Record the decompilation process of Python 3.7 once
Found an exe compiled by Python 3.7, but did not find the source code. Record the decompilation process
1. Convert exe file to pyc file
Using pyinstxtrator.py, enter the command in cmd:
python pyinstxtractor.py xxx.exe
Project address: pyinstxtractor
After successful decompression, a [XXX. Exe] extracted folder will appear in the same path, which contains the main program without any suffix. What we need to decompile is this file, and others are dependent libraries, such as pyz extracted folder. At this point, we may wonder why this file is not a. pyc file? This may be one of the shortcomings of the pyinstxtrator. The main program converted is not in the right format. We need to fix it manually.
2. Repair pyc file
If you directly change the suffix of the main file to main.pyc for decompilation, an error will occur.
C:\Users\zzzz>uncompyle6 xxxx.pyc Traceback (most recent call last): File "C:\python3\Lib\site-packages\xdis\load.py", line 143, in load_module_from_file_object float_version = float(magics.versions[magic][:3]) KeyError: b'\xe3\x00\x00\x00' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "c:\python3\lib\runpy.py", line 193, in _run_module_as_main "__main__", mod_spec) File "c:\python3\lib\runpy.py", line 85, in _run_code exec(code, run_globals) File "C:\python3\Scripts\uncompyle6.exe\__main__.py", line 7, in <module> File "C:\python3\Lib\site-packages\uncompyle6\bin\uncompile.py", line 194, in main_bin **options) File "C:\python3\Lib\site-packages\uncompyle6\main.py", line 322, in main do_fragments, File "C:\python3\Lib\site-packages\uncompyle6\main.py", line 182, in decompile_file filename, code_objects File "C:\python3\Lib\site-packages\xdis\load.py", line 116, in load_module get_code=get_code, File "C:\python3\Lib\site-packages\xdis\load.py", line 152, in load_module_from_file_object % (ord(magic[0:1]) + 256 * ord(magic[1:2]), filename) ImportError: Unknown magic number 227 in xxxx.pyc
The reason is that the file header magic number is not aligned, so you need to add magic number. Different python versions of magic number are different.
python 3.6.7's
33 0D 0D 0A 00 00 00 00 00 00 00 00
python 3.7.4's
42 0D 0D 0A 00 00 00 00 63 AF 36 3E 0C 00 00 00
3. How to get magic number
Compile one by yourself to see how many
pyinstaller is required for compiling py files, and modules can be installed with pip
pip install pyinstaller
After pip installation, you can choose a py file to compile. The pyinstaller file location is:
C:\Users\xxx\AppData\Local\Programs\Python\Python36\Scripts\
Drag pyinstaller.exe and one of your py files to the same folder
Input in cmd:
pyinstaller 1.py
Microsoft Windows [Edition 10.0.17763.557] (c) 2018 Microsoft Corporation. All rights reserved. D:\JAVA>pyinstaller 1.py 91 INFO: PyInstaller: 3.6 92 INFO: Python: 3.7.4 92 INFO: Platform: Windows-10-10.0.17763-SP0 94 INFO: wrote D:\JAVA\1.spec 103 INFO: UPX is not available. 106 INFO: Extending PYTHONPATH with paths ['D:\\JAVA', 'D:\\JAVA'] 107 INFO: checking Analysis 107 INFO: Building Analysis because Analysis-00.toc is non existent 107 INFO: Initializing module dependency graph... 110 INFO: Caching module graph hooks... 119 INFO: Analyzing base_library.zip ... 3644 INFO: Caching module dependency graph... 3797 INFO: running Analysis Analysis-00.toc 3801 INFO: Adding Microsoft.Windows.Common-Controls to dependent assemblies of final executable required by d:\python\python.exe 4239 INFO: Analyzing D:\JAVA\1.py 4241 INFO: Processing module hooks... 4241 INFO: Loading module hook "hook-encodings.py"... 4361 INFO: Loading module hook "hook-pydoc.py"... 4362 INFO: Loading module hook "hook-xml.py"... 4636 INFO: Looking for ctypes DLLs 4636 INFO: Analyzing run-time hooks ... 4643 INFO: Looking for dynamic libraries 4830 INFO: Looking for eggs 4830 INFO: Using Python library d:\python\python37.dll 4830 INFO: Found binding redirects: [] 4834 INFO: Warnings written to D:\JAVA\build\1\warn-1.txt 4876 INFO: Graph cross-reference written to D:\JAVA\build\1\xref-1.html 4885 INFO: checking PYZ 4885 INFO: Building PYZ because PYZ-00.toc is non existent 4886 INFO: Building PYZ (ZlibArchive) D:\JAVA\build\1\PYZ-00.pyz 5395 INFO: Building PYZ (ZlibArchive) D:\JAVA\build\1\PYZ-00.pyz completed successfully. 5404 INFO: checking PKG 5404 INFO: Building PKG because PKG-00.toc is non existent 5405 INFO: Building PKG (CArchive) PKG-00.pkg 5426 INFO: Building PKG (CArchive) PKG-00.pkg completed successfully. 5428 INFO: Bootloader d:\python\lib\site-packages\PyInstaller\bootloader\Windows-64bit\run.exe 5428 INFO: checking EXE 5429 INFO: Building EXE because EXE-00.toc is non existent 5430 INFO: Building EXE from EXE-00.toc 5430 INFO: Appending archive to EXE D:\JAVA\build\1\1.exe 5434 INFO: Building EXE from EXE-00.toc completed successfully. 5437 INFO: checking COLLECT 5437 INFO: Building COLLECT because COLLECT-00.toc is non existent 5438 INFO: Building COLLECT COLLECT-00.toc 6084 INFO: Building COLLECT COLLECT-00.toc completed successfully.
Generate the files in the diagram. The pyc file is in pycache
Hexadecimal view its magic number
This is python 3.7.4
4. Add magic number
Add magic number at the top
Customary
After adding
Save as pyc file
5. Decompile pyc files
Decompilation with uncompyle6 is also pip
pip install uncompyle6
Same as open input in cmd
uncompyle6 main.pyc > main.py
Generate main.py directly
I decompiled the file, python 3.7's
# uncompyle6 version 3.6.3 # Python bytecode 3.7 (3394) # Decompiled from: Python 3.7.4 (tags/v3.7.4:e09359112e, Jul 8 2019, 20:34:20) [MSC v.1916 64 bit (AMD64)] # Embedded file name: main.py # Size of source mod 2**32: 12 bytes import os, time from datetime import datetime, timedelta from selenium import webdriver from selenium.webdriver.support.wait import WebDriverWait import selenium.webdriver.support as EC from selenium.webdriver.common.by import By from selenium.webdriver.common.action_chains import ActionChains from packaging import version import requests class Taobao: __module__ = __name__ __qualname__ = 'Taobao' def __init__(self, driver_type): self._browser_type = driver_type if driver_type == 1: self._driver = webdriver.Chrome(executable_path='chromedriver.exe', service_args=['--verbose', '--log-path=chromedriver.log']) else: self._driver = webdriver.Firefox(executable_path='geckodriver.exe') . . . . . There's no sticking in the back
ps: the original python 3.6.6 of my computer needs to be decompiled and written in 3.7, so I can add a 3.7.4 environment variable and pip to disk D. when I use it, I will add C: \ users \ XXX \ appdata \ local \ programs \ Python \ Python 36
Just move out the python.exe in. The two pip s should not be interconnected...
