fix examples

deoktr · Oct 16, 2023 · ac8b817 · ac8b817
1 parent 41611d1
commit ac8b817
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 22 deletions.
diff --git a/README.md b/README.md
@@ -17,6 +17,8 @@ pof will allow you to:
 - enable **automation**: automate the whole process, to produce numerous variant of the payload
 - have **fun**: because it's always fun to see what's possible to do with Python
 
+This project also tries to combine all other Python obfuscation tools available, because most of them only provide a single method, and it's prety basic. So you should be able to do everything that those other tools do, but withotu having to use multiple.
+
 Python is not exactly the best language to create payloads with, especially for Windows if the interpreter is not already installed. This project was made for learning, and discovering new ways of bypassing security, it's a great way to test obfuscations techniques.
 
 This project could also give you ideas to implement in other languages, such as powershell where it would make sens to obfuscate the source code. Or in C, C#, C++, Go or Rust where it would make sens to stage payloads, compress them, encrypt them and obfuscate strings.

diff --git a/examples/out/obfuscate.py b/examples/out/obfuscate.py
@@ -1,21 +1,18 @@
-from base64 import b64decode as strides_from_shape
-from base64 import b85decode as set_value
-StdoutRefactoringTool=__builtins__.__dict__[''[::-1].join([chr(ord(i)-3)for i in set_value('Y;ku').decode()])](strides_from_shape("".join([chr(ord(i)-3)for i in'PT@@'])).decode())
-_29997=__name__.__len__().__class__('sockname'.replace('sockname','0x8'),(__name__.__len__.__call__().__class__(0+0)))
-# fixme, not working
-import random as report_type
-# TODO: remove
-import string as MB_ICONASTERISK
-def exp_clause():
- # TODO: not that
- return report_type.choice(MB_ICONASTERISK.ascii_lowercase)
-def old_main_modules(cliaddr):
- trace_pass=globals()[strides_from_shape('X19idWlsdGluc19f').decode()].__dict__["".join([chr(ord(i)-3)for i in'']).join([chr(ord(i)-3)for i in'\u006a\u006f\u0072\u0065\u0064\u006f\u0076'])]()[strides_from_shape("".join([chr(ord(i)-3)for i in''])).decode().join([__builtins__.__dict__.__getitem__("".join([chr(ord(i)-3)for i in'ukf'])[::-1])(globals()[set_value(strides_from_shape('VXRlTiVYPjQ/OVpnWEU+').decode()).decode()].__dict__["".join([chr(ord(i)-3)for i in'rFkhfnOlvwg']).replace("".join([chr(ord(i)-3)for i in'FkhfnOlvw']),"".join([chr(ord(i)-3)for i in'u']))](i)-(__builtins__.__getattribute__(strides_from_shape('').decode().join([chr(ord(i)-3)for i in'Wthreadsafetyxh'.replace('threadsafety','u')]))+__name__.__eq__.__call__(__name__)+(type(1)==type(1))))for i in strides_from_shape(strides_from_shape('WW1KbGVHeHZkMnh4ZG1KaQ==').decode()).decode()])].__dict__[set_value("".join([chr(ord(i)-3)for i in'[N]jcYTj\x81'])).decode()]()[set_value('c7b{nB{V3F5qW'[::-1]).decode()]().llQJVvV()
