Codsmp.zip -

$ binwalk -e archive.enc # no known file signatures

0x00001140 <main+40>: 1140: 48 8d 3d 0b 00 00 00 lea rdi,[rip+0xb] # 1152 <main+52> 1147: e8 34 ff ff ff call 1080 <puts@plt> 114c: b8 00 00 00 00 mov eax,0x0 1151: c3 ret codsmp.zip

data = open('archive.enc','rb').read() key = b' ' decoded = bytes(b ^ 0x20 for b in data) print(decoded[:64]) Result: $ binwalk -e archive

# Extract inner.zip inner_dir = work/'inner' inner_dir.mkdir(exist_ok=True) subprocess.run(['unzip', '-q', str(inner_zip), '-d', str(inner_dir)], check=True) [rip+0xb] # 1152 &lt

$ file payload_decrypted.bin payload_decrypted.bin: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, stripped Great – we have a Linux ELF binary now. Let’s run strings and objdump on it.

def xor(data, key): return bytes(a ^ b for a, b in zip(data, itertools.cycle(key)))