PyInstaller打包Python成exe文件解密

解密PyInstaller加密的.pyc.encrypted代码

以下两种思路进行解密
1、使用 pyinstxtractor-ng 解包PyInstaller打包的bundle中的demo.exe文件时附带解密掉。
Github：https://github.com/pyinstxtractor/pyinstxtractor-ng
pyinstxtractor-ng 集成解密功能，看它的代码应该也不是100%解密成功。
执行命令：python .\pyinstxtractor-ng.py .\dist\demo\demo.exe

2、pyinstxtractor 解包后的 .pyc.encrypted 手动解密。

import sys​
class Cipher(object):
"""
This class is used only to decrypt Python modules.
"""
def __init__(self):
# At build-type the key is given to us from inside the spec file, at
# bootstrap-time, we must look for it ourselves by trying to import
# the generated 'pyi_crypto_key' module.
import pyimod00_crypto_key
key = pyimod00_crypto_key.key
​
assert type(key) is str
if len(key) > CRYPT_BLOCK_SIZE:
self.key = key[0:CRYPT_BLOCK_SIZE]
else:
self.key = key.zfill(CRYPT_BLOCK_SIZE)
assert len(self.key) == CRYPT_BLOCK_SIZE
import tinyaes
self._aesmod = tinyaes
# Issue #1663: Remove the AES module from sys.modules list. Otherwise
# it interferes with using 'tinyaes' module in users' code.
del sys.modules['tinyaes']
​
def __create_cipher(self, iv):
# The 'AES' class is stateful, this factory method is used to
# re-initialize the block cipher class with each call to xcrypt().
return self._aesmod.AES(self.key.encode(), iv)
​
def decrypt(self, data):
cipher = self.__create_cipher(data[:CRYPT_BLOCK_SIZE])
return cipher.CTR_xcrypt_buffer(data[CRYPT_BLOCK_SIZE:])
​
if __name__ == '__main__':
import zlib
​
CRYPT_BLOCK_SIZE = 16
​
inf = open('/home/x/x.exe_extracted/PYZ-00.pyz_extracted/yamnet.pyc.encrypted', 'rb') # encrypted file input
outf = open('yamnet.pyc', 'wb') # output file
​
cipher = Cipher()
​
# Decrypt and decompress
plaintext = zlib.decompress(cipher.decrypt(inf.read()))
​
# Write pyc header
# get from importlib.util.MAGIC_NUMBER.hex()
outf.write(b'\x55\x0d\x0d\x0a\0\0\0\0')
​
# Write decrypted data
outf.write(plaintext)
​
inf.close()
outf.close()


解包PyInstaller打包的exe

集成反汇编xdis与解密Pyinstaller的加密代码
Github：https://github.com/pyinstxtractor/pyinstxtractor-ng

反汇编disassembler

反汇编(disassembler)字节码.pyc为用户可读的指令列表，https://github.com/rocky/python-xdis 这个库支持跨Python版本反汇编，其安装完提供一个命令行工具pydisasm.exe，
执行命令：pydisasm.exe .\demo.exe_extracted\demo.pyc

反编译decompile

反编译(decompiler)字节码.pyc为Python源代码。https://github.com/rocky/python-decompile3 目前只支持Python 3.7-3.8，Python 3.9+还不支持。所以，使用高版本的Python，字节码被反编译的概率更小，更安全。
执行命令：decompyle3.exe .\demo.exe_extracted\demo.pyc

在线解密

https://pyinstxtractor-web.netlify.app/