├── README.md ├── deobfuscator.py └── deobfuscatorv2.py /README.md: -------------------------------------------------------------------------------- 1 | ### Pyobfuscate.com deobfuscator 2 | - the first open source pyobfuscate.com deobfuscator 3 | 4 | ### ❓ You have got an error? 5 | - if you encountered an error please try both v1 and v2 versions of the deobfuscator and if in the end you still have an error please open an issues or contact me on discord 6 | 7 | ### ❗ Why I released this code? 8 | - pyobfuscate.com is a skidded obfuscator, the staff of the website has always used algorithms and codes of other people without ever giving credits to them 9 | - when they first released the site they were using [Berserker](https://github.com/billythegoat356/Berserker/) 10 | - later they started using [pycloak](https://github.com/addi00000/pycloak) 11 | - now they are using [razvan obfuscator](https://github.com/im-razvan/Python-Obfuscator) 12 | 13 | ### ⚙️ Instruction 14 | 15 | -1: install python 16 | 17 | -2: download the deobfuscator 18 | 19 | -3: in the same folder put the obfuscated script 20 | 21 | -4: open cmd and write python deobfuscator.py 22 | 23 | -5: put the name of your obfuscated file 24 | 25 | ### 📜 ChangeLog 26 | 27 | ```diff 28 | v2.0.2 ⋮ 28/07/2024 29 | + Updated to latest version of pyobfuscate.com 30 | 31 | v2.0.1 ⋮ 26/07/2024 32 | + Updated to latest version of pyobfuscate.com 33 | 34 | v2.0.0 ⋮ 17/07/2024 35 | + Updated to latest version of pyobfuscate.com 36 | ! from now all updated version will be put in deobfuscatorv2.py 37 | 38 | v1.0.2 ⋮ 27/06/2024 39 | + Updated to latest version of pyobfuscate.com 40 | + Added support for old version of pyobfuscate.com 41 | 42 | v1.0.1 ⋮ 08/01/2024 43 | + Updated to latest version of pyobfuscate.com 44 | 45 | v1.0.0 ⋮ 01/11/2023 46 | ! Initial release 47 | ``` 48 | 49 | ### 📫 Contact 50 | 51 | - If you need help contact me on discord: **over_on_top** 52 | 53 | ### ❤️ Note 54 | - ❤️ this code is made with love 55 | -------------------------------------------------------------------------------- /deobfuscator.py: -------------------------------------------------------------------------------- 1 | import re 2 | import hashlib 3 | 4 | from base64 import b85decode as b85 5 | from pystyle import Center, Colors, Colorate, System, Write 6 | from Crypto.Cipher import AES 7 | from Crypto.Util.Padding import unpad 8 | 9 | System.Clear() 10 | System.Title("pyobfuscate.com deobfuscator by over_on_top") 11 | System.Size(130, 30) 12 | 13 | text = ''' 14 | ______ _ __ _ 15 | | ___ \ | | / _| | | 16 | | |_/ / _ ___ | |__ | |_ _ _ ___ ___ __ _| |_ ___ ___ ___ _ __ ___ 17 | | __/ | | |/ _ \| '_ \| _| | | / __|/ __/ _` | __/ _ \ / __/ _ \| '_ ` _ \ 18 | | | | |_| | (_) | |_) | | | |_| \__ \ (_| (_| | || __/| (_| (_) | | | | | | 19 | \_| \__, |\___/|_.__/|_| \__,_|___/\___\__,_|\__\___(_)___\___/|_| |_| |_| 20 | __/ | 21 | |___/ 22 | ''' 23 | 24 | print(Colorate.Diagonal(Colors.red_to_yellow, Center.XCenter(text))) 25 | 26 | file = Write.Input("insert the name of the file -> ", Colors.red_to_yellow, interval=0.005) 27 | 28 | def decrypt_string(value): 29 | try: 30 | try: 31 | def IIlIIIIIllIlllIIII(IIllIlllIllIllIIlI): 32 | return unpad(AES.new(hashlib.sha256(str(list(value)[0][0] + list(value)[1][0]).encode()).digest()[:24], AES.MODE_CBC, IIllIlllIllIllIIlI[:AES.block_size]).decrypt(IIllIlllIllIllIIlI[AES.block_size:]), AES.block_size).decode() 33 | return (IIlIIIIIllIlllIIII(value[1][2])) 34 | except: 35 | def IIlIIIIIllIlllIIII(IIllIlllIllIllIIlI): 36 | return unpad(AES.new(hashlib.sha256(str(list(value)[0][0] + list(value)[1][0][:-1]).encode()).digest()[:24], AES.MODE_CBC, IIllIlllIllIllIIlI[:AES.block_size]).decrypt(IIllIlllIllIllIIlI[AES.block_size:]), AES.block_size).decode() 37 | return (IIlIIIIIllIlllIIII(value[1][2])) 38 | except: 39 | def lIIIIIIllIlIIlIlIl(IIllIlllIllIllIIlI, IlllIlllIIIIlIIIll): 40 | IIllIlllIllIllIIlI = b85(IIllIlllIllIllIIlI) 41 | (IlllIlllIIIIlIIIll, IlIlllllllIIlIIlII) = llIIIIllIIIllIllIl(IlllIlllIIIIlIIIll, IIllIlllIllIllIIlI[:8]) 42 | return AES.new(IlllIlllIIIIlIIIll, AES.MODE_CFB, IlIlllllllIIlIIlII).decrypt(IIllIlllIllIllIIlI[8:]).decode() 43 | 44 | def llIIIIllIIIllIllIl(lIllIIlIlIlIlIlIll, IlIIlIIIIIIIlIIllI): 45 | IllIllIllIIllllllI = hashlib.pbkdf2_hmac('sha256', lIllIIlIlIlIlIlIll.encode(), IlIIlIIIIIIIlIIllI, 100000) 46 | return (IllIllIllIIllllllI[:16], IllIllIllIIllllllI[16:]) 47 | return (lIIIIIIllIlIIlIlIl(list(value.values())[0], list(value.keys())[0][1:-1])) 48 | 49 | def find_multiline_value(lines, key): 50 | value_lines = [] 51 | value_found = False 52 | 53 | for line in lines: 54 | if value_found: 55 | if line.strip() == '' or re.match(r'\w+\s*=', line): 56 | break 57 | value_lines.append(line.strip()) 58 | else: 59 | match = re.search(rf'{key}\s*=\s*(.