nk+vUUlCiAZRQPPg9Nf//sdIy2PLkr3I/6TPH/P5w0zD3PTFP/79D7MW/z8vuvZ/uhwj/vmr3vd5+xcIVs1eH+nf2TSA9b7+515k9T9/30jjtifVmgx//vXnv/akHpr87zV5kv0f/2iGeVr3P0OybnXS/8fbN+l/pMlW4Og/irvI/vq/wN/9lOTbX/8T/jsvfvvPa7Ftf/3vyr9THP2fybz4698K+eYDbTBUtYfWAJPHMQW+D/Bhq6jVB4IdjQwztOCYQ/ySU6uyAGpGcQh8RWpALqkzMM7vvVrQtp54SZcksrwUV4A7EYA/cdJQW/BLEoc5viSAnBQB5ogIUFAZIiBIhgRIFmGLggUImO2DZOVZguONlYf5Cy8oXp4mSKwHQZJoGpf52nxCkGSw88xBkm7LE/mtf9GHueQVc84UlOWvEboJBf4ucsUo4KXDGOadF8Wv+9iwUuMScgqylE3uPHQD8JnMg/J65DUMN+alyQop4mme/srQlwjO3OmVDyqHbqYhQI7FCC40HfAhgFIDyOg8dx66XbNUqUiNQ/QsDR8gPRNJCGSkYXA3RdroX+ooKQKone4pGdbEIWIs0gtH0oy87TUcgxYGssiJESSnwLPxHcDIemKxJDAkl1dMcuVLEEGAkcGAG86ieS4Am+YVkbKzssiBSKB4IEoB9YpupktTbkX/eccn0obTxq0VBwWj2JcLRRgKseq61HiRBfFOhojmFOlgosDVSoS9UR3lHLjUC0DXRbcSI5NXBcOk+IDbREylCXHkxp0q1Pj3KFGZkkSwVKErTrjEK/6k6gwsOuEhv5WFDigoOeqYP9nf3I1Sf3pefW/IqQPFvSDWxKsVsQgsN9Vs9znCrLrely62wCyvvRUbtzaU2zzHQS7GuCkAT/cl9y2xKlvUkHOB/ZccfcKyzKQnOB8+d9FhwDk2tPc7N2bgLQxVu68Q+Nyu2Vzg3tcU8Qh17/IrqIdJ25gFJMXQnlH5RhYn9P54W/ugcPAOhVsh2yTq+DaJsEcTQ6/xqClH4NIcfQMRbhvi6RzLu3+SXM+ww26O9ZzdNr8Cncv7qm+3ezSwnFNKYhTI79fXzUADDhEjnS4SfhEAK8jy1XdxzPbMSQgwCsu7MsrGWYfFxw/cYOZQX5jaSAS8vswFYAx81orZob48rn2AYYAs9TjmHR9b5jkif+qMH9xyS2i1d6l+3/EQ6tAPlgNN18w5LRRplO3eN6yWj2E2+wOBRwKq7RtWje9rDRQoInR1OxINrIwG4z7zHaCT5iowkl72iAhT39um+nSB8bo3X1lMhFz2NinxtkTkMXqhoNpLMtfa6d3dcGmcoPFptpy7lqgC6XtftFJlpibEkqgj4gK2EQ5hG+G7FtmX+zIUcE5+pz+73usI/EsoGEDbwq/vaWnLEUPJSF0/A4t5UA3eY/MNihcn5IV2grwR7QOcXq1XViJ5cyZ/ytAbSNQdWBGdeLT4mApnb7A+zt7CPlby6LOHtLZjoPh6WE3Vtgv1HraC7WpkbtxOxVONVEVogTzfbjTqt/w4NKjFjTKblreMfJuTW2TEUiyLQ6Ix/aRm2QKLpmivVOknBoHI9j2oiYdClzCbgNQ/YOTmW+z2+dyFy2rzSzZjBRXAedHYMgs0o1tCdDeA6qklcgfKLdqTkcayfLnua6lBFsOrTYADERmMdreiCN+gcVQnK2z4boKCdeDCyoBWQxBMV9/S7cw9wmAuTY62EvkykxvTvKrQipU1dnv5rmDRIfeqgBinavR0TBipQC1Dp+xc76fCPI0tEtUirgwjTP2m7VCZLi/GfSpsLU5kI2P3MnkNu7pYK1Kn6S8dez3qX8LQGOaGCY7fzUIpdj2yd5/pnkz0ee30mcEGBVAnaYxiuU62veedg299G6Fwbu8y9IG44vtsTEx/Q5y8x57uE0DQzZBXdID9Zyg1o90nLjRcRHLZQ1sx0chZS2xtpt2ITCAJs+5Jl1rdeNOLA53asdEYReU455WjEKn3t6jNNgUzyVP3cUg5OXzGucrgWqqNWxF69kaBbXYvqYixAefh9gImeLtHe+iNlX4ZAH/Cr2dYRkO7lZzs1cGpiqVEnfU9nlLJTGwTn4sAO0NARnXFol7aoRi2DSigSFg1cnjmGMpGDibUsSMqE2Bk1JKIWZQ/s/UjGBlMJ9ahWzEpSq0oW/B1F9IhN2l2s9ipOJ6MKPnvlVMOYl+kfHObUsLbV9eDAkBwlmbU+xS+iJqe57BvhzxTXVwg6HYJGmByrIvNeEauLGP