Trying to run the newly obfuscated python script/file gave me the following error.

Traceback (most recent call last):
  File "/home/ori/Desktop/Dropper/obf_uwu.py", line 21, in <module>
    (lambda _0xc7b4:(
  File "/home/ori/Desktop/Dropper/obf_uwu.py", line 22, in <lambda>
    _0x9828[0x12^0x12](_0x9828[0xd^0xd](_0x9828[0x3d^0x3c])(
RecursionError: maximum recursion depth exceeded during compilation

Everything seems to be obfuscated just fine, but trying to execute/run the file didn't work.

Mar 17 '22 16:03 therealOri

Could you try now?

Mar 17 '22 16:03 Traumatism

Could you try now?

Traceback (most recent call last):
  File "/home/ori/Desktop/Dropper/obf_uwu.py", line 31, in <module>
    (lambda _0x71c3:(
  File "/home/ori/Desktop/Dropper/obf_uwu.py", line 32, in <lambda>
    _0x873c[0x32^0x32](_0x873c[0x39^0x39](_0x873c[0x60^0x61])(
  File "<string>", line 18, in <module>
TypeError: write() argument must be str, not bytes

Command ran to obfuscate: python -m dropper <file>.py

Mar 17 '22 17:03 therealOri

Could you send the 18th line of uwu.py?

Thank's.

Mar 17 '22 17:03 Traumatism

Could you send the 18th line of uwu.py?

Thank's.

uwu.py code:

Basic Rundown:

This code opens kcalc(a calculator) on my linux laptop and is me messing around with base64 encoding random variables. (Won't work on mac or windows)

Defines some variables that are base64 encoded.
Decodes those variables.
Uses them to make, open file with "wb", and write bytes (bytes being written are below) into a file, runs said file, then remove the file.

It is using your old dropper obfuscation method.

The data here is assigned to the variable dsgfhgkjlighojh and is being base64 decoded. And is what is being written in the write() function. It is writing the following to a file. (decoded base64 data) but in bytes b' '