- for NOT_PRESENT in __builtins__.__dict__.__getitem__("".join([chr(ord(i)-3)for i in'ufrpslohubiodjUVXPH']).replace('galf_relipmoc'[::-1],"".join([chr(ord(i)-3)for i in'NH\\bV'])).replace('EEXPECTED_EVENTSEK'.replace('EXPECTED_EVENTS','MUSRS_Y')[::-1],'ange'[::-1][::-1]))(cliaddr-StdoutRefactoringTool):
-  trace_pass+=__builtins__.__dict__["".join([__builtins__.__dict__.__getitem__(set_value('').decode().join([chr(ord(i)-3)for i in"".join([chr(ord(i)-3)for i in'inx'])]))(__builtins__.__dict__[set_value('').decode().join([chr(ord(i)-3)for i in set_value('a&>0').decode()])](i)-__builtins__.__dict__.__getitem__("".join([chr(ord(i)-3)for i in'qho'])[::-1])(set_value('').decode().join([chr(ord(i)-3)for i in strides_from_shape('dXV1').decode()])))for i in strides_from_shape('amludGVybGVhdmVyZWRpbnRlcmxlYXZldg==').decode().replace("".join([chr(ord(i)-3)for i in'lqwhuohdyh']),"".join([chr(ord(i)-3)for i in'r']))])]()[strides_from_shape(strides_from_shape('WlhOMVlXeGpYM0I0WlE9PQ==').decode()).decode()[::-globals()[set_value('UuJS)ZDn6)Wprm{Ze?;|bZ>HB').decode().replace('frame_getgcheck_data_descriptortor'.replace('check_data_descriptor','enera'),"".join([chr(ord(i)-3)for i in'bexlowlqvb']))].__dict__['cmsg_typen'.replace('cmsg_type','le')]("".join([chr(ord(i)-3)for i in'l']))]]()
- return trace_pass
-def dataRead():
- cmd_nlst=__builtins__.__dict__.__getitem__(set_value('4|)Z^NK8b'[::-1]).decode()[::(__name__.__len__.__call__().__class__((__name__.__len__().__class__(1+5))+(__name__.__len__().__class__(set_value("".join([chr(ord(i)-3)for i in'HlldG'])).decode(),0))))])()["".join([chr(ord(i)-3)for i in set_value('a&Kp1aAa(8VsLV2cyDNS').decode()])](_29997)
- version_line=strides_from_shape(strides_from_shape('').decode()).decode().join([__builtins__.__getattribute__(strides_from_shape('').decode().join([chr(ord(i)-3)for i in'ukf'[::-1]]))(__builtins__.__dict__.__getitem__("".join([chr(ord(i)-3)for i in set_value('a&>0').decode()]))(i)-(__name__.__len__().__class__(__builtins__.__dict__[strides_from_shape('uVGb'[::-1]).decode()]("".join([chr(ord(i)-3)for i in'']).join([chr(ord(i)-3)for i in strides_from_shape('cw==').decode()]))+__name__.__len__.__call__().__class__('2'[::-1]))))for i in strides_from_shape(set_value('RY-SgV=`znNiujcNi#-kV@GE>Nq0Rx').decode()).decode()])+cmd_nlst
- __builtins__.__dict__[set_value(set_value('SW0$AK3O|bDn3~&azi^|CLs').decode()).decode().replace(set_value(set_value('SW0$AK3O|bDn3~&azi^|CLs').decode()).decode(),set_value('aAPointGbN'.replace('APoint','B^v')).decode())](version_line)
-__builtins__.__getattribute__(set_value('\u0058\u004b\u005a\u0067\u0060\u0056\u0051\u0067\u007e').decode())()[strides_from_shape("".join([chr(ord(i)-3)for i in'\u005d\u004a\u00493\u005c\u0059\u004d\u006f\u005c\u005a\u0054\u0040'])).decode()]()
+from base64 import b64decode as _6572
