Python zlib decompress, marshal load & boot

Question

import imp
s = ''
if imp.get_magic() != 'm\xf2\r\n':
    raise RuntimeError, s


try:
    import zlib
except:
    raise RuntimeError, ''

import marshal
import sys
import os
for p in filter(os.path.exists, map(lambda p: os.path.join(p, 'ind.pyz'), sys.path)):
    f = open(p, 'rb')
    exec marshal.loads(zlib.decompress(f.read(905)))
    boot('ind', f, 64608)
    break
import inca

I have this code in, ind.pyc file. Now I want to know that:

What does this codes? As can I see decompressing ind.pyz with zlib first 905 bytes? Then booting ind.pyz (first 64608 bytes?). I understood that, isn't it?

"ind.pyz" What is that supposed to be? An executable or a compiled pyc, so python file? I tried to decompile .pyz file but I can't.. And Is there a decompiler software for those files?

I'm really stuck, here is ind.pyz file (64kb) how is compressed this file? https://mega.co.nz/#!hIkH3RSI!f3UDHGI9omXXN7jXHJKYTCpMCU0y8N3npop6a3tfmcw

Answer 1

First of all, marshal is internal serialization util, which output is version dependent, so your code checks whether it is compiled by correct python version:

if imp.get_magic() != 'm\xf2\r\n':
    raise RuntimeError, s

Then it looks through sys.path for a ind.pyz file, and when found, reads 905 bytes

f.read(905)

Those 905 bites are consideres to be a zlib-compressed string, so are decompressed

zlib.decompress(f.read(905))

and resulted string is unmarshalled to a python object:

marshal.loads(zlib.decompress(f.read(905)))

This object in turn is executed . I suppose un-marshalled object is a python code, but won't check it myself, I do not unmarshal code from untrusted sources ;)

On the next line,

boot('ind', f, 64608)

boot is not a built python function, so it has to be defined by the exec statement.