Hola, hacker, once wanted to find out what is hidden behind a compiled application? Today we will look at a way to reverse a compiled (pyinstaller) exe-shnik. Go!
We steal someone else's code. Reverse engineering Python.
What do we need?
First, download the Extractor script. Then install Uncompyle6 using pip:
Installing UnCompyle6.
Now we can start reverse.
I got my hands on a RATNIK in python, compiled by pyinstaller. Actually, the order of actions will not differ from any other file. Let's get started.
First, we need to get all files / libraries / dlls from the executable. For this we need pyExtractor. We run the script as follows:
An example of successful execution.
A folder was created next to the exe-shnik:
Here, in my case, I need the BlackSec file, otherwise it will be the file name without the extension. (For example your file was named build.exe, after Extractor the final file will be just build).
BlackSec file is pyc without magic number.
We need to get the pyc file to get the code. To do this, launch the HEX editor and transfer the file there without the extension, in my case it is BlackSec:
Now we need to assign a magic number to our file, we will take it from the neighboring files in the folder PYZ-00.pyz_extracted. Copy any file from the folder, (I always use the __future__.pyc)editor in the HEX:
Now we need to copy the bytes that contain the magic number, for everything to be successful, we need the first line of the two files (BlackSec & __future __. Pyz) to be the same. Copy the first 12 bytes:
And insert at the beginning of our file:
Next, click on: File => Save As ... And save with the extension .pyc:
In fact, everything is almost ready, it remains to decompile the .pyc file using uncompyle, for this we run the command in cmd:
That's it, a file containing the exe-shnik code appeared near our pyc file.
Mission Passed!
Conclusion.
As you can see, hacker, python also lends itself to decompilation. In the direction of protecting the code, you should use obfuscators / protectors, for python I recommend pyArmor, it turns the code into an "incomprehensible" set of characters.
This concludes the article, before communication, hacker.
We steal someone else's code. Reverse engineering Python.
What do we need?
- PyInstaller Extractor.
- Uncompyle6.
- HxD / Or another HEX editor.
First, download the Extractor script. Then install Uncompyle6 using pip:
Code:
pip install uncompyle6
![133175f5-c4a0-49dc-b8ac-3f33494ca6bd.png](https://teletype.in/files/13/133175f5-c4a0-49dc-b8ac-3f33494ca6bd.png)
Installing UnCompyle6.
Now we can start reverse.
I got my hands on a RATNIK in python, compiled by pyinstaller. Actually, the order of actions will not differ from any other file. Let's get started.
First, we need to get all files / libraries / dlls from the executable. For this we need pyExtractor. We run the script as follows:
Code:
python pyinstxtractor.py filename.exe
![5d4195ed-6f4a-47c8-94c8-f878618e6126.png](https://teletype.in/files/5d/5d4195ed-6f4a-47c8-94c8-f878618e6126.png)
An example of successful execution.
A folder was created next to the exe-shnik:
Code:
File.exe_extracted
![5647b6bb-9b94-4e89-ad44-f7f324e48143.png](https://teletype.in/files/56/5647b6bb-9b94-4e89-ad44-f7f324e48143.png)
Here, in my case, I need the BlackSec file, otherwise it will be the file name without the extension. (For example your file was named build.exe, after Extractor the final file will be just build).
BlackSec file is pyc without magic number.
I won't say what a "magic" number is, but here's a link to Vika, she will tell you everything.pyc - This is the compiled bytecode. If you are importing a module, python will build a file *.pycthat contains the bytecode to make it easier to import
We need to get the pyc file to get the code. To do this, launch the HEX editor and transfer the file there without the extension, in my case it is BlackSec:
![3fa14a36-cc07-4dd6-b32c-42b76e7b1fc2.png](https://teletype.in/files/3f/3fa14a36-cc07-4dd6-b32c-42b76e7b1fc2.png)
Now we need to assign a magic number to our file, we will take it from the neighboring files in the folder PYZ-00.pyz_extracted. Copy any file from the folder, (I always use the __future__.pyc)editor in the HEX:
![7e069f8a-49cf-4482-ab7e-7afc290b6575.png](https://teletype.in/files/7e/7e069f8a-49cf-4482-ab7e-7afc290b6575.png)
Now we need to copy the bytes that contain the magic number, for everything to be successful, we need the first line of the two files (BlackSec & __future __. Pyz) to be the same. Copy the first 12 bytes:
![c84781a6-4467-4b4f-b6ab-81e7f391564e.png](https://teletype.in/files/c8/c84781a6-4467-4b4f-b6ab-81e7f391564e.png)
And insert at the beginning of our file:
![8288243d-14c9-4524-ac79-85d88628a6d9.png](https://teletype.in/files/82/8288243d-14c9-4524-ac79-85d88628a6d9.png)
Next, click on: File => Save As ... And save with the extension .pyc:
![9093f05c-1980-43b1-86d2-59061a425549.png](https://teletype.in/files/90/9093f05c-1980-43b1-86d2-59061a425549.png)
In fact, everything is almost ready, it remains to decompile the .pyc file using uncompyle, for this we run the command in cmd:
Code:
uncompyle6 -o source.pyYourFileName.pyc
![2a5877e4-799c-4e1b-b596-03fe389c2112.png](https://teletype.in/files/2a/2a5877e4-799c-4e1b-b596-03fe389c2112.png)
That's it, a file containing the exe-shnik code appeared near our pyc file.
![a0b77769-bd49-4172-b593-6f5bcc53e110.png](https://teletype.in/files/a0/a0b77769-bd49-4172-b593-6f5bcc53e110.png)
Mission Passed!
Conclusion.
As you can see, hacker, python also lends itself to decompilation. In the direction of protecting the code, you should use obfuscators / protectors, for python I recommend pyArmor, it turns the code into an "incomprehensible" set of characters.
This concludes the article, before communication, hacker.