- Saved searches
- Use saved searches to filter your results more quickly
- License
- WithSecureLabs/python-exe-unpacker
- Name already in use
- Sign In Required
- Launching GitHub Desktop
- Launching GitHub Desktop
- Launching Xcode
- Launching Visual Studio Code
- Latest commit
- Git stats
- Files
- README.md
- About
- pydumpck 1.16.0
- Навигация
- Ссылки проекта
- Статистика
- Метаданные
- Сопровождающие
- Классификаторы
- Описание проекта
- What?
- Install
- Usage
- Demo
- Notice
- Saved searches
- Use saved searches to filter your results more quickly
- ItsMerkz/Python-Exe-Decompiler
- Name already in use
- Sign In Required
- Launching GitHub Desktop
- Launching GitHub Desktop
- Launching Xcode
- Launching Visual Studio Code
- Latest commit
- Git stats
- Files
- README.md
- About
Saved searches
Use saved searches to filter your results more quickly
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.
A helper script for unpacking and decompiling EXEs compiled from python code.
License
WithSecureLabs/python-exe-unpacker
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Sign In Required
Please sign in to use Codespaces.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching Xcode
If nothing happens, download Xcode and try again.
Launching Visual Studio Code
Your codespace will open once ready.
There was a problem preparing your codespace, please try again.
Latest commit
Git stats
Files
Failed to load latest commit information.
README.md
A script that helps researcher to unpack and decompile executable written in python. However, right now this only supports executable created with py2exe and pyinstaller.
This script glues together several tools available to the community. Hopefully, this can help people in their daily job. Several YARA rules are available to determine if the executable is written in python (This script also confirms if the executable is created with either py2exe or pyinstaller).
- Python 2.7 or later.
- Install all the dependency needed:
pip2 install —user -r requirements.txt
or if you fancy to have your dependency installed with root permission
sudo pip2 install -r requirements.txt
- python python_exe_unpack.py -i [malware.exe]
- pyinstaller
- A folder will be created with the original filename concatenated with «_extracted». For example: «malware.exe_extracted».
- The main python file that contains the logic will usually be the file without any extension (In the folder that concatenated with «_extracted»). In the following example, «hello» is the one that contains the main python logic:
-rw-rw-r— 1 testuser testuser 70K Nov 14 13:08 bz2.pyd
-rw-rw-r— 1 testuser testuser 993K Nov 14 13:08 _hashlib.pyd
-rw-rw-r— 1 testuser testuser 111 Nov 14 13:08 hello
-rw-rw-r— 1 testuser testuser 1009 Nov 14 13:08 hello.exe.manifest
-rw-rw-r— 1 testuser testuser 1.1K Nov 14 13:08 Microsoft.VC90.CRT.manifest
-rw-rw-r— 1 testuser testuser 220K Nov 14 13:08 msvcm90.dll
-rw-rw-r— 1 testuser testuser 557K Nov 14 13:08 msvcp90.dll
-rw-rw-r— 1 testuser testuser 638K Nov 14 13:08 msvcr90.dll
-rw-rw-r— 1 testuser testuser 628K Nov 14 13:08 out00-PYZ.pyz
drwxrwxr-x 2 testuser testuser 12K Nov 14 13:08 out00-PYZ.pyz_extracted
-rw-rw-r— 1 testuser testuser 5.2K Nov 14 13:08 pyiboot01_bootstrap
-rw-rw-r— 1 testuser testuser 2.5K Nov 14 13:08 pyimod01_os_path
-rw-rw-r— 1 testuser testuser 12K Nov 14 13:08 pyimod02_archive
-rw-rw-r— 1 testuser testuser 22K Nov 14 13:08 pyimod03_importers
-rw-rw-r— 1 testuser testuser 0 Nov 14 13:08 pyi-windows-manifest-filename hello.exe.manifest
-rw-rw-r— 1 testuser testuser 2.6M Nov 14 13:08 python27.dll
-rw-rw-r— 1 testuser testuser 10K Nov 14 13:08 select.pyd
-rw-rw-r— 1 testuser testuser 234 Nov 14 13:08 struct
-rw-rw-r— 1 testuser testuser 671K Nov 14 13:08 unicodedata.pyd - pyinstaller has an option that can encrypt python bytecode. This script will try to decrypt it and decompile the decrypted code.
