UltraDebug

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索
热搜: A C D R G Y M Z X S P
公益项目,接受捐赠
查看: 2579|回复: 0
收起左侧

[原创] PyArmor-Unpacker

[复制链接]
tebnieew2

主题

0

回帖

UD

新手上路

UID
44
积分
35
注册时间
2022-5-18
最后登录
1970-1-1
2022-9-10 21:26:49 | 显示全部楼层 |阅读模式

PyArmor-Unpacker

I decided it was time that there was a proper PyArmor unpacker released. All the ones that currently are public are either outdated, not working at all or only giving partial output. I plan on making this one support the latest version of PyArmor.

Please star the repository if you found it helpful. I'd really appreciate it.

How to use it

There are 3 different methods for unpacking PyArmor, in the methods folder in this repository you will find all the files needed for each method. Below you will find a detailed write-up on how I started all the way to the end product. I hope more people actually understand how it works this way rather than just using the tool.

Known issues

This is a list of all the known issues/missing features.
I don't have enough time to fix them myself so I am heavily relying on contributors.

Issues:

  • Unsafe way of stopping the second marshal.loads trigger (see write-up)
  • Async code objects don't get invoked correctly -> programs like discord bots can't be unpacked
  • ~From Python 3.10 and higher the absolute jump indexes have been divided by 2 to save storage, we have to add support for that.~ Fixed by issue #3

Missing features:

  • Unit tests
  • Static unpacking for versions below 3.9.7
  • ~Multi file support~ Fixed by issue #11
  • Better logging
  • ~Better prevention of accidentally executing the program for method #3~ Fixed by issue #9

How to use

IMPORTANT: USE THE SAME PYTHON VERSION EVERYWHERE, LOOK AT WHAT THE PROGRAM YOU ARE UNPACKING IS COMPILED WITH.
If you don't you will face issues.

Method #1

  1. Copy all the files from the method #1 directory into the same directory as the file you want to unpack.
  2. Run the file you want to unpack
  3. Use an injector (I recommend Process Hacker 2) to inject https://github.com/call-042PE/PyInjector (Choose the x64 or x86 version based on your application)
  4. Run the method_1.py file
  5. Now you can run the partially unpacked program using run.py

Method #2

  1. Copy all the files from the method #2 directory into the same directory as the file you want to unpack.
  2. Run the file you want to unpack
  3. Use an injector (I recommend Process Hacker 2) to inject https://github.com/call-042PE/PyInjector (Choose the x64 or x86 version based on your application)
  4. In the dumps directory you can find the fully unpacked .pyc file.
  5. (Optional) Use a decompiler to get the Python source back, since currently 3.9.7 is the minimum version you will have to use: https://github.com/zrax/pycdc

Method #3

NOTE: Don't use the static unpacker for anything below version 3.9.7, The marshal.loads audit log was only added in and after 3.9.7.

还有更多的精彩内容,作者设置为付费后可见
UltraDebug免责声明
✅以上内容均来自网友转发或原创,如存在侵权请发送到站方邮件9003554@qq.com处理。
✅The above content is forwarded or original by netizens. If there is infringement, please send the email to the destination 9003554@qq.com handle.
回复 打印

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

小黑屋|Archiver|站点地图|UltraDebug ( 滇ICP备2022002049号-2 滇公网安备 53032102000034号)

GMT+8, 2025-6-21 01:41 , Processed in 0.041020 second(s), 11 queries , Redis On.

Powered by Discuz X3.4

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表