PyInstaller打包Python成exe文件解密

2023年2月18日 406点热度 0人点赞

解密PyInstaller加密的.pyc.encrypted代码

以下两种思路进行解密
1、使用 pyinstxtractor-ng 解包PyInstaller打包的bundle中的demo.exe文件时附带解密掉。
Github:https://github.com/pyinstxtractor/pyinstxtractor-ng
pyinstxtractor-ng 集成解密功能,看它的代码应该也不是100%解密成功。
执行命令:python .\pyinstxtractor-ng.py .\dist\demo\demo.exe

2、pyinstxtractor 解包后的 .pyc.encrypted 手动解密。

import sys​
class Cipher(object):
"""
This class is used only to decrypt Python modules.
"""
def __init__(self):
# At build-type the key is given to us from inside the spec file, at
# bootstrap-time, we must look for it ourselves by trying to import
# the generated 'pyi_crypto_key' module.
import pyimod00_crypto_key
key = pyimod00_crypto_key.key

assert type(key) is str
if len(key) > CRYPT_BLOCK_SIZE:
self.key = key[0:CRYPT_BLOCK_SIZE]
else:
self.key = key.zfill(CRYPT_BLOCK_SIZE)
assert len(self.key) == CRYPT_BLOCK_SIZE
import tinyaes
self._aesmod = tinyaes
# Issue #1663: Remove the AES module from sys.modules list. Otherwise
# it interferes with using 'tinyaes' module in users' code.
del sys.modules['tinyaes']

def __create_cipher(self, iv):
# The 'AES' class is stateful, this factory method is used to
# re-initialize the block cipher class with each call to xcrypt().
return self._aesmod.AES(self.key.encode(), iv)

def decrypt(self, data):
cipher = self.__create_cipher(data[:CRYPT_BLOCK_SIZE])
return cipher.CTR_xcrypt_buffer(data[CRYPT_BLOCK_SIZE:])

if __name__ == '__main__':
import zlib

CRYPT_BLOCK_SIZE = 16

inf = open('/home/x/x.exe_extracted/PYZ-00.pyz_extracted/yamnet.pyc.encrypted', 'rb') # encrypted file input
outf = open('yamnet.pyc', 'wb') # output file

cipher = Cipher()

# Decrypt and decompress
plaintext = zlib.decompress(cipher.decrypt(inf.read()))

# Write pyc header
# get from importlib.util.MAGIC_NUMBER.hex()
outf.write(b'\x55\x0d\x0d\x0a\0\0\0\0')

# Write decrypted data
outf.write(plaintext)

inf.close()
outf.close()

解包PyInstaller打包的exe

集成反汇编xdis与解密Pyinstaller的加密代码
Github:https://github.com/pyinstxtractor/pyinstxtractor-ng

反汇编disassembler

反汇编(disassembler)字节码.pyc为用户可读的指令列表,https://github.com/rocky/python-xdis 这个库支持跨Python版本反汇编,其安装完提供一个命令行工具pydisasm.exe,
执行命令:pydisasm.exe .\demo.exe_extracted\demo.pyc

反编译decompile

反编译(decompiler)字节码.pyc为Python源代码。https://github.com/rocky/python-decompile3 目前只支持Python 3.7-3.8,Python 3.9+还不支持。所以,使用高版本的Python,字节码被反编译的概率更小,更安全。
执行命令:decompyle3.exe .\demo.exe_extracted\demo.pyc

在线解密

https://pyinstxtractor-web.netlify.app/

胖二十

这个人很懒,什么都没留下

文章评论