b'import sys\nsys.setrecursionlimit(999999999)\nexec(__import__(\'\\x7a\\x6c\\x69\\x62\').decompress(b\'x\\x9c\\xadYK\\x8f\\xdb6\\x10\\xbe\\xe7W\\x18\\xe9amx\\x0f\\xe2C\\x96\\xd4$\\x06z(\\x02\\xe4\\x16\\x18A.{Y[2Pt\\x91\\x16\\xdd\\xa2\\xe0\\xcf\\xef\\xf0Mj\\xa5\\x19\\xd2\\x8e\\x01\\xc7\\x1b\\x9b3\\xfc\\xf8\\xcd\\x9b:}W\\xaf\\xa7o/_N\\xf0y\\xfe\\xed\\xd3\\xf4\\xdf\\xf3\\xcb\\xd6\\xfc\\xf3\\xf0\\xa4\\x0e\\x02\\xde\\xfd\\x93\\xea\\xf8\\xc3n\\xbbm\\x94\\xe0}\\xe3_\\xc7\\xa3\\x18v{\\xf8\\xb2\\xf9\\xf8Q\\xf2\\xddn\\xbf"t\\x86\\xdfygVN\\x17/\\xca[D\\x801\\xbd\\x885\\xe4\\x0b H\\x0f\\xa1m\\x08\\x08\\x06\\xac\\xd6\\xcd0\\xcd\\x16\\xda\\xee\\xc3\\xf9\\xf7\\x17\\xc3\\xca\\xf9\\xb3a\\xe5\\x94\\x91d\\xf9y\\x9f\\xee\\xf3\\xde\\xf0\\x03\\xfb8D\\x81)P\\xd8yd\\x0b\\x12lzs\\x1a\\x8dV\\xb2u\\x19\\xfd\\xbb\\x10f\\x97C\\x9bc\\x97="f\\xce\\x8d\\x1d\\x1e\\xa0\\x1e<\\x9d\\x00\\x05Xx\\xb7\\xf9e\\xf3\\xe3\\xaf\\x7f7\\xcf\\x9b\\xd7?\\xff\\x18\\xc7\\xe9\\x9f\\xcd\\xaf\\x7f\\xbf\\x03\\x1e4\\x17\\xaf\\x9a\\x9a\\xd3\\xd7G\\xc3\\x94\\xa5G\\xff\\xd7\\xb1d\\xdf\\xf0\\xebg\\xfb\\xa7^\\xf5\\x96G0\\x95\\x9c\\x00\\xe5\\x15\\xde\\xfa\\xb3}\\xd8=\\xbe]\\xd2^\\xed\\xdb,a\\xf0\\x1e\\xf5R\\xff\\xfd\\xa2\\x88>\\xb7^\\xda\\x19\\x0e\\x96\\x97\\x08\\xb71h\\xeb\\x1a\\xf8\\x1c\\xe0}\\xb1 \\x96\\x8e\\r\\\'\\xf8b\\x8e\\xbdx\\x12\\xc4V\\xd2z\\x04\\xbb\\\\RS#\\x96RS\\x9f\\x1a\\x05|\\xc1y\\x85\\xe0\\xb8WX\\x1f\\x87o2\\xf1\\x06\\xd9\\xc9*5\\xf0d\\x16W\\x03"\\xd4\\xf2d\\xa1\\x08\\x1e#\\xb4\\xc7\\xd0\\xcc\\xed?aQ\\xda\\x1bu#\\x9f\\x11\\x80\\x86\\xb6l\\x93\\xd0.H\\x1b\\x89f,o14Q$\\x14\\x04\\xfb\\xc8\\x0e\\x07*\\x0e\\x11(\\xa2\\x1cO\\x8f\\xd1f\\x16a\\xe1\\x81\\x01\\\'\\x82.\\xc9\\\\\\xc1\\xf9\\x00\\xc6\\x80\\xd1S\\xb6\\xef\\x1c\\x85\\xec<[\\x90l\\x08\\xf2\\x8b\\x0c\\xd0\\xb8p*\\xb4\\x81t\\xee>\\xcaL\\x81\\xc4\\xc14e<\\xa7\\x05\\t\\x03\\xa2\\xec\\xf1\\xf7\\xc5^\\xb6\\xc8#\\xeek\\xb5.\\x02\\xd8\\x89\\xa2\\x8c:\\xed\\x02\\xc2\\xa2\\xb8P\\x82\\xf5QF\\xb4AF\\x12\\xf5\\xbc\\xf7\\xb1\\xd4\\x14\\x06=h\\xc7\\x8cl{\\x88}\\xa1\\xef\\x11\\xc11\\xb3o\\x8d\\x8d\\xa9\\xacT\\x93\\xe1\\x8c6\\x11\\x02\\xae\\xbd?A\\x8b.