|
|
|
|
|
|
by geographomics
4121 days ago
|
|
|
I reversed it back when it was version 1.1.something, it was basically all compiled Python modules with custom encrypted code objects and non-standard opcode mappings for the bytecode. Quite interesting to see how it worked, and useful to get the key for the encrypted logs, to see it what it actually did while running. Back then you could intercept the https connections as well as they hadn't pinned the certificates yet, to get an even fuller picture. There was nothing obviously nefarious going on back then, but that was quite a few years ago of course. |
|
|