Security Magic

 Hello World! I've been looking at some PYC samples lately, and decided to do a deep dive into the sample on this x post :  https://x.com/malmoeb/status/1853723915723350526 Specifically, I'm looking at  sample SHA256: de195ebb0f1cf3762d73f956b9d21b63de1a5bbe9626a78af623ed9f59ed760f The first thing I did when looking at this sample was run pycdas : We get a look at the disassembled code here.  The first few bytes ""\xfd7zXZ"" suggest LZMA XZ Compressed. Using the following simple script you can output this to a file  I ran an output to decodedfile.txt here. Analyzing this file we can see variables with names like "___", "_____" etc.... We can see some of the decode logic, such as charcode 98, 54, 52, 100, 101, 99, 111, 100, 101 for b64decode, b64decode("cm90MTM=") for ROT13, and [::-1] for string reverse. We also cans see that it concatenates the decoded variables together to one final output. Using this guide as a guide, we can ...