can't decompile this file

[jstar88]

hi, can't decompile this file https://hotfile.com/dl/255863057/715ce3c/iamspotted.pyc.html

[iraklisv]

Same here,

I get the following error:

Can't uncompyle iamspotted.pyc

Traceback (most recent call last): File "C:\Python27\lib\site-packages\uncompyle2init.py", line 197, in main

uncompyle_file(infile, outstream, showasm, showast, deob)

File "C:\Python27\lib\site-packages\uncompyle2init.py", line 129, in unco mpyle_file version, co = _load_module(filename) File "C:\Python27\lib\site-packages\uncompyle2init.py", line 74, in _load _module raise ImportError, "This is a Python %s file! Only Python 2.7 files are supp orted." % version ImportError: This is a Python 2.6 file! Only Python 2.7 files are supported.

decompiled 0 files: 0 okay, 1 failed, 0 verify failed

2013.11.20 15:00:56 Central Standard Time

[jstar88]

note: it's in python 2.6

[Mysterie]

I can't download the file mentioned because hotfile.com is dead. But uncompyle2 support PYC version 2.5 to 2.7. So I don't know why you have issues with 2.6.

We haven't the same code line 74:

if (version > 2.7) or (version < 2.5):
    raise ImportError, "This is a Python %s file! Only Python 2.5 to 2.7 files are supported." % version

Check your files and clone the last uncompyle2 :)

[auerserg]

I have same file, so I uploaded it to file storage http://rghost.ru/51466521 this file compiled witch python 2.6.4 and used Marshal I tried to decompile it but in return received an empty file, witch extension "pyc_dis_failed"

[inflectecrasta]

verry interested in decompile and "how to do it" so ill upload in my dropbox https://www.dropbox.com/s/eksw6s9zqb0t29m/iamspotted.pyc

[caot]

is the pyc valide?

Python 2.6.6 (r266:84292, Oct 12 2012, 14:23:48) [GCC 4.4.6 20120305 (Red Hat 4.4.6-4)] on linux2 Type "help", "copyright", "credits" or "license" for more information.

import dis import py_compile import compiler dis.dis('iamspotted.pyc') Traceback (most recent call last): File "", line 1, in File "/usr/lib64/python2.6/dis.py", line 44, in dis disassemble_string(x) File "/usr/lib64/python2.6/dis.py", line 111, in disassemble_string labels = findlabels(code) File "/usr/lib64/python2.6/dis.py", line 165, in findlabels oparg = ord(code[i]) + ord(code[i+1])*256 IndexError: string index out of range

[inflectecrasta]

yes is valid. same type of script was decompile with service http://crazy-compilers.com/decompyle/, for a sample in decompile: 1- this one is compiled https://www.dropbox.com/s/u78wklkstxw5h36/12.pyc 2- this is decompiled with that service https://www.dropbox.com/s/1vsu2ghdlvny4ut/2.pyc

P.S. in e-mail was this Thanks for using crazy compiler Decompyle Service!

Enclosed please find the decompyled files. Decompyle does a good job on reconstructing the source. Anyway you should check whether there are any errors in the source.

Please note that I've removed the encrypted material for legal reasons. As you are the legitimate owner of the source, if should be easy to complete it from your documentation.

[Mysterie]

hacik, your dropbox link didn't seems valid. I've download the PYC and I'll check this issue tomorrow, btw, crazy-compilers use closed & not free software ! :-(

[mooseyaka]

open popcorn :)

[inflectecrasta]

links fixed

[ambassadorkosha]

more one popcorn and minicola plz...

[Mysterie]

It seems that those files are protected / obfuscated. The goal of uncompyle2 is to decompyle, not deobfuscate code.

So as I say in https://github.com/Mysterie/uncompyle2/issues/12.

"For the moment I'll try to improve the python bytecode reader, and the way error are handled. But uncompyle2 is a decompilator not a deobfuscator (for the moment), so it won't be a full fix."

Thanks for your report! :)

[drfrank]

So anyone had luck in decompiling this file ? Iam also highly interested.

[ghost]

Yes. Try to import it and research the traceback

[drfrank]

Ok.. i tried this i found out that some jumps for IF FALSE and IF TRUE are out of rang of the length of the code.

But i need some more hints where to go from there. I already tried to fix the jump target by setting them to 1 or 0. But if i do this i run into another problem regarding the function "getOpcodeToDel" which fails because of an assertion

[drfrank]

thank you iam making progress however i come around a lot of non valid target right now because everyother command seems to have an invalid target i.e. ('LOAD_CONST', 100) with targets like 26368

[drfrank]

Ok got it almost working ... but now iam facing the problem you mentioned that uncompyle2 ist not able to handle NOPs. Do you know any other Tool which can handle this ?

I tried PYRETIC but without any sucess.

[drfrank]

0x48 PRINT_NEWLINE have done the trick ...

[homyzere]

1nj3ct0r or drfrank, someone could write a little howto maybe? Thanks in advance.

[ghost]

Sorry right now I have no time for this. But as I mentioned above you can start from this

cryptedModuleName = '12'
try:
    __import__(cryptedModuleName)
except:
    #Research the traceback for code objects you interested in
    #And you can marshal.dump() it to a file or do something else you want

[jstar88]

this is what im trying to do without results

import traceback
import marshal
import sys
cryptedModuleName = 'iamspotted'
try:
     __import__(cryptedModuleName)
except:
info = sys.exc_info()
marshal.dump(info[0],open('test.txt'))

[ghost]

Why don't you spend some time to understand this Python language? Why info[0], where it should be info[2]? And why did you open a file for reading, if you're going to write it???

    exc_traceback = sys.exc_info()[2]
    code = exc_traceback.tb_next.tb_next.tb_frame.f_code
    marshal.dump(code, open('test.pyc', 'wb'))

Or something like this.... Also you have to attach the header to the file. And you have to start with https://www.dropbox.com/s/u78wklkstxw5h36/12.pyc because it's more difficult to decompile the "iamspotted"

[drfrank]

you get header by using

f = open('iamspotted.pyc', 'rb')
header = f.read(8)
f.close()