\\xa1\\xbd\\xf6Exm\\xb1-\\xd30CmZ\\x99DBj\\xc2\\xb2\\x81\\xe2\\xb9\\x94\\x8cM[O\\xc5\\x0fv8\\xdf}\\x19MX3[\\xda\\x1e\\xa7\\xc5\\x99SY1v\\xc7\\x95\\x865\\x04\\xe0\\x99\\x88\\xd9\\x8c{\\xees1\\x8cck\\x83}\\xad\\xbf\\xa7\\x8d\\xcb\\n\\x18\\x11\\xb5\\xde\\x90x\\x8fGj\\xce\\xb0\\xb0U7+/XA\\xe7o\\x88\\xf1nP\\x15\\xb0K-\\x7f1m\\xc1S ]\\xa0=\\xa6\\xcf\\x91\\xf5\\xcc\\xa1\\x9ao\\xb2\\x85\\x8c\\xd5\\x82\\xea\\x8c\\xadU\\xe4\\\\\\x01\\xd2\\xe6Vg\\xee\\xac\\xe2QM\\xf7\\x10\\x8aC\\xb1\\x83\\x13C\\x83`a\\x1d\\x0f\\x89\\x0c\\x9b\\x18`"\\x99\\xc1\\xcf\\xa6?\\x14~c\\x87\\xdc!\\xdd\\x12\\x1fXYQ\\xeb\\xbb\\xc8j\\xa1GR\\xe3-5\\x8a\\xc7\\x16\\xf8\\xf2\\x9c\\xed\\x8f\\xcd\\xe2\\xd5\\xe5\\xbd\\xc9\\x1d\\x97\\xe3\\x13{\\xbdr\\xb7\\x83%Ee\\x8d\\xd4\\xcax:\\xf8\\x8cXU)\\x91\\xf10?j\\x13b\\x02\\x0b\\xb6\\x989\\xc7)\\x97o)\\x82\\x08\\xac\\xee\\xee\\xc9\\x8e\\xc7\\xeb\\xa8S\\x9b\\xbb\\xd4\\xe0c\\x88\\xb8T)\\xe2-K\\xb1\\x88C%\\xd1\\xc5f%\\x84H\\x9f\\x050\\x00\\x04\\x0f!\\x8e\\xf0\\xaa\\xec\\xa9\\x8d5\\x0e\\x81GB@\\x96\\x86\\xe1\\x1a6"\\x19\\xebE\\xb7%c\\xd4\\xee\\xe2\\x90K\\xc5\\xfb\\x8c\\xbb\\xee\\xd2r,\\x8eL\\xa2\\xbc*9\\x05\\t\\x1e\\xeeV\\xb1X\\x8bw\\xab\\x15\\x1dM:\\x07-\\x80xN\\xd6\\xf1\\xb4\\x8e\\xdc\\xd7\\x89\\xdc\\xd0q\\xf9<I\\xb1\\xa0\\xb2\\x06\\xb6\\xdc\\xf9\\x88\\x82*\\xc32\\x1e\\xd2\\xb5\\xc0B\\xb7\\xbd.Q\\x87\\xb6&\\xb6\\x1c\\xde\\xd8c`Xb\\xb7\\rXB-\\x10D[\\xe2r\\xe5\\x81%\\x1bb\\xceRu\\xe7\\xe6\\x07,E\\xd4\\x82h\\xce4)\\xe3E\\xc7\\x8d_Z\\x86_\\xf3\\xdbS<m\\xd6\\xd1\\x1f\\xb5\\xc6\\xfb&,\\xa0C2/\\xeeo\\xcdh[\\xd0I)1\\xa62X@_e\\xa6\\xdc[\\x00s\\xfdpW\\xa9f\\xa3\\t\\xd6N\\xf6\\xfdli\\x01C\\xf5\\x16\\xf0\\x9a\\xf3g>+\\xeel=\\xe2\\\\\\xdeQ@\\xdc\\xc8\\xe5\\xbd\\xb0F\\xcd]\\xf7\\xed\\x0b\\xebTzw\\x84?\\xde\\x19r1\\xf4\\xf1N\\x0c\\xdfY\\xec\\xe3A\\xe3\\xdd\\xb3\\xc4\\x0c\\xe6\\xae\\x1b\\xf7\\x1a\\x9b\\xb0g\\x99\\xb0\\xc8g\\xd2*\\x89\\x8f-c\\x86(\\x16J\\xaa\\xa3a\\xf3\\xb6\\xca\\xe6\\x94{\\xeaZ\\x92\\xabxSv\\xe6\\xdb.\\xce\\xb3\\x9c\\xc3\\xb1p\\xbfcF\\x0f;\\x11\\xd9\\xd9\\xd5\\xc3\\x1b\\xf5g\\x97(\\x8b\\x1d\\xd9,\\xe9\\x94M\\xb3\\xe1I[I\\x0cB\\x08R]\\xfd-\\xdd&\\xd57*\\xd1\\xe5R\\xd9\\xdd,\\x96$k\\xd8-\\x0c\\x896\\xf3\\xd88%Q\\x9dV\\x9b\\x87\\x91\\xcdfkA\\x94<D\\xdf\\xe6\\xcf\\x82\\xb7y\\x88="3\\x1es\\xfb\\x04\\x88\\x053\\xf3\\xf1\\x18\\xfb\\x7f\\xf4Q\\xab[\\xa8\\xf5\\x12\\x0f\\xdd\\xfd\\x15\\x86u\\r-\\xb7\\xaew\\xe4e\\x00\\xe2\\x00\\xe9\\xcew\\xc6q\\xd8\\xe3\\x9b\\xdeh\\xc2\\x11t\\x97\\xe4d\\x80\\xe0\\xf1\\xa7]\\xbb\\xe7]\\xed\\xd2#\\x9dK&\\x15\\xbd\\x1c\\xbb<Ul\\x90\\xf9n\\xf1\\x0e\\x83\\xba\\xd5M\\x1e\\x06\\xd5Me\\xf0Zr\\xdc\\xff\\x019\\rH\\x94\'))'

After changing the code to make sure that it is writing a string to the file instead of bytes, basically added .decode() to the b64 decode option without a .decode(). And to have it use "w" instead of "wb" in the with open() function. I tried it out again and it worked but now can't seem to find the newly created file from the with open() function. But the point is, that is isn't throwing that error anymore.

I believe the issue is that after using this new obfuscation method, it needs that to be a string and not bytes. I have also noted that it doesn't obfuscate float. Only int. If I were to set time.sleep(1) to time.sleep(1.5). It won't work.

TLDR;

Errors were caused by my code as write() was writing bytes and not strings. Which for some reason causes the obf_uwu.py file to not work. However the original uwu.py file WILL work if not obfuscated. So basically don't write bytes into files and don't use floats.

Mar 17 '22 18:03 therealOri

A fix for this I think, would be to add an option for bytes along side of strings and floats along side of ints.

Idk, I have no idea why the obfuscated uwu.py file has an issue with writing bytes into a file. But the non obfuscated uwu.py file doesn't.

Mar 17 '22 18:03 therealOri

I have school today.

I'm gonna look into it ASAP.

Thank you.

Mar 18 '22 05:03 Traumatism

floats are now fixed:

if _type == NUMBER: ...

changed to

if _type == NUMBER and string.isdigit(): ...

gonna make a function to obfuscate floats too soon.

Mar 18 '22 06:03 Traumatism

Hi,

Do you still have issues with bytes?

Mar 18 '22 11:03 Traumatism

Hi,

Do you still have issues with bytes?

Traceback (most recent call last):
  File "/home/ori/Desktop/Dropper/obf_uwu.py", line 34, in <module>
    (lambda _0xa937: (
  File "/home/ori/Desktop/Dropper/obf_uwu.py", line 35, in <lambda>
    _0xa937[0x4f^0x4f](_0x8e28[0x24^0x24](_0xa937[0x32^0x33])(
  File "<string>", line 18, in <module>
TypeError: write() argument must be str, not bytes

I still get this error. the following is my code in case you want to mess with it and test for yourself.

import base64
import os
import subprocess
import time

old_obf_code_b64 = 'aW1wb3J0IHN5cwpzeXMuc2V0cmVjdXJzaW9ubGltaXQoOTk5OTk5OTk5KQpleGVjKF9faW1wb3J0X18oJ1x4N2FceDZjXHg2OVx4NjInKS5kZWNvbXByZXNzKGIneFx4OWNceGFkWUtceDhmXHhkYjZceDEwXHhiZVx4ZTdXXHgxOFx4ZTlhbXhceDBmXHhlMkNceDk2XHhkNCRceDA2eihceDAyXHhlNFx4MTZceDE4QS57WVsyUHRceDkxXHgxNlx4ZGRceGEyXHhlMFx4Y2ZceGVmXHhmME1qXHhhNVx4MTlceGQyXHg4ZVx4MDFceGM3XHgxYlx4OWIzXHhmY1x4ZjhceGNkXHg5Yjp9V1x4YWZceGE3by9fTlx4ZjB5XHhmZVx4ZWRceGQzXHhmNFx4ZGZceGYzXHhjYlx4ZDZceGZjXHhmM1x4ZjBceGE0XHgwZVx4MDJceGRlXHhmZFx4OTNceGVhXHhmOFx4YzNuXHhiYm1ceDk0XHhlMH1ceGUzX1x4YzdceGEzXHgxOHZ7XHhmOFx4YjJceGY5XHhmOFFceGYyXHhkZG5ceGJmInRceDg2XHhkZnlnVk5ceDE3L1x4Y2FbRFx4ODAxXHhiZFx4ODg1XHhlNFx4MGIgSFx4MGZceGExbVx4MDhceDA4XHgwNlx4YWNceGQ2XHhjZDBceGNkXHgxNlx4ZGFceGVlXHhjM1x4ZjlceGY3XHgxN1x4YzNceGNhXHhmOVx4YjNhXHhlNVx4OTRceDkxZFx4Zjl5XHg5Zlx4ZWVceGYzXHhkZVx4ZjBceDAzXHhmYjhEXHg4MSlQXHhkOHlkXHgwYlx4MTJsenNceDFhXHg4ZFZceGIydVx4MTlceGZkXHhiYlx4MTBmXHg5N0NceDliY1x4OTc9ImZceGNlXHg4ZFx4MWRceDFlXHhhMFx4MWU8XHg5ZFx4MDBceDA1WHhceGI3XHhmOWVceGYzXHhlM1x4YWZceDdmN1x4Y2ZceDliXHhkNz9ceGZmXHgxOFx4YzdceGU5XHg5Zlx4Y2RceGFmXHg3Zlx4YmZceDAzXHgxZTRceDE3XHhhZlx4OWFceDlhXHhkM1x4ZDdHXHhjM1x4OTRceGE1R1x4ZmZceGQ3XHhiMWRceGRmXHhmMFx4ZWJnXHhmYlx4YTdeXHhmNVx4OTZHMFx4OTVceDljXHgwMFx4ZTVceDE1XHhkZVx4ZmFceGIzfVx4ZDg9XHhiZV1ceGQyXlx4ZWRceGRiLGFceGYwXHgxZVx4ZjVSXHhmZlx4ZmRceGEyXHg4OD5ceGI3Xlx4ZGFceDE5XHgwZVx4OTZceDk3XHgwOFx4YjcxaFx4ZWJceDFhXHhmOFx4MWNceGUwfVx4YjEgXHg5Nlx4OGVcclwnXHhmOGJceDhlXHhiZHhceDEyXHhjNFZceGQyelx4MDRceGJiXFxSUyNceDk2UlNceDlmXHgxYVx4MDV8XHhjMXlceDg1XHhlMFx4YjhXWFx4MWZceDg3bzJceGYxXHgwNlx4ZDlceGM5KjVceGYwZFx4MTZXXHgwMyJceGQ0XHhmMmRceGExXHgwOFx4MWUjXHhiNFx4YzdceGQwXHhjY1x4ZWQ/YVFceGRhXHgxYnUjXHg5Zlx4MTFceDgwXHg4Nlx4YjZsXHg5M1x4