Informatic/pycextractor.py

## pycextractor.py
"""
Extracts plain python bytecode / marshal code from frozen binary.
Dirty as fuck and might fail / miss random stuff, but worked fine for me.

NOTE: Creates dump_*.pyc files in current directory!
"""

import sys

counter = 1
header = '\x03\xf3\x0d\x0a\x63\xe3\x18\x57'

with open(sys.argv[1], 'r') as fd:
    f = fd.read()
    pos = 0
    while True:
        pos = f.find('\x00' * 8 + 'c', pos)
        if pos == None or pos == -1:
            break;

        pos += 8
        endpos = f.find('\x00' * 16, pos+2) + 1

        if endpos - pos < 20:
            print 'Ignoring', hex(pos), hex(endpos)
            continue

        fname = 'dump_%d.pyc' % counter
        print 'Extracting', hex(pos), '-', hex(endpos), 'to', fname
        with open(fname, 'w') as fd2:
            fd2.write(header+f[pos:endpos])

        counter += 1
	"""
	Extracts plain python bytecode / marshal code from frozen binary.
	Dirty as fuck and might fail / miss random stuff, but worked fine for me.

	NOTE: Creates dump_*.pyc files in current directory!
	"""

	import sys

	counter = 1
	header = '\x03\xf3\x0d\x0a\x63\xe3\x18\x57'

	with open(sys.argv[1], 'r') as fd:
	f = fd.read()
	pos = 0
	while True:
	pos = f.find('\x00' * 8 + 'c', pos)
	if pos == None or pos == -1:
	break;

	pos += 8
	endpos = f.find('\x00' * 16, pos+2) + 1

	if endpos - pos < 20:
	print 'Ignoring', hex(pos), hex(endpos)
	continue

	fname = 'dump_%d.pyc' % counter
	print 'Extracting', hex(pos), '-', hex(endpos), 'to', fname
	with open(fname, 'w') as fd2:
	fd2.write(header+f[pos:endpos])

	counter += 1