目的:下载一批pyc文件,希望可以将其反编译为py文件,便于阅读和修改。
工具:py2.7 uncompyle2 (Win7 x64系统)
步骤:
step 1. 安装python2.7,并将python添加到系统环境变量中
step 2. 安装uncompyle2
- 下载uncompyle2:https://github.com/wibiti/uncompyle2
- 解压之后,在CMD模式进入该目录,输入命令进行安装:python setup.py install
- 测试是否安装成功:
python C:\Python27\Scripts\uncompyle2 -h
step 3. 反编译pyc文件
使用命令:
python C:\Python27\Scripts\uncompyle2 C:\vpn.pyc > vpn.py
It Works!
其它功能和技巧,等待进一步学习和挖掘……
《 “如何将.pyc和.pyo文件反编译为.py文件” 》 有 9 条评论
A Reverse Engineering Tool for py2exe applications.
https://github.com/4w4k3/rePy2exe
pyrasite —— 向正在运行中的 Python 进程注入代码
https://www.darknet.org.uk/2017/06/pyrasite-inject-code-into-running-python-processes/
https://github.com/lmacken/pyrasite
十种进程注入技术介绍
https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process
Python 字节码级别的逆向
https://chriswarrick.com/blog/2017/08/03/gynvaels-mission-11-en-python-bytecode-reverse-engineering/
【技术分享】从被pyinstaller打包的文件中还原出Python源码
https://mp.weixin.qq.com/s/1pigY2wgP_BGiw0oiveVfQ
https://stackoverflow.com/questions/18303122/how-to-decompile-files-from-pyinstaller-pyz-file
https://reverseengineering.stackexchange.com/questions/160/how-do-you-reverse-engineer-an-exe-compiled-with-pyinstaller
Python 反编译工具 pycdc 多个漏洞披露
https://blogs.securiteam.com/index.php/archives/3658
如何编译静态版的Python
https://www.blackh4t.org/2018/02/06/how-to-compile-static-link-python/
Looking inside the box
https://paper.tuisec.win/detail/924ae4f83bdec52
https://anvilventures.com/blog/looking-inside-the-box.html
`
Introduction
Decryption and Unobfuscation
Enabling Dropbox tracing
Injecting new code
Conclusion
我们最终成功的逆向了Dropbox的客户端,编写解密和注入工具以逆向当前基于Python 3.6版本的Dropbox客户端。显然debugger的开启对于逆向来说会有很多帮助,特别是当decompyle6反编译器无法对某些文件进行正确的反编译时。
`
PyArmor – 用来混淆 Python 代码的工具 – Jett
https://pyarmor.readthedocs.io/en/latest/security.html#the-security-of-pyarmor
https://github.com/dashingsoft/pyarmor