对 .pyo python 文件进行逆向工程
我有 2 个 .pyo python 文件,可以将它们转换为 .py 源文件,但它们不能像 decompyle 的验证所暗示的那样完美编译。
因此,查看源代码,我可以看出 config.pyo 只是在数组中包含变量:
ADMIN_USERIDS = [116901, 141、 349244, 39、 1159488]
我想获取原始的 .pyo 并进行反汇编或执行任何操作以更改这些 ID 之一。
或者......
在 model.pyo 中,源表明
if (productsDeveloperId != self.getUserId()):
我想要做的就是十六进制编辑 != 为 a == .....简单地使用 a windows exe 程序,但我在任何地方都找不到好的 python 反汇编程序。
欢迎任何建议...我是读取字节码的新手,也是 python 的新手。
I have 2 .pyo python files that I can convert to .py source files, but they don't compile perfectly as hinted by decompyle's verify.
Therefore looking at the source code, I can tell that config.pyo simply had variables in in an array:
ADMIN_USERIDS = [116901,
141,
349244,
39,
1159488]
I would like to take the original .pyo and disassembly or whatever I need to do inorder to change one of these IDs.
Or....
in model.pyo the source indicates a
if (productsDeveloperId != self.getUserId()):
All I would want to do is hex edit the != to be a == .....Simple with a windows exe program but I can't find a good python disassembler anywhere.
Any suggestions are welcomed...I am new to reading bytecode and new to python as well.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
将 .pyo 文件转换为 .py,然后编辑 .py,然后在 .py 文件上运行 python。 Python 将重新生成 .pyo 文件 不要编辑 pyo
我不知道 python 字节码,但我怀疑字符串 == 或 1= 会出现在 .pyo 文件中
虽然更好的方法是获取原始 .pyo 文件。 py 文件并使用它们。如果他们给出了错误的程序,就像想要将 != 更改为 == 所暗示的那样,那么您可以要求供应商修复该错误。
Convert the .pyo files to .py and then edit the .py and then run python on the .py files. Python will regenerate the .pyo files Don't edit the pyo
I don't know the python bytecode but I would doubt that the strings == or 1= would appear in the .pyo file
Although a much better way is get the original .py files and use them. If they give the wrong program as implied by wanting to change != to == then you could ask the supplier to fix the bug.
IDA 6.0 以下没有 .pyc 反编译模块。
IDA up to 6.0 doesn't have a .pyc decompilation module.
我不知道这是否能直接帮助你,但是Python 已经有字节码了反汇编器。
对于相反的操作,即生成字节码,有几种选择。一方面,您有标准编译器包,然后是还有 BytecodeAssembler 库,它可能更适合您的需求。
I don't know if this directly helps you, but Python already has a bytecode disassembler.
For the opposite operation, i.e., generating bytecode, there are a couple of alternatives. On one hand you have the standard compiler package and then there is also the BytecodeAssembler library, which may be more suited to your needs.
最近我开发了一些工具来帮助解决这类问题。有些东西仍然是 alpha,但是通过一些工作你可以在这里使用它。
周围有几种反汇编器,它们通常出现在反编译器中。当然,我偏爱的是我写的 xdis 因为它给出了有关字节码文件内容的大部分信息。还有一个用 C++ 编写的名为 pycdas 的项目,它位于具有 pycdc 反编译器的项目中。所以这部分并不新鲜。
另外,正如您所指出的,您使用了反编译器,但它并不完美。希望在名为 uncompyle6 的更高版本中,这些错误已得到解决。但如果没有,请提交 github 问题。
好的。现在我们来看看新的内容。最近,我修改了反汇编程序以使其易于修改,并编写了一个 Python 汇编程序以将其存储回 pyc 字节码格式。这些东西仍处于 alpha 阶段;可以在 http://github.com/rocky/python-xasm 找到它。
这样您就可以对常量和条件测试进行简单的更改。
现在让我进入条件测试,因为你具体询问了这个问题,但这里还没有得到完全回答。
考虑这个简单的 Python 代码:
让我们用 pydisasm 反汇编它:
好的。所以我们看到
==是COMPARE_OP的操作数编码为 2 的指令。
查看文档 https:/ /docs.python.org/3.6/library/dis.html#opcode-COMPARE_OP (这是针对 Python 3.6 的,但几乎所有 Python 版本都是相同的)有一个稍微有用的解释
:秘密解码器环信息你必须去
opcode.py 的 Python 源代码您可能在磁盘上的某个地方,但这里有一个链接: https://github.com/python/cpython/blob/master/Lib/opcode.py#L24 我们在其中
您会看到
==< /code> 是 2,!=是 3。至于更改常量
[116901, 141, 349244, 39, 1159488],它将出现在我的反汇编程序中的部分称为Constants,您基本上会更改其中的数字,然后运行汇编器。Very recently I've developed tools that should help with this sort of thing. Some of the stuff is still very much alpha, but with some work you could have used it here.
There are several disassemblers around and they generally appear in the decompiler. The one I am partial to of course is the one I wrote called xdis because it gives the most information about what is in the bytecode file. There is also one called pycdas written in C++ and is in the project that has the pycdc decompiler. So that part is not new.
Also, as you indicate you used a decompiler but it wasn't perfect. Hopefully in later versions called uncompyle6 these bugs have been addressed. But if not, file a github issue.
Ok. So now onto what is new. Recently I've modified the disassembler to make it amenable to modification and have written an Python assembler to store it back into the pyc bytecode format. This stuff is still in alpha; find it at http://github.com/rocky/python-xasm .
So with that you could make the simple changes to the constants and the condition tests.
So now let me go into the condition test since you asked about that specifically and it hasn't been fully answered here.
Consider this simple Python code:
Let's disassemble that with pydisasm:
Ok. so we see that the
==is the operand of aCOMPARE_OPinstructions which is encoded as 2.
Looking at the doc for this https://docs.python.org/3.6/library/dis.html#opcode-COMPARE_OP (this is for Python 3.6, but it's the same across pretty much all Python versions) there is the marginally helpful explanation:
But for the secret decoder ring information you'll have to go to the
Python source code for opcode.py which you probably have on your disk somewhere, but here's a link: https://github.com/python/cpython/blob/master/Lib/opcode.py#L24 where we have
And you'll see that while
==is 2,!=is 3.As for changing the constant
[116901, 141, 349244, 39, 1159488]that would appear in my disassembler in the section calledConstantsand you'd basically change the numbers there and then run the assembler.