Technical background
Currently for the mainstream encryption schemes in Python are the following:
| serial number | artifact | Method Description | advantages and disadvantages |
|---|---|---|---|
| 1 | Nuitka | The .py file is first converted to a .c file, then compiled to a .o file, and finally merged into a .bin executable, which is irreversible from bin to C, and from C to Python, so the code is safe! | Low workload, high security, easy to use encrypted Python; long compilation time, complex process |
| 2 | Release of .pyc files | The .py file is converted to a .pyc file by the compileall module. The file is binary and you can't look at the source code directly, while the python interpreter can execute the .pyc file directly. | Desktop compatibility is good, .py can run wherever .py can run; interpreter compatibility is poor, .pyc can only run on certain versions of interpreters. Decompiler tools are readily available, low cracking cost. |
| 3 | Code obfuscation (oxyry, pyobfuscate) | Make code unreadable, remove comments and documentation, change indentation, add certain spaces between tokens, rename functions, classes, variables, insert invalid code on blank lines | Raise the threshold of source code cracking a little. Good compatibility, as long as the source code logic can be compatible, the obfuscation code can also be; can only obfuscate a single file, can not do more than one interlinked source code file linkage obfuscation |
| 4 | py2exe | The source code is compiled into a .pyc file and packaged into an executable with the necessary dependencies. The final py2exe package is a binary file. | Directly packaged into exe, easy to distribute and execute. Cracking threshold is a bit higher than .pyc; poor compatibility, can only run on Windows system. The layout of the generated executable is clear and public, so you can find the .pyc file corresponding to the source code and decompile the source code. |
| 5 | Cython | Compile .py/.pyx into .c files, then compile .c files into .so (Unix) or .pyd (Windows) | The generated binary .so or .pyd files are difficult to crack. It also brings performance improvements; compatibility is a bit poor, and may need to be recompiled for different versions of operating systems. Most Python code is supported, but if it is found to be unsupported, it is expensive to improve. |
| 6 | Pyinstaller | packaged as an exe file. | Convert Python files into exe files, as well as dist folder and build folder, if you want to migrate to other computers to run, you only need to copy these two folders to each other's computers, even if the other party does not have a python environment, you can also run the program, has good compatibility; can be decompiled |
For these encryptions, in the work, it is common to use Python to write some scripts, programs using Pyinstaller packaged as exe files mostly, because even if the other party does not have python environment, you can also run the program, with good compatibility.
The best way to understand the logic of these scripts and programs and to analyze their functions is to decompile and unpack them.
Unpacking ideas
1. Unpack the exe file.
Method 1: Use
Execute python <file name to be unpacked> and if successful, get the <file name to be unpacked>_extracted folder.
Method 2: Using archive_viewer.py
Execute python archive_viewer.py <name of file to be unpacked>, which prints information about all the files contained in the EXE file.
Use the x <filename> command to extract the file you want to extract, and the q command to exit.
Distinction:
Method 1 can extract all files at once, while method 2 can only extract files one by one. But in personal use, when executed at the same time will prompt the python version problem, want to normal unpacking must use the correct python version.
Method 2 has a relatively high success rate. You can try method 1 first and use method 2 when it fails.
2. Build pyc file
The file obtained from step 1 is a pyc file and we need to further decompile it to obtain a py file. In the process of packaging Python files into exe files, some information in front of the pyc file is erased, so we need to check and add this information before decompiling. The content of the erased information can be obtained from the struct file:
There are two possible scenarios:
Situation 1:struct Documentation.E3 aheadinformative:
This situation willstruct Documentation.E3 priorAll contentCopy to target fileE3 Before.
Scenario II:struct Documentation.E3 aheadempty
After encountering this situation, in the previous step 1, find any pyc file in the PYZ-00.pyz_extracted folder, memorize the first 4 bytes, and enter the first 4 bytes in the first line of the target file, and the subsequent complement 0.
Change the destination file extension to ".pyc"
3. decompile pyc file
After installing uncompyle6, go to the dos interface and type uncompyle6 path + filename.pyc > filename.py
No error is reported to indicate success.
Other issues
q1: Prompt for PYZ file encryption
During the unpacking of the exe you will be prompted toThere will be a problem that the file in PYZ can't be extracted properly (archive_viewer.py), or it shows encrypted() after extraction
For this problem, you can use the above method to recompile the encryption key pyimod00_crypto_key.pyc file of the PYZ file to get the secret key.
Pyinstxtractor does not support encrypted pyz archives. Currently, the following code snippet can be used to decrypt encrypted pyc in the pyz extractor directory.Please note that the following script was written to run on Python 2.7 and can be run on versions prior to PyInstaller
The script can decompile encrypted pyc from any Python version. however, you need to change the pyc header appropriately from the list below. For specifics you can visit the pyinstxtractor documentation:Frequently Asked Questions · extremecoders-re/pyinstxtractor Wiki · GitHub
summarize
to this article on python exe file unpacking method is introduced to this article, more related python exe file unpacking content, please search for my previous articles or continue to browse the following related articles I hope you will support me more in the future!