Rating: 5.0

tl;dr
1. Extrace `PyInstaller` packed executable with [pyinstxtractor.py](https://github.com/extremecoders-re/pyinstxtractor) -> See entry point at `backup_decryptor.pyc`.
2. Try to decompile/disassemble it -> Fail because of invalid arg count.
3. Recognize that it has remapped all the python opcodes -> Find a way to find the mapping back to the original.
4. Write code to convert the mapped `pyc` to the original -> Decompile it.
5. Analyze the decompiled python code -> Get flag.

Original writeup (https://lkmidas.github.io/posts/20210201-justctf2020-writeups/).