Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/nesrak1/bonedensity
for bones that are too dense
https://github.com/nesrak1/bonedensity
Last synced: 12 days ago
JSON representation
for bones that are too dense
- Host: GitHub
- URL: https://github.com/nesrak1/bonedensity
- Owner: nesrak1
- Created: 2022-11-13T19:30:00.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2023-03-19T15:16:48.000Z (over 1 year ago)
- Last Synced: 2024-10-11T10:11:40.697Z (28 days ago)
- Language: Python
- Size: 934 KB
- Stars: 27
- Watchers: 2
- Forks: 3
- Open Issues: 3
-
Metadata Files:
- Readme: readme.md
Awesome Lists containing this project
- awesome-python-re - bonedensity - A deobfuscator for the obfuscator PyArmor. Supports both the free and the paid Super mode. (Deobfuscators / Manual analysis)
README
See writeup which started this: https://nesrak1.github.io/2022/11/13/flareon09-11.html
1. If the program is a pyinstaller exe, use pyinstxtractor to extract it.
2. Install the correct version of Python (pyinstxtractor will tell you which, if you used that)
3. Install pycryptodome for that version of Python
4. Run either of these commands
```
python bd.py encrypted_file.pyc _pytransform.dll
python bd.py encrypted_file.pyc pytransform.pyd
```
Use the pytransform.pyd file if you have it,
otherwise, use the _pytransform.dll version.
5. Pycdc will attempt to decompile. If you're not on Windows, you'll need to build this yourself. It's not very good (especially since it doesn't really support new versions of Python), so you may want to use pycdas instead on the `.pyc.fix.pyc` file. You can try uncompyle6/decompyle3, but so far in testing, none of them have decompiled with those two.
Note: only Windows dlls/pyds are supported right now.
Projects/libraries used:
* Pycryptodome: https://github.com/Legrandin/pycryptodome/
* Pycdc: https://github.com/zrax/pycdc
* unpyarmor: https://github.com/nlscc/unpyarmor