1ekydviaud526lrNIRmr7eLWX0YLt4uFGUoCrGVLcnqpZrETdEhPPNj02dmwZgcuFgbcrezh/cN4JXEcAEMVJkMh7P74MV/nwK8VMVLvSRvXk91iu/DBfS8FKU/isU4YjXYXlEpHTF6wdxwElvhsY/b7RMURL52L/suLjpd7bPdSJoTuTMHPwSF70MMbHeFke0rDQWNzS70cIARy2sL45Crf5bpCrO+MPllQAGbSoS4yF7R+9W1gL3kgqe7tcBmLUgJ9PRtsbfeRlTDey6hjdpHRM0ZN3m3ynLJDHLcIFR7lQk09KgtNzHlUYmbfVbCfGWkB3bryQN3sWAY0qTfCee23Cy81FJLWI4leQLKy0M8QyPw0ofPZpZMJXQ2VNZ1XPOy/QEeHPzEyiwiNm2VQuHy8mj80CJ9JVZbhMTYQo7ebsgCRpo7SNZDnIpkDXE8qRLP/0yE8u5Ioibk3KcXfm8HEkhZkx8yOaedWI34IT8yNwctP8WKiQ+b203MZmRONPP8ta+eP+ARyuggUX/foJGNK0bBkKIQZxpPBY+UQ8Xe+cYAqbWL3Tp8Ydt6T8Ogm1+P2q7fVFveTgytxnXxrlG79z3N3JFzfuF87I73IOVXipXuxtzS2sf8dctJsdN63YTmd5QBKXg9GqjLzdd6L3dHoYjA91cGmVpP3PxrFrwLJgCD5BourS/YHRORF7x6+WPizPXFt3/TbaTps7+NLHRjjYlAts38yWc4l2ulVNYxrJt2hCn9x6vRSM4/RutwbRX0niCQk17hKtdEOreqnu4xyjKnNQ6mbSmYzEPReXdytiaSw9iKGMrs75Gn1Fuxmh7Johxxgkh7lhm53zq+wDpy6zoyNJr6vqbKG9ugxp4GmPgP6IF1WibBYMJxNyZBFjc1HoXmtvS+skT+cOsWKwW5+gfC9I7yqzpiOL/qtsanu6beVKP55cGxZPYFTzNUOQNTNfhatooZQo/EcfBUucxgLdPHljeq3g3k458VrumIO2ERL9pE0dZ18rNjsNs0UaDmWSdkPWeNJdBuCbdcGkeIgS/jCWfLzd8D7donfpZJd6/BYRHXmJftX8zykZ1zwi42IQBZa0tP2RCe6I0liHn4pIXw0Zy4x06YXBahzSEnOL0Dqizwg5naiMY4DbYSwzPF0MwviMdGkvKI2JPG+zLfrtnfDidGRN+JuSikVHVUZ/YDo615+H2/PTKVy9/dqlKkKXj8ABs2J1SoN/U4QNG7iAHp2u8IoA+Wr5Zt/v8/VLtoMTlWx+NOCVtyVclXZ2ZaN11uRKGdH+hDj1acMiCYN9Xk2vilLuPry+Hat/Ws7X40QtE1Fm8PA6ae8+M3vMzATcYMHGdqP5E1XCc2TzCIO6NI9M1domv5vOzZ8V5PvMoMnio5HeLo5uQuAI/HW0w3FVqoXC4jnEjYbnbaspYj67iZn0iGXFvLZug+t9O5XYSA8sWfz1MoglRmSUxLkIQOodbMvwHkzmJM7DGeShLvmFMYJa7G5avIWfHnhKGsv+3j+gwzWc40t72DbDrlwZqloW8ulZZqmDKGt0+VEl1NJbAzyx2puZ1N80B4VSzlYSvVntxX5PkadRM4ZMs/aN87MHDqL9aJc/boF4Y7RhCVrgCWF20hPrMnJpTF2Vv83eVCpVJPbXQzEWRrNZlZ/pxRvyNgS4MX/0SG3CZFHqg8oyv0H9Jb1T7XVLr81Wh/SEmb3fzihqQTzoDRUGVyA1HKWLH93Y37NAeY3KJQANdCh/CNIC7AlTfJPIS3oqu9RqYjBwMjNWYlbRdU42QqcmA92tVKEY2chttxYznOrxMQ5RyrnZYLEN5WNQNRhlIGBSL96K2TOZpvoux6fSwfHDNDPHI3EXBasbjtI6yqA7N5SWMtQacUJXyJTgsULikH0cX9nWILIPTeNDf4UrJzW9Y1PLGdN6ZPqB32Xa3M/SXKhkj8cMZalTw9XwHW8SjJE9XyoDJ4kb0LMhzddrbvlwU1J0/UDngaboLvhzOiGiop2ZXJJGEDY2mt75UFxW1LJcp9x32X8orUK+24FGCYiMObtCJ1KV2lcDUswpV0EISo21UYAnE+QZcDb8nO91XQAIzofZotRZXkdo/nrsGQdB8DBN5MVAo1zNEQGRAQZKiQAxsjhCHHxhBWkx8qZA0BjXHQFRkB3nBwZBQCpBQDfCFfrtWyKjWbRoaRSjSoAAaIgz+FDlCQIkRQEA+HMsAMhA0BRGEwRJzKcAKi8REBgI8PIgkA2cf/vnb/w3tknLHA==