ZDAuSFx4MWJceDg5ZixvMTRRJFx4MTRceDA0XHhmYlx4YzhceDBlXHgwNypceDBlXHgxMShceGEyXHgxY09ceDhmXHhkMWZceDE2YVx4ZTFceDgxXHgwMVwnXHg4Mi5ceGM5XFxceGMxXHhmOVx4MDBceGM2XHg4MFx4ZDFTXHhiNlx4ZWZceDFjXHg4NVx4ZWM8W1x4OTBsXHgwOFx4ZjJceDhiXHgwY1x4ZDBceGI4cCpceGI0XHg4MXRceGVlPlx4Y2FMXHg4MVx4YzRceGMxNGU8XHhhN1x4MDVcdFx4MDNceGEyXHhlY1x4ZjFceGY3XHhjNV5ceGI2XHhjOCNceGVla1x4YjUuXHgwMlx4ZDhceDg5XHhhMlx4OGM6XHhlZFx4MDJceGMyXHhhMlx4YjhQXHg4Mlx4ZjVRRlx4YjRBRlx4MTJceGY1XHhiY1x4ZjdceGIxXHhkNFx4MTRceDA2PWhceGM3XHg4Y2x7XHg4OH1ceGExXHhlZlx4MTFceGMxMVx4YjNvXHg4ZFx4OGRceGE5XHhhY1RceDkzXHhlMVx4OGM2XHgxMVx4MDJceGFlXHhiZD9BXHg4Yi5ceGExXHhiZFx4ZjZFeG1ceGIxLVx4ZDMwQ21aXHg5OURCalx4YzJceGIyXHg4MVx4ZTJceGI5XHg5NFx4OGNNW09ceGM1XHgwZnY4XHhkZn1ceDE5TVgzW1x4ZGFceDFlXHhhN1x4YzVceDk5U1kxdlx4YzdceDk1XHg4NjVceDA0XHhlMFx4OTlceDg4XHhkOVx4OGN7XHhlZXMxXHg4Y2NrXHg4M31ceGFkXHhiZlx4YTdceDhkXHhjYlxuXHgxOFx4MTFceGI1XHhkZVx4OTB4XHg4ZkdqXHhjZVx4YjBceGIwVTcrL1hBXHhlN29ceDg4XHhmMW5QXHgxNVx4YjBLLVx4N2YxbVx4YzFTIF1ceGEwPVx4YTZceGNmXHg5MVx4ZjVceGNjXHhhMVx4OWFvXHhiMlx4ODVceDhjXHhkNVx4ODJceGVhXHg4Y1x4YWRVXHhlNFxcXHgwMVx4ZDJceGU2VmdceGVlXHhhY1x4ZTJRTVx4ZjdceDEwXHg4YUNceGIxXHg4M1x4MTNDXHg4M2BhXHgxZFx4MGZceDg5XHgwY1x4OWJceDE4YCJceDk5XHhjMVx4Y2ZceGE2P1x4MTR+Y1x4ODdceGRjIVx4ZGRceDEyXHgxZlhZUVx4ZWJceGJiXHhjOGpceGExR1JceGUzLTVceDhhXHhjN1x4MTZceGY4XHhmMlx4OWNceGVkXHg4Zlx4Y2RceGUyXHhkNVx4ZTVceGJkXHhjOVx4MWRceDk3XHhlM1x4MTN7XHhiZHJceGI3XHg4MyVFZVx4OGRceGQ0XHhjYXg6XHhmOFx4OGNYVSlceDkxXHhmMTA/alx4MTNiXHgwMlx4MGJceGI2XHg5ODlceGM3KVx4OTdvKVx4ODJceDA4XHhhY1x4ZWVceGVlXHhjOVx4OGVceGM3XHhlYlx4YThTXHg5Ylx4YmJceGQ0XHhlMGNceDg4XHhiOFQpXHhlMi1LXHhiMVx4ODhDJVx4ZDFceGM1ZiVceDg0SFx4OWZceDA1MFx4MDBceDA0XHgwZiFceDhlXHhmMFx4YWFceGVjXHhhOVx4OGQ1XHgwZVx4ODFHQkBceDk2XHg4Nlx4ZTFceDFhNiJceDE5XHhlYkVceGI3JWNceGQ0XHhlZVx