Pyc
Reverse Engineering | Easy - Pyc
Challenge
We have created a python script for you to break into as training. See if you can figure out a password that will authenticate with the program.
Download file: rev.pyc
Solution
Solution Guide
Let's analyze this file further. This file is a .pyc file, which is a Python Compiled bytecode file. Since this is compiled, we cannot read the source code just by opening it. Try runnning the program and see what happens. We will be using a Linux terminal for this tutorial.
If you have both Python 2 and Python 3 installed, you may need to specify python3 instead of python.
$ python rev.pyc
After executing this, you will see that the program is asking for a password. If we try to guess a random password, we get a message of Access Denied. It seems we will have to dig further with this file.
Fortunately, there are local and online PYC decompilers. One great online tool is PyLingual. After decompiling the PYC file, we can see the entire source code of the program.
Reveal Source Code
def caesar_shift_encrypt(text, shift):
encrypted_text = ''
for char in text:
if char.isalpha():
shifted_char = chr((ord(char) - ord('a') + shift) % 26 + ord('a'))
encrypted_text += shifted_char
else:
encrypted_text += char
return encrypted_text
def check_password(input_password):
encrypted_password = 'yfwmjfpb'
shift = 9
encrypted_input = caesar_shift_encrypt(input_password, shift)
if encrypted_input == encrypted_password:
return 'Access Granted'
return 'Access Denied'
input_password = input('Enter the password: ')
result = check_password(input_password)
print(result)
Upon inspecting this python code, we can see that the script is using Caesar Cipher with a shift of 9 to encrypt the password and compare it against the ciphertext yfwmjfpb. We can easily reverse this with a website like https://www.dcode.fr/caesar-cipher and retrieve the password!
Credits
- Author(s): Divesh Gupta (legendile7)