Last active
April 21, 2016 21:49
-
-
Save Informatic/2e21c049137a2efa80a3a3e9e00b8328 to your computer and use it in GitHub Desktop.
Extracts .pyc from frozen binaries (i've got no idea what freezer that was :^))
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
Extracts plain python bytecode / marshal code from frozen binary. | |
Dirty as fuck and might fail / miss random stuff, but worked fine for me. | |
NOTE: Creates dump_*.pyc files in current directory! | |
""" | |
import sys | |
counter = 1 | |
header = '\x03\xf3\x0d\x0a\x63\xe3\x18\x57' | |
with open(sys.argv[1], 'r') as fd: | |
f = fd.read() | |
pos = 0 | |
while True: | |
pos = f.find('\x00' * 8 + 'c', pos) | |
if pos == None or pos == -1: | |
break; | |
pos += 8 | |
endpos = f.find('\x00' * 16, pos+2) + 1 | |
if endpos - pos < 20: | |
print 'Ignoring', hex(pos), hex(endpos) | |
continue | |
fname = 'dump_%d.pyc' % counter | |
print 'Extracting', hex(pos), '-', hex(endpos), 'to', fname | |
with open(fname, 'w') as fd2: | |
fd2.write(header+f[pos:endpos]) | |
counter += 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment