extremecoders-re / bytecode_simplifier

A generic deobfuscator for PjOrion obfuscated python scripts
https://0xec.blogspot.com/2017/07/deobfuscating-pjorion-using-bytecode.html
103 stars 36 forks source link

Decompilers fails on complex files #1

Open Mixaill opened 7 years ago

Mixaill commented 7 years ago

Decompilers still fail to decompile .pyc even after bytecode_simplifier if original file was huge and complex.

Tested decompilers: uncompyle2, uncompyle6, pycdc.

test.zip

ghost commented 7 years ago

@Mixaill, есть хоть какой-то смысл заменить marshal на xdis в этом проекте? Ну и скопировать сюда opcode.py из Python2.7.7 ?

extremecoders-re commented 7 years ago

@Mixaill The script is protected using "Exec only in WOT" mode. This means BigWorld, BattleReplay etc modules from WOT must be present in PYTHONPATH.

Else the script would fail to import the module and consequently not all layers would be unwrapped. Unwrapping all the layers is very important. Bytecode simplifier works on the final layer.

At the moment, I am working on providing a fake BigWorld module to bypass this check.

homyzere commented 7 years ago

Maybe you could explain the method to put WOT modules in the PYTHONPATH to make your tool working as intended, do we need to decompress the pkg file that contains python files, etc ... And keep up the good work ;)

Stabmeqt commented 6 years ago

@extremecoders-re any luck on fake BigWorld?

extremecoders-re commented 6 years ago

@Stabmeqt I am afraid there hasn't been any progress on this.

Stabmeqt commented 6 years ago

@extremecoders-re That's unfortunate. Anyway, thank you for all the good work. Hope to see how you defeated WOT mode protection one day :)

fawdlstty commented 5 years ago

maybe this tool can solve: https://www.irdevelopers.com/post/12076/PjOrion-1.3.0-with-P2.7.html