Home
Upgrade
Credits
Search
Awards
Auth
Vouches
ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!

Jump to content

Home Upgrade Credits Search Awards Auth Vouches
Sign In
Create Account


Photo

Stuck at PyArmor deobfusaction

Started By Aqu4, Sep 24 2019 02:39 AM

  • Please log in to reply
Stuck at PyArmor deobfusaction

#1
Posted 24 September 2019 - 02:39 AM

Aqu4
Aqu4
    Offline
    6
    Rep
    33
    Likes

    TRADER

Posts: 88
Threads: 24
Joined: Sep 13, 2019
Credits: 0

Four years registered
#1
Posted 24 September 2019 - 02:39 AM

I am reverse engineering my first piece of software and already fixed the "unknown magic numbers" errors.

 

I have run into a block of code that says this and i don't know what to do. Any tips appreciated:

Please Login or Register to see this Hidden Content


  • 2

#2
Posted 24 September 2019 - 05:08 AM

FaithHF
FaithHF
    Offline
    36
    Rep
    234
    Likes

    SESH

Posts: 408
Threads: 36
Joined: Dec 04, 2016
Credits: 0

Seven years registered
#2
Posted 24 September 2019 - 05:08 AM

Although I'm not familiar with pyarmor (or much regarding python obfuscation,) I do know that it basically works like this:

 

Please Login or Register to see this Hidden Content

 

Now, again, it's my assumption that the pyarmor runtime, rather than executing data within the function, will simply decrypt the data and shift it down to the offset of 0 (or maybe just call it at the offset for the bytecode.) From there, it'll call the bytecode as a function, finish execution, then finally return/exit the program.

 

My best guess is to maybe play around with the pyarmor runtime and see if you can get it to output anything. Poke around until something moves, I guess. Maybe find a pirated copy of IDA and some python plugins so you can step through and see how the bytecode actually works.

 

Sorry I probably can't be too much help :/


  • 0

#3
Posted 25 September 2019 - 11:32 PM

tonu96
tonu96
    Offline
    6
    Rep
    40
    Likes

    Addicted

Posts: 211
Threads: 6
Joined: Mar 12, 2019
Credits: 0
Five years registered
#3
Posted 25 September 2019 - 11:32 PM

Perhaps PyArmor somehow defeats this, but with a decent IDE like PyCharm you should be able to run the software through the debugger and have it show the decompiled code as it's executed. It'll still be obfuscated, but at least you could capture the obfuscated code portion and try to work out what it's doing manually and/or write a script to deobfuscate it.


  • 0

#4
Posted 05 October 2019 - 07:19 AM

lavid
lavid
    Offline
    164
    Rep
    686
    Likes

    Jockers best friend

Posts: 1737
Threads: 468
Joined: Dec 30, 2016
Credits: 4

Seven years registered
#4
Posted 05 October 2019 - 07:19 AM

Please Login or Register to see this Hidden Content


If you are lucky enough person was using trial version wich means you can use any lib to run software,idk if that helps you in any way tho.
PS here are docs 

Please Login or Register to see this Hidden Content

,take a look it will give you some clues and good luck :D

 

I am reverse engineering my first piece of software and already fixed the "unknown magic numbers" errors.

 

I have run into a block of code that says this and i don't know what to do. Any tips appreciated:

Please Login or Register to see this Hidden Content


  • 1

i88abQ.gif

#5
Posted 16 November 2019 - 04:17 PM

leonh03
leonh03
    Offline
    0
    Rep
    0
    Likes

    Advanced Member

Posts: 105
Threads: 0
Joined: Aug 13, 2017
Credits: 0
Six years registered
#5
Posted 16 November 2019 - 04:17 PM

thank you bro  i will try this out bro!


  • 0

#6
Posted 20 March 2020 - 02:30 PM

SkillDima
SkillDima
    Offline
    0
    Rep
    2
    Likes

    New Member

Posts: 22
Threads: 0
Joined: Aug 18, 2018
Credits: 0

Five years registered
#6
Posted 20 March 2020 - 02:30 PM

any one know how to deobfuscate it?


  • 0
Back to General Chat

 Users browsing this thread:

  1. Nulled
  2. Reverse Engineering
  3. General Chat