python反编译

python文件类型介绍

Python scripts may have one of several file extensions. Each file extension has a special meaning and purpose.
.py - Regular scripts
.py3 - (rarely used) Python3 script; Python3 scripts usually end with ".py" not ".py3"
*.pyc - compiled script (Bytecode)
*.pyo - optimized pyc bytecode file (As of Python3.5, Python will only use pyc rather than pyo and pyc)
*.pyw - Python script for Windows that is executed with pythonw.exe
*.pyx - Cython src to be converted to C/C++
*.pyd - Python script made as a Windows DLL
*.pxd - Cython script which is equivalent to a C/C++ header
*.pyi - MyPy stub
*.pyi - Stub file (PEP 484)
.pyz - Python script archive (PEP 441); this is a script containing compressed Python scripts (ZIP) in binary form after the standard Python script header
.pywz - Python script archive for MS-Windows (PEP 441); this is a script containing compressed Python scripts (ZIP) in binary form after the standard Python script header
.py[cod] - wildcard notation in ".gitignore" that means the file may be ".pyc", ".pyo", or ".pyd"
*.rpy - RPython script or a Python script containing application or framework-specific features
*.pyde - Python script used by Processing (https://processing.org/)
*.pyp - Py4D Python Plugin
*.pyt - Python declaration file
*.xpy - Unknown
*.ipynb - Jupyter Notebook file

将exe反编译为pyc

使用pyinstxtractor将exe反编译，提取由pyinstaller生成的可执行文件内容。
python pyinstxtractor.py abc.exe
在exe同目录下查看python*.dll文件，可以找到exe打包使用的python版本。

反编译.pyc(Bytecode)

1、uncompyle6安装
uncompyle2的后续版本uncompyle6
pip install uncompyle6
查看帮助命令：uncompyle6 --help、uncompyle6 -h
反编译单个文件：uncompyle6 foo.pyc > foo.py
反编译多个文件：uncompyle6 -o . *.pyc
例子：

uncompyle6 foo.pyc bar.pyc  # decompile foo.pyc, bar.pyc to stdout
uncompyle6 -o . foo.pyc bar.pyc  # decompile to ./foo.py and ./bar.py
uncompyle6 -o . *.pyc # decompile *.pyc to *.py

import uncompyle6
with open("my.py","w",encoding='utf8') as f:
    uncompyle6.uncompyle_file("mp.pyo", f)

2、uncompyle6使用
直接使用uncompyle6反编译可能会遇到以下两种错误,需要使用二进制编辑软件。

1.ImportError: Unknown magic number 227 in bit.pyc
2.bad marshal data (unknown type code)

python -O -m py_compile file.py

ultraedit

x86 https://downloads.ultraedit.com/main/ue/win/ue_chinese.exe
x64 https://downloads.ultraedit.com/main/ue/win/ue_chinese_64.exe
ultraedit试用,在hosts文件添加以下两行
127.0.0.1 licensing.ultraedit.com
127.0.0.1 swupdate.ultraedit.com

0x04 参考链接

python反编译
pyinstxtractor
uncompyle6
uncompyle6
List of Python Script File-Extensions http://dcjtech.info/topic/python-file-extensions/
https://cx4.github.io/2020/08/31/pyexe2py/
https://blog.csdn.net/xianqin2202/article/details/103208000

逆向分析

python反编译

python文件类型介绍

将exe反编译为pyc

反编译.pyc(Bytecode)

ultraedit

0x04 参考链接

相关

Android逆向分析实例(三)-解密微信EnMicroMsg.db数据库

游戏逆向分析教程 [导航菜单]

IM通信协议逆向分析、Wireshark自定义数据包格式解析插件编程学习

CreateProcess逆向分析-0环逆向分析(二)

标签