Similar unanswered question

TL;DR

How to decompress/decode string.txt?

ibitebyt3s
  • 2,992
  • 2
  • 15
  • 25
  • 1
    Here's a script that will reverse it: https://pastebin.com/LmSyizQz | It's mostly nested [Python code objects](https://late.am/post/2012/03/26/exploring-python-code-objects), so generally looked at its `co_names` and `co_consts` members, and then disassebled its `co_code` (using `dis.dis`). That showed quite clearly the steps done, and allowed me to write a little more of the script to skip the exec. Then rinse and repeat. Shouldn't be too hard to automate it. – Dan Mašek May 16 '21 at 16:29
  • Thanks for your reply with sources, it really helped! But the pastebin seems to be private because I'm getting the following when opening it "Error, this is a private paste or is pending moderation. If this paste belongs to you, please login to Pastebin to view it." – ibitebyt3s May 16 '21 at 21:07
  • 1
    Yeah. It's set to public, but there's some sort of moderation going on, maybe because it has that big obfuscated string. Did you login and manage to access it, or should I try to make another version without the payload? – Dan Mašek May 16 '21 at 21:26
  • I did and it didn't work. I will be very thankful if you could make the other version without the payload. – ibitebyt3s May 16 '21 at 22:03
  • 1
    How about this: https://pastebin.com/FAkPVEUB | I can load it in a browser where I'm not logged in, unlike the previous one. | BTW, in hindsight, it would be easier to use `dis.disco` on the code object itself instead of what I did. It shows you the values of the names/consts which saves some manual cross referencing. – Dan Mašek May 16 '21 at 22:15

0 Answers0