1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104
|
import os import sys import pyinstxtractor import glob import zlib import tinyaes from pathlib import Path import re
class Main(): def __init__(self, parent=None): self.exe_file = sys.argv[1] self.pyc_dir = "" self.key = "" self.files = []
def exe2pyc(self): sys.argv = ['pyinstxtractor.py', self.exe_file] pyinstxtractor.main()
def get_pyc_dir(self): self.pyc_dir = os.path.basename(self.exe_file) + "_extracted"
def encrypted2pyc(self, root): CRYPT_BLOCK_SIZE = 16 key = bytes(self.key[0], 'utf-8') for p in Path(root).glob("**/*.pyc.encrypted"): inf = open(p, 'rb') outf = open(p.with_name(p.stem), 'wb') iv = inf.read(CRYPT_BLOCK_SIZE) cipher = tinyaes.AES(key, iv) plaintext = zlib.decompress(cipher.CTR_xcrypt_buffer(inf.read())) outf.write(b'\x42\x0d\x0d\x0a\0\0\0\0\0\0\0\0\0\0\0\0') outf.write(plaintext) inf.close() outf.close() print("change %s ---> %s"%(p, p.with_name(p.stem)))
def pyc2py(self, root, files): for file_name in files: if file_name.endswith('.pyc'): if not self.check_if_file_exists(file_name): if file_name.endswith('.pyc'): part_name = file_name[0:-4] part_file_name = os.path.join(root, part_name).replace("\\","/") os.system("decompyle3 %s.pyc > %s.py"%(part_file_name, part_file_name)) print("change %s.pyc ---> %s.py"%(part_file_name, part_file_name)) else: print("%s already exist, skip"%(file_name[0:-4]+'.py')) continue
def get_key_from_crypto_key(self): for root, dirs, files in os.walk(self.pyc_dir, True): for file_name in files: if file_name == "pyimod00_crypto_key.pyc": part_name = file_name[0:-4] part_file_name = os.path.join(root, part_name).replace("\\","/") os.system("decompyle3 %s.pyc > %s.py"%(part_file_name, part_file_name)) print("change %s.pyc ---> %s.py"%(part_file_name, part_file_name)) with open(part_file_name+'.py', 'r') as f: for line in f.readlines(): if "key = " in line: self.key = re.findall(r"'([^']*)'", line)
def check_if_file_exists(self, file_name): part_name = file_name[0:-4] + '.py' if part_name in self.files: return True return False
def exe2py(self): self.exe2pyc() os.chdir("..") self.get_pyc_dir() self.get_key_from_crypto_key() pyz_file = self.pyc_dir+"/PYZ-00.pyz_extracted" self.encrypted2pyc(pyz_file) for root, dirs, files in os.walk(self.pyc_dir, True): self.files = files self.pyc2py(root, files)
if __name__=="__main__": if len(sys.argv) < 2: print('[+] Usage: exe2py.py <filename>') mainFunc = Main() magic = mainFunc.exe2py()
|