- The result of unpacking and decompiling will be located in folder «unpacked» or the location you specify.
- If error like this shows «Error in unpacking the exe. Probably due to version incompability (exe created using python 2 and run this script with python 3)», try setting your python to a different version than the one you are using. Eg: «alias python=python2» or «alias python=python3»
- In the above example, sometimes the python file that contains the main logic will not be in the format that uncompyle6 accept (Missing python magic numbers). The above command will prepend magic numbers and decompile it (If magic number is already preprended it will not add it and just proceed with decompiling).
- Extreme Coders for their pyinstxtractor.py script to help unpack pyinstaller executable.
- Extreme Coders for their instruction on how to decrypt encrypted python byte code: https://0xec.blogspot.sg/2017/02/extracting-encrypted-pyinstaller.html
- unpy2exe
- uncompyle6
About
A helper script for unpacking and decompiling EXEs compiled from python code.
pydumpck 1.16.0
pydumpck is a multi-threads tool for decompile exe,elf,pyz,pyc packed by python which is base on pycdc and uncompyle6.sometimes its py-file result not exactly right ,maybe could use uncompyle6.
Навигация
Ссылки проекта
Статистика
Метаданные
Лицензия: Apache Software License (MIT Licence)
Метки pydumpck, decomplier, pe, elf, pyc, pyz
Требует: Python >=3.7,
Сопровождающие
Классификаторы
Описание проекта
What?
pydumpck is a multi-threads tool for decompile exe,elf,pyz,pyc packed by python which is base on pycdc and uncompyle6 .sometimes its py-file result not exactly right ,maybe could use uncompyle6.
Install
Usage
usage: pydumpck OUTPUT_DIRECTORY THREAD TIMEOUT TIMEOUT_SESSION TARGET_FILE_TYPE . . . is a multi-threads tool decompile exe,elf,pyz,pyc packed by python which is base on pycdc and uncompyle6.sometimes its py-file result not exactly right ,maybe could use uncompyle6. positional arguments: target_file file to extract or decompiler,combine with -y -h, --help show this message and -o OUTPUT_DIRECTORY, --output OUTPUT_DIRECTORY output archive file to output_2938294 -w THREAD, --thread THREAD thread count running cpu-count * -t TIMEOUT, --timeout TIMEOUT timeout running single decompiler --session-timeout TIMEOUT_SESSION timeout running total task -y TARGET_FILE_TYPE, --type TARGET_FILE_TYPE file-type of input file,can use pe,exe,elf,pyc,pyz None : auto guess -d . --decompile_file . only decompile referred file quick None --header . specify pyc header hex-string None not , pydumpck will use struct.pyc pycdc
pydumpck xxx.exe -p uncompyle6
pydumpck xxx.exe -p pycdc uncompyle6
pydumpck xxx.exe -d main for only target main.py
pydumpck xxx.exe -d main lib_base64 secert for targets main.py and lib_base64.py and secert.py
Demo
Notice
pycdc speed is more than 10 times faster than uncompyle6 , and uncompyle6 is not support for python that version above 3.8.
however pycdc sometimes return a not precisely right result.
in pydumpck , you can use —plugin uncompyle6 for single-use or —plugin pycdc uncompyle6 for both-use.
Saved searches
Use saved searches to filter your results more quickly
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.
Decompiles Exe’s That Were Compiled Using Pyinstaller
ItsMerkz/Python-Exe-Decompiler
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Sign In Required
Please sign in to use Codespaces.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching Xcode
If nothing happens, download Xcode and try again.
Launching Visual Studio Code
Your codespace will open once ready.
There was a problem preparing your codespace, please try again.
Latest commit
Git stats
Files
Failed to load latest commit information.
README.md
Python Modules Needed os, struct, marshal, zlib, sys Python Module Installation
pip install os pip install struct pip install marshal pip install zlib pip install sys
Windows Usage python decompile.py (file name)
Linux Usage python3 decompile.py (file name)
The Decompiler File Must Be In The Same Folder As The Exe Your Trying To Decompile Also Please Make Sure To Dm Me On Discord If You Have Any Problems Using This Haribo#1337
About
Decompiles Exe’s That Were Compiled Using Pyinstaller
- pyinstaller