Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/knight0x07/pyc2bytecode
A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)
https://github.com/knight0x07/pyc2bytecode
blueteam cybersecurity disassembler infosec infosectools malware-analysis malware-research python reverse-engineering security-tools static-analysis threat-intelligence
Last synced: about 1 month ago
JSON representation
A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)
- Host: GitHub
- URL: https://github.com/knight0x07/pyc2bytecode
- Owner: knight0x07
- Created: 2022-01-12T15:38:44.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2023-05-28T21:24:57.000Z (over 1 year ago)
- Last Synced: 2024-08-03T11:08:54.058Z (4 months ago)
- Topics: blueteam, cybersecurity, disassembler, infosec, infosectools, malware-analysis, malware-research, python, reverse-engineering, security-tools, static-analysis, threat-intelligence
- Language: Python
- Homepage:
- Size: 5.86 KB
- Stars: 129
- Watchers: 8
- Forks: 24
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - knight0x07/pyc2bytecode - A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Py (Python)
README
# pyc2bytecode:
A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)
## Usage:
To run pyc2bytecode:
```
> Console Disassembled Output: python pyc2bytecode.py -p
> Save Disassembled Output to a file: python pyc2bytecode.py -p -o
```
## Demonstration:**pyc2bytecode** can be used by researchers for reverse engineering Malicious Python Binaries and tear them apart in order to understand the inner workings of the binary statically.
We execute pyc2bytecode.py against **onlyfans.pyc** which is extracted from a recent Python ransomware sample masquerading as an **OnlyFans** executable in the wild using [pyinstxtractor.py](https://github.com/countercept/python-exe-unpacker/blob/master/pyinstxtractor.py)
Following are the analysis results extracted post execution of **pyc2bytecode**:
![2](https://user-images.githubusercontent.com/60843949/149174687-0191b9f2-89e0-493e-b140-0f3b2adc5af6.PNG)
![3](https://user-images.githubusercontent.com/60843949/149175102-fe0c9214-c7cd-4f78-87a0-aa25c4571196.PNG)
![7](https://user-images.githubusercontent.com/60843949/149175411-fc4606c4-4f42-49ad-9724-4d60ba81e7fa.PNG)
![8](https://user-images.githubusercontent.com/60843949/149175512-6c577c97-d4d3-4f8f-a409-cb327eb84a23.PNG)
![9](https://user-images.githubusercontent.com/60843949/149175534-f3bb9f11-8ca7-4564-8281-ebc7d32a6e34.PNG)
**Extract the Disassembled output into a text file**
![output-file](https://user-images.githubusercontent.com/60843949/149175676-34e76764-c7e9-4990-8c4c-ef3cda214450.PNG)
![10](https://user-images.githubusercontent.com/60843949/149175797-8075b3e1-61e5-4645-a693-688539c36b6a.PNG)
## Future Development:
- Develop Python decompiler for recent python versions by using pyc2bytecode (Need to DIS it up :p)
## Credits & References:
i) https://github.com/google/pytype/blob/main/pytype/pyc/magic.py - Magic Numbers
ii) https://nedbatchelder.com/blog/200804/the_structure_of_pyc_files.html - PYC structure
iii) https://docs.python.org/3/library/dis.html - DIS
iv) https://docs.python.org/3/library/marshal.html- Marshal**Thankyou, Feedback would be greatly appreciated! hope you like the tool :) - knight!**