search

venaxyt / mysterium

Mysterium the first tool which permits you to retrieve the most part of a Python code even the .py or .pyc was extracted from an executable file, even it is encrypted with every existing encryptage. Mysterium don't make any difference between encrypted and non encrypted files, it can retrieve code from Pyarmor or .pyc files.
https://github.com/venaxyt/mysterium
MIT License
182 stars 31 forks source link

nothing happen after running the mysterium on the code #30

Closed mostafashr closed 1 year ago

mostafashr commented 2 years ago

I have an obfuscated flask app that has an encrypted .py file which is like so:

from pytransform import pyarmor_runtime pyarmor_runtime() pyarmor(name, file, b'\x50\x59\x ......

the app is a flask app and when I zip it and put it in the mysterium it will only run the flask app and nothing else happen. I have to stop the code with ctrl +c and the mysterium print the exit banner and nothing happen. what should I do and how should I proceed with this?

venaxyt commented 1 year ago

Hi buddy, sorry for responding so late. That basically means there is no module in your program, that is also in Mysterium's hijacked module I remade. What you can do is to use a proccess debugger like proccess hacked xdbg or IDA so you can check what modules are used, and after that you can ccreate a Python file or folder with init (same thing), with the same module's name next to your main so the latter will think it is the module (proximity priority rule on Python), and it will import this one instead of the real one in your libraries. You can try to change the modules functions so you can retrieve some code arguments, or you will soon be able to use an exploit I will publish for free that extracts from a hijacked module the program data and memory.