import bz2
import os
import quopri
import random
import base64
import random
import platform
import traceback
import itertools
import re
import autopep8
def try_deobfuscate(code, techniques):
for technique in techniques:
try:
code = technique(code)
except Exception as e:
return None
return code
def deobfuscate(obfuscated_code):
obfuscated_code = remove_dbgprot(obfuscated_code)
obfuscated_code = unify_deobfuscate(obfuscated_code)
techniques = [rev_deobfuscate, quoted_decode, comppy_deobfuscate, b64unpack]
for layer_count in range(1, 50):
technique_orders = list(itertools.product(techniques, repeat=layer_count))
for order in technique_orders:
deobfuscated_code = try_deobfuscate(obfuscated_code, order)
if deobfuscated_code is not None:
return deobfuscated_code
raise Exception("Deobfuscation failed for all technique orders.")
def remove_dbgprot(code):
if code.startswith("exec(\"\"\""):
code = code.split("exec(\"\"\"\n", 1)[1]
code = code.rsplit("\"\"\"", 1)[0]
return code
def unify_deobfuscate(code):
for quote_type in ['"""', "'''"]:
if code.startswith(f"exec({quote_type}"):
code = code[len(f"exec({quote_type}"):]
code = code[:-len(quote_type)]
code = code.replace('\\n', '\n').replace('\\t', '\t')
break
return code
def rev_deobfuscate(input_str):
if input_str.startswith("data=r"):
input_str = input_str.split("\n", 1)[1]
input_str = input_str[:-1]
revedcode = input_str[::-1]
return revedcode
else:
raise Exception("Not a valid reverse obfuscation")
def comppy_deobfuscate(code):
if code.startswith("import bz2"):
decompresser_start = code.index("exec(bz2.decompress(") + len("exec(bz2.decompress(")
decompresser_end = code.index("))", decompresser_start)
compressed = eval(code[decompresser_start:decompresser_end])
decompressed = bz2.decompress(compressed).decode('utf-8')
return decompressed
else:
raise Exception("Not a valid comppy obfuscation")
def quoted_decode(code):
if code.startswith("import quopri"):
encoded_start = code.index("exec(quopri.decodestring(") + len("exec(quopri.decodestring(")
encoded_end = code.index(").decode('utf-8'))", encoded_start)
encoded = eval(code[encoded_start:encoded_end])
decoded = quopri.decodestring(encoded).decode('ascii')
return decoded
else:
raise Exception("Not a valid quoted obfuscation")
def b64unpack(code):
encoded_start = code.find("decoded = '")
if encoded_start != -1:
encoded_start += len("decoded = '")
encoded_end = code.index("'", encoded_start)
encoded = code[encoded_start:encoded_end]
n = 0
while "decoded = base64.b64decode(decoded.encode()).decode()" in code:
n += 1
code = code.replace("decoded = base64.b64decode(decoded.encode()).decode()", "", 1)
decoded = encoded
for i in range(n):
decoded = base64.b64decode(decoded.encode()).decode()
return decoded
else:
raise Exception("Not a valid b64unpack obfuscation")
def fix_formatting(code):
formatted_code = autopep8.fix_code(code, options={'aggressive': 2})
return formatted_code
def main():
file_path = "" # Change this to your obfuscated Python file path
with open(file_path, "r") as f:
obfuscated_code = f.read()
formatted_code = fix_formatting(obfuscated_code)
try:
deobfuscated_code = deobfuscate(formatted_code)
except Exception as e:
print("Deobfuscation failed. Showing the original code:")
print(formatted_code)
else:
print("Deobfuscated code:")
print(deobfuscated_code)
if __name__ == "__main__":
main()
