{"id":13674075,"url":"https://github.com/knight0x07/pyc2bytecode","last_synced_at":"2025-04-28T13:32:15.056Z","repository":{"id":39715973,"uuid":"447273766","full_name":"knight0x07/pyc2bytecode","owner":"knight0x07","description":"A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*) ","archived":false,"fork":false,"pushed_at":"2023-05-28T21:24:57.000Z","size":6,"stargazers_count":134,"open_issues_count":3,"forks_count":23,"subscribers_count":8,"default_branch":"main","last_synced_at":"2024-11-11T14:40:27.987Z","etag":null,"topics":["blueteam","cybersecurity","disassembler","infosec","infosectools","malware-analysis","malware-research","python","reverse-engineering","security-tools","static-analysis","threat-intelligence"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/knight0x07.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2022-01-12T15:38:44.000Z","updated_at":"2024-10-28T03:59:08.000Z","dependencies_parsed_at":"2024-01-21T20:58:59.085Z","dependency_job_id":null,"html_url":"https://github.com/knight0x07/pyc2bytecode","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/knight0x07%2Fpyc2bytecode","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/knight0x07%2Fpyc2bytecode/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/knight0x07%2Fpyc2bytecode/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/knight0x07%2Fpyc2bytecode/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/knight0x07","download_url":"https://codeload.github.com/knight0x07/pyc2bytecode/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251319763,"owners_count":21570452,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blueteam","cybersecurity","disassembler","infosec","infosectools","malware-analysis","malware-research","python","reverse-engineering","security-tools","static-analysis","threat-intelligence"],"created_at":"2024-08-02T11:00:38.124Z","updated_at":"2025-04-28T13:32:10.015Z","avatar_url":"https://github.com/knight0x07.png","language":"Python","funding_links":[],"categories":["Python","Reverse Engineering"],"sub_categories":["Malware Articles and Sources"],"readme":"# pyc2bytecode:\n\nA Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)\n\n## Usage: \n\nTo run pyc2bytecode:\n```\n\u003e Console Disassembled Output: python pyc2bytecode.py -p \u003cpyc_file_path\u003e\n\u003e Save Disassembled Output to a file: python pyc2bytecode.py -p \u003cpyc_file_path\u003e -o \u003coutput_file_path\u003e \n```\n## Demonstration:\n\n**pyc2bytecode** can be used by researchers for reverse engineering Malicious Python Binaries and tear them apart in order to understand the inner workings of the binary statically.\n\nWe execute pyc2bytecode.py against **onlyfans.pyc** which is extracted from a recent Python ransomware sample masquerading as an **OnlyFans** executable in the wild using [pyinstxtractor.py](https://github.com/countercept/python-exe-unpacker/blob/master/pyinstxtractor.py)\n\nFollowing are the analysis results extracted post execution of **pyc2bytecode**:\n\n![2](https://user-images.githubusercontent.com/60843949/149174687-0191b9f2-89e0-493e-b140-0f3b2adc5af6.PNG)\n\n![3](https://user-images.githubusercontent.com/60843949/149175102-fe0c9214-c7cd-4f78-87a0-aa25c4571196.PNG)\n\n![7](https://user-images.githubusercontent.com/60843949/149175411-fc4606c4-4f42-49ad-9724-4d60ba81e7fa.PNG)\n\n![8](https://user-images.githubusercontent.com/60843949/149175512-6c577c97-d4d3-4f8f-a409-cb327eb84a23.PNG)\n\n![9](https://user-images.githubusercontent.com/60843949/149175534-f3bb9f11-8ca7-4564-8281-ebc7d32a6e34.PNG)\n\n**Extract the Disassembled output into a text file**\n\n![output-file](https://user-images.githubusercontent.com/60843949/149175676-34e76764-c7e9-4990-8c4c-ef3cda214450.PNG)\n\n![10](https://user-images.githubusercontent.com/60843949/149175797-8075b3e1-61e5-4645-a693-688539c36b6a.PNG)\n\n\n## Future Development:\n\n- Develop Python decompiler for recent python versions by using pyc2bytecode (Need to DIS it up :p)\n\n## Credits \u0026 References:\n\ni) https://github.com/google/pytype/blob/main/pytype/pyc/magic.py - Magic Numbers\t\u003c/br\u003e\nii) https://nedbatchelder.com/blog/200804/the_structure_of_pyc_files.html - PYC structure\t\u003c/br\u003e\niii) https://docs.python.org/3/library/dis.html - DIS\t\u003c/br\u003e\niv) https://docs.python.org/3/library/marshal.html- Marshal\t\u003c/br\u003e\n\n**Thankyou, Feedback would be greatly appreciated! hope you like the tool :) - knight!**\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fknight0x07%2Fpyc2bytecode","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fknight0x07%2Fpyc2bytecode","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fknight0x07%2Fpyc2bytecode/lists"}