4ZTJceDkwS1x4YzVceGZiXHg4Y1x4YmJceGVlXHhkMnIsXHg4ZUxceGEyXHhiYyo5XHgwNVx0XHgxZVx4ZWVWXHhiMVhceDhid1x4YWJceDE1XHgxZE06XHgwNy1ceDgweE5ceGQ2XHhmMVx4YjRceDhlXHhkY1x4ZDdceDg5XHhkY1x4ZDBxXHhmOTxJXHhiMVx4YTBceGIyXHgwNlx4YjZceGRjXHhmOVx4ODhceDgyKlx4YzMyXHgxZVx4ZDJceGI1XHhjMEJceGI3XHhiZC5RXHg4N1x4YjYmXHhiNlx4MWNceGRlXHhkOGNgWGJceGI3XHJYQi1ceDEwRFtceGUyclx4ZTVceDgxJVx4MWJiXHhjZVJ1XHhlN1x4ZTZceDA3LEVceGQ0XHg4MmhceGNlNClceGUzRVx4YzdceDhkX1pceDg2X1x4ZjNceGRiUzxtXHhkNlx4ZDFceDFmXHhiNVx4YzZceGZiJixceGEwQzIvXHhlZW9ceGNkaFtceGQwSSkxXHhhNjJYQF9lXHhhNlx4ZGNbXHgwMHNceGZkcFdceGE5Zlx4YTNcdFx4ZDZOXHhmNlx4ZmRsaVx4MDFDXHhmNVx4MTZceGYwXHg5YVx4ZjNnPitceGVlbD1ceGUyXFxceGRlUUBceGRjXHhjOFx4ZTVceGJkXHhiMEZceGNkXVx4ZjdceGVkXHgwYlx4ZWJUendceDg0P1x4ZGVceDE5cjFceGY0XHhmMU5ceDBjXHhkZllceGVjXHhlM0FceGUzXHhkZFx4YjNceGM0XHgwY1x4ZTZceGFlXHgxYlx4ZjdceDFhXHg5Ylx4YjBnXHg5OVx4YjBceGM4Z1x4ZDIqXHg4OVx4OGYtY1x4ODYoXHgxNkpceGFhXHhhM2FceGYzXHhiNlx4Y2FceGU2XHg5NHtceGVhWlx4OTJceGFieFN2XHhlNlx4ZGIuXHhjZVx4YjNceDljXHhjM1x4YjFwXHhiZmNGXHgwZjtceDExXHhkOVx4ZDlceGQ1XHhjM1x4MWJceGY1Z1x4OTcoXHg4Ylx4MWRceGQ5LFx4ZTlceDk0TVx4YjNceGUxSVtJXHgwY0JceDA4Ul1ceGZkLVx4ZGQmXHhkNTcqXHhkMVx4ZTVSXHhkOVx4ZGQsXHg5NiRrXHhkOC1ceDBjXHg4OTZceGYzXHhkODglUVx4OWRWXHg5Ylx4ODdceDkxXHhjZGZrQVx4OTQ8RFx4ZGZceGU2XHhjZlx4ODJceGI3eVx4ODg9IjNceDFlc1x4ZmJceDA0XHg4OFx4MDUzXHhmM1x4ZjFceDE4XHhmYlx4N2ZceGY0UVx4YWJbXHhhOFx4ZjVceDEyXHgwZlx4ZGRceGZkXHgxNVx4ODZ1XHItXHhiN1x4YWV3XHhlNGVceDAwXHhlMlx4MDBceGU5XHhjZXdceGM2cVx4ZDhceGUzXHg5Ylx4ZGVoXHhjMlx4MTF0XHg5N1x4ZTRkXHg4MFx4ZTBceGYxXHhhN11ceGJiXHhlN11ceGVkXHhkMiNceDlkSyZceDE1XHhiZFx4MWNceGJiPFVsXHg5MFx4ZjluXHhmMVx4MGVceDgzXHhiYVx4ZDVNXHgxZVx4MDZceGQ1TWVceGYwWnJceGRjXHhmZlx4MDE5XHJIXHg5NCcpKQ=='
file_name = 'LmZzZGhnZmp5dXJ0ZGZnai5weQ=='
wb = 'Ync='
python = 'cHl0aG9u'