*)', line) 60 | if match: 61 | value_lines.append(match.group(1).strip()) 62 | value_found = True 63 | 64 | if value_lines: 65 | return ' '.join(value_lines) 66 | return None 67 | 68 | with open(file, "r", encoding="utf-8") as f: 69 | lines = f.readlines() 70 | 71 | value_str = find_multiline_value(lines, 'pyobfuscate') 72 | if not value_str: 73 | value_str = find_multiline_value(lines, 'obfuscate') 74 | 75 | content_deobfuscated = decrypt_string(eval(value_str)) 76 | 77 | with open("output.py", "w", encoding="utf-8") as f: 78 | f.write(content_deobfuscated) 79 | 80 | Write.Print("your file has been deobfuscated successfully and now the src code is in output.py! \n", Colors.red_to_yellow, interval=0.005) 81 | -------------------------------------------------------------------------------- /deobfuscatorv2.py: -------------------------------------------------------------------------------- 1 | import re 2 | import ast 3 | import sys 4 | import zlib 5 | 6 | from base64 import b85decode 7 | from pystyle import Center, Colors, Colorate, System, Write 8 | from Crypto.Cipher import AES 9 | from Crypto.Protocol.KDF import PBKDF2 10 | 11 | System.Clear() 12 | System.Title("pyobfuscate.com deobfuscator v2 by over_on_top") 13 | System.Size(130, 30) 14 | 15 | def deobfuscate(pyc, pye, httpspyobfuscatecom): 16 | def d(b, p): 17 | c = b85decode(b.encode('utf-8')) 18 | r = AES.new(PBKDF2(p, c[:16], dkLen=32, count=1000000), AES.MODE_GCM, nonce=c[16:32]) 19 | return r.decrypt_and_verify(c[48:], c[32:48]).decode('utf-8') 20 | return(d(pyc + pye, httpspyobfuscatecom.replace('"', ''))) 21 | 22 | text = ''' 23 | _ __ _ 24 | _ __ _ _ ___ | |__ / _|_ _ ___ ___ __ _| |_ ___ ___ ___ _ __ ___ 25 | | '_ \| | | |/ _ \| '_ \| |_| | | / __|/ __/ _` | __/ _ \ / __/ _ \| '_ ` _ \ 26 | | |_) | |_| | (_) | |_) | _| |_| \__ \ (_| (_| | || __/| (_| (_) | | | | | | 27 | | .__/ \__, |\___/|_.__/|_| \__,_|___/\___\__,_|\__\___(_)___\___/|_| |_| |_| 28 | |_| |___/ ____ 29 | __ _|___ \ 30 | \ \ / / __) | 31 | \ V / / __/ 32 | \_/ |_____| 33 | ''' 34 | 35 | print(Colorate.Diagonal(Colors.red_to_yellow, Center.XCenter(text))) 36 | 37 | file = Write.Input("insert the name of the file -> ", Colors.red_to_yellow, interval=0.005) 38 | 39 | with open(file, "r", encoding="utf-8") as f: 40 | content_file = f.read() 41 | f.seek(0) 42 | lines = f.readlines() 43 | 44 | if "pyobfuscate(" in content_file: 45 | for i, line in enumerate(lines): 46 | if line.strip().startswith("pyobfuscate("): 47 | pyobfuscate_value = lines[i] 48 | 49 | pyc_value = re.search(r"'pyc'\s*:\s*\"\"\"(.*?)\"\"\"", pyobfuscate_value, re.DOTALL).group(1) 50 | pye_value = re.search(r"'pye'\s*:\s*\"\"\"(.*?)\"\"\"", pyobfuscate_value, re.DOTALL).group(1) 51 | httpspyobfuscatecom = re.search(r"['\"]([lI]+)['\"]", pyobfuscate_value, re.DOTALL).group(0) 52 | content = deobfuscate(pyc_value, pye_value, httpspyobfuscatecom) 53 | break 54 | else: 55 | hex_string = re.findall(r"fromhex\('([0-9a-fA-F]+)'(?!\))", content_file)[0] 56 | layer_2 = zlib.decompress(bytes.fromhex(hex_string)).decode() 57 | 58 | obfuscated_code = ";".join(value for value in layer_2.split(";")[:-1]) 59 | 60 | sys.setrecursionlimit(100000000) 61 | 62 | variable_code = re.findall(r'(\w+)\s*=\s*None', obfuscated_code)[0] 63 | 64 | exec(obfuscated_code) 65 | 66 | base85_code = ast.unparse(eval(variable_code)) 67 | 68 | base85_string = re.findall(r"\.b85decode\('([^']+)'\.encode\(\)\)", base85_code)[0] 69 | 70 | content = b85decode(base85_string.encode()).decode() 71 | 72 | with open("out.py", "w") as f: 73 | f.write(content) 74 | 75 | Write.Print("your file has been deobfuscated successfully and now the src code is in out.py! \n", Colors.red_to_yellow, interval=0.005) 76 | --------------------------------------------------------------------------------