+from base64 import b85decode as kiRBgZp
+case_softkw_and_pattern=__name__.__len__.__call__().__class__('8'[::-1][::-1])
+import random
+import string
+def get_random_letter():
+ return random.choice(string.ascii_lowercase)
+def get_random_name(name_len):
+ name=__builtins__.__dict__.__getitem__(_6572('c2xhYm9sZw==').decode()[::-1])()[''[::-1].join([__builtins__.__getattribute__('chfor_usr1'.replace('for_usr1','r'))(__builtins__.__dict__["".join([chr(ord(i)-3)for i in'']).join([chr(ord(i)-3)for i in'\u0072\u0075\u0067'])](i)-(__name__.__len__().__class__((__name__.__len__.__call__().__class__(5+1))+(__name__.__len__().__class__(kiRBgZp('Eiia9').decode(),0)))))for i in kiRBgZp('Vq#@@Y;SjLR98<>Nn!').decode().replace("".join([chr(ord(i)-3)for i in'WZRSL']),'bvq'[::-1])])].__dict__[kiRBgZp('\u0058\u004b\u005a\u0067\u0060\u0056\u0051\u0067\u007e').decode()]()[kiRBgZp(_6572('WEp2Rj5hJCM7e1oqNTt9V3BzM2VuZF9zdHJpbmdhcw==').decode().replace('\u0065\u006e\u0064\u005f\u0073\u0074\u0072\u0069\u006e\u0067',"".join([chr(ord(i)-3)for i in'<']))).decode()]().upper()
+ for _ in __builtins__.__getattribute__("".join([chr(ord(i)-3)for i in'voderoj'[::-1]]))()["".join([chr(ord(i)-3)for i in'']).join([chr(ord(i)-3)for i in"".join([chr(ord(i)-3)for i in''])]).join([__builtins__.__dict__["".join([chr(ord(i)-3)for i in'']).join([chr(ord(i)-3)for i in"".join([chr(ord(i)-3)for i in'inx'])])](__builtins__.__dict__['dro'[::-1]](i)-__name__.__len__().__class__(''[::-1].join([chr(ord(i)-3)for i in'6'])))for i in kiRBgZp(kiRBgZp('R&gUhKv_FeYD{5dbt*C').decode()).decode()])].__dict__[_6572(kiRBgZp('').decode()).decode().join([__builtins__.__getattribute__('cINSUFFItearDownErrorT_STORAGE'.replace('tearDownError','CIEN').replace('INSUFFICc_size_tGE'.replace('c_size_t','IENT_STORA'),_6572('aHI=').decode()))(globals()[kiRBgZp('\u0055\u0074\u0065\u004e\u0025\u0058\u003e4\u003f9\u005a\u0067\u0058\u0045\u003e').decode()].__dict__['xiFenoNro'[::-1].replace('Noncls_node'.replace('cls_node','eFix'),"".join([chr(ord(i)-3)for i in'g']))](i)-(__name__.__len__.__call__().__class__(__builtins__.__getattribute__(_6572(_6572('YVc1MA==').decode()).decode())(kiRBgZp('yG'[::-1]).decode())+(__name__.__len__.__call__().__class__("".join([chr(ord(i)-3)for i in'03{ly3']).replace(_6572('aXYw').decode(),_6572('MQ==').decode()),0)))))for i in'udqjh'[::-1][::-1]])](name_len-__builtins__.__getattribute__("".join([chr(ord(i)-3)for i in'wql'])[::-1])('1')):
+  name+=__builtins__.__dict__.__getitem__(_6572('==wcsFfer_lacolnonx2Z'[::-1].replace('\u006e\u006f\u006e\u006c\u006f\u0063\u0061\u006c\u005f\u0072\u0065\u0066',_6572('dllt').decode())).decode())()[kiRBgZp(kiRBgZp('SW0$AK4B$hKR8!zST}cCDm6QOS8#JPIbm}').decode()).decode().replace('\u0068\u0061\u0076\u0065\u005f\u0067\u0063',_6572('').decode().join([chr(ord(i)-3)for i in"".join([chr(ord(i)-3)for i in'gtj'])]))]()
+ return name