decoded_old_obf_code_b64 = base64.b64decode(old_obf_code_b64) #old obf code
decoded_file_name = base64.b64decode(file_name).decode() # file name
decoded_wb = base64.b64decode(wb).decode() # wb
decoded_python = base64.b64decode(python).decode() # the word python


with open(decoded_file_name, str(decoded_wb[::-1])) as f:
    f.write(decoded_old_obf_code_b64)
    f.close()



# This runs the command to execute the newly made file  |  decoded_file_name. It is optional and can be commented out.
# The issue is with writing to said file in the with open function.
subprocess.call(f'{decoded_python} {decoded_file_name}', shell=True)
time.sleep(1)
os.remove(decoded_file_name)

I have also noticed that when using a path to the file you want to obfuscate, I get this error:

  File "/usr/lib/python3.10/runpy.py", line 196, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/usr/lib/python3.10/runpy.py", line 86, in _run_code
    exec(code, run_globals)
  File "/home/ori/Desktop/Dropper/dropper/__main__.py", line 70, in <module>
    typer.run(main)
  File "/home/ori/Desktop/Dropper/drpENV/lib/python3.10/site-packages/typer/main.py", line 864, in run
    app()
  File "/home/ori/Desktop/Dropper/drpENV/lib/python3.10/site-packages/typer/main.py", line 214, in __call__
    return get_command(self)(*args, **kwargs)
  File "/home/ori/Desktop/Dropper/drpENV/lib/python3.10/site-packages/click/core.py", line 1128, in __call__
    return self.main(*args, **kwargs)
  File "/home/ori/Desktop/Dropper/drpENV/lib/python3.10/site-packages/click/core.py", line 1053, in main
    rv = self.invoke(ctx)
  File "/home/ori/Desktop/Dropper/drpENV/lib/python3.10/site-packages/click/core.py", line 1395, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/ori/Desktop/Dropper/drpENV/lib/python3.10/site-packages/click/core.py", line 754, in invoke
    return __callback(*args, **kwargs)
  File "/home/ori/Desktop/Dropper/drpENV/lib/python3.10/site-packages/typer/main.py", line 500, in wrapper
    return callback(**use_params)  # type: ignore
  File "/home/ori/Desktop/Dropper/dropper/__main__.py", line 65, in main
    with open(f"obf_{file_path}", "w") as f:
FileNotFoundError: [Errno 2] No such file or directory: 'obf_/home/ori/Desktop/Dropper/uwu.py'

despite the file actually existing where it is specified. And the issue is it is appending obf_ to the beginning of the path.

Mar 18 '22 16:03 therealOri

Perhaps it is just something wrong with my code all together that I don't understand. I try to do the same thing with writing bytes to a file in sample.py but that works just fine. man, I really don't have a clue anymore xD

Mar 18 '22 17:03 therealOri

Ahahah wtf

I'll fix the path thing soon.

Mar 18 '22 17:03 Traumatism

Ahahah wtf

I'll fix the path thing soon.

I think the issue is the way wb is being passed to with open(). If I replicate that in sample.py it throws that same error.

This will throw an error when obfuscated: (reversing the string). It somehow thinks it's bytes instead of a string? even though it will work just fine when not obfuscated.

wb = 'Ync='  #decoded this says "bw"
wb_d = base64.b64decode(wb).decode()

with open(".testing.py", str(wb_d[::-1])) as f:
    f.write(val)
    f.close()

This will not throw an error when obfuscated:

wb = 'Ync='  #decoded this says "bw"
wb_d = base64.b64decode(wb).decode()

with open(".testing.py", wb_d) as f:
    f.write(val)
    f.close()

Mar 18 '22 17:03 therealOri

hm

Mar 19 '22 10:03 cipherwithadot

hm

what?

Apr 08 '22 13:04 ghost

no response

Dec 15 '22 03:12 ImInTheICU

ez deobfuscation

Dec 15 '22 03:12 ImInTheICU

ez deobfuscation

I already answered you in #7. You should train your memory more than your deobfuscation skills.

Dec 15 '22 04:12 Traumatism

dropper
dropper copied to clipboard

Max Recursion

TLDR;

dropper dropper copied to clipboard

Max Recursion

TLDR;

dropper
dropper copied to clipboard