search

TaxMachine / Grabbers-Deobfuscator

Decompiler and deobfuscator that offers support to track discord webhooks inside: blank stealer, luna grabber, thiefcat, Creal and all unobfuscated grabbers
85 stars 7 forks source link

methods/luna.py broken #7

Closed schizophrenic144 closed 7 months ago

schizophrenic144 commented 9 months ago

Just a heads up that you shouldnt read the pycdas decompiled output but rather the main .pyc itself like you did with the blank method.

the fixed code should be this:

import base64, os, subprocess, zlib, zipfile, re, lzma, codecs, base64
from utils.decompile import decompilePyc, disassemblePyc
from utils.deobfuscation import BlankOBF

class LunaDeobf:
    def __init__(self, dir):
        self.extractiondir = dir
        self.tempdir = os.path.join(self.extractiondir, "..", "..", "temp")

    def Deobfuscate(self):
        filename = self.extractiondir.split(".exe")[0].split(os.path.sep)[len(self.extractiondir.split(os.path.sep)) - 1] + ".pyc"
        file = open(os.path.join(self.extractiondir, filename), "rb")
        assembly = file.read()
        file.close()
        stage3 = BlankOBF.DeobfuscateStage3(assembly)
        webhook = BlankOBF.DeobfuscateStage4(stage3.first, stage3.second, stage3.third, stage3.fourth)        
        return webhook
TaxMachine commented 7 months ago

Sorry for the late review, please make a pull request

TaxMachine commented 7 months ago

fixed