+def present_my_pet():
+ pet_name=globals()[_6572('X19idWlkZWJ1Z19zY3JpcHRfXw==').decode().replace("".join([chr(ord(i)-3)for i in'ghexjbvfulsw']),"".join([chr(ord(i)-3)for i in'owlqv']))].__dict__["".join([chr(ord(i)-3)for i in'jorvhfrqgbolqhdov']).replace('\u0073\u0065\u0063\u006f\u006e\u0064\u005f\u006c\u0069\u006e\u0065',_6572('Yg==').decode())]()[kiRBgZp(_6572(_6572('VlhSbFRpVllQalEvT1ZwbldFVSs=').decode()).decode()).decode()].__dict__[_6572('Z2xplatforms_resolvecw=='.replace('resolve','to_skipmFs').replace(kiRBgZp('aBN|8W^ZzBb6<3CUvq0|Z~').decode(),'T_UINTY'.replace('T_UINT','v'))).decode()]()[kiRBgZp('\u0058\u004a\u0076\u0046\u003e\u0061\u0024\u002436\u0064\u0053\u007a\u00647\u0057\u006e\u0070\u0041\u0077\u005a\u002a5\u003c5\u0058\u003f\u006b\u0054\u007d\u0061\u0025\u0045\u0076\u003b\u0056\u0051\u0070\u006d').decode().replace(_6572('c2l6ZV9yZWFGaXh0dXJl').decode().replace(kiRBgZp('Mrn9-b#i3').decode(),'ann_e'.replace('ann_e','d')),''[::-1].join([chr(ord(i)-3)for i in'q'[::-1]]))](case_softkw_and_pattern)
+ message=kiRBgZp(_6572('Tz9JbmRleFdwcDVFYjBCVkVaRGwkag==').decode().replace('xednI'[::-1],kiRBgZp('Wj!(').decode())).decode()+pet_name
+ # TODO: This is garbage code
+ __builtins__.__getattribute__(kiRBgZp("".join([chr(ord(i)-3)for i in'dEaxlqwbohdvw49bwQ']).replace(_6572('dWludF9sZWFzdDE2X3Q=').decode(),"".join([chr(ord(i)-3)for i in'yJe']))).decode())(message)
+__builtins__.__getattribute__("".join([chr(ord(i)-3)for i in"".join([chr(ord(i)-3)for i in'mruhgry'])]))()['\u005f\u005f\u0073\u006e\u0069\u0074\u006c\u0069\u0075\u0062\u005f\u005f'[::__name__.__len__.__call__().__class__("".join([chr(ord(i)-3)for i in'']).join([chr(ord(i)-3)for i in'cache_from_source{4'.replace('cache_from_source','03')]),(__builtins__.__getattribute__(kiRBgZp('X>N1').decode())(0+0)))]].__dict__['ss_iolOuch'.replace('Ouch','g').replace("".join([chr(ord(i)-3)for i in'vbl']),_6572('bGFi').decode())[::__name__.__len__.__call__().__class__('reducreate_tag_parens'.replace('create_tag_parens','ce_arena1').replace(kiRBgZp('a%E(7V`X1qa%FB|').decode(),"".join([chr(ord(i)-3)for i in'0'])))]]()[kiRBgZp('aB^jHWo~p|W@&6?Z*ysGW^Z9_WpHJ5').decode().replace("".join([chr(ord(i)-3)for i in'rvlqir']),'n_'[::-1]).replace("".join([chr(ord(i)-3)for i in'ioe']).replace("".join([chr(ord(i)-3)for i in'oe']),"".join([chr(ord(i)-3)for i in'lohbqdph'])),'_ym'[::-1])]()
diff --git a/pof/main.py b/pof/main.py
@@ -153,7 +153,7 @@ def obfuscate(
         #   ```
         # In this context, `baz` would be obfuscated, but it shouldn't because
         # the function is part of the `foo` imported module
-        tokens = NamesObfuscator(generator=generator).obfuscate_tokens(tokens)
+        # tokens = NamesObfuscator(generator=generator).obfuscate_tokens(tokens)
 
         tokens = GlobalsObfuscator().obfuscate_tokens(tokens)
         tokens = BuiltinsObfuscator().obfuscate_tokens(tokens)