Reverse Engineer a .pyo python file
I have 2 .pyo python files that I can convert to .py source files, but they don't compile perfectly as hinted by decompyle's verify.
Therefore looking at the source code, I can tell that config.pyo simply had variables in in an array:
ADMIN开发者_开发百科_USERIDS = [116901, 141, 349244, 39, 1159488]
I would like to take the original .pyo and disassembly or whatever I need to do inorder to change one of these IDs.
Or....
in model.pyo the source indicates a
if (productsDeveloperId != self.getUserId()):
All I would want to do is hex edit the != to be a == .....Simple with a windows exe program but I can't find a good python disassembler anywhere.
Any suggestions are welcomed...I am new to reading bytecode and new to python as well.
Convert the .pyo files to .py and then edit the .py and then run python on the .py files. Python will regenerate the .pyo files Don't edit the pyo
I don't know the python bytecode but I would doubt that the strings == or 1= would appear in the .pyo file
Although a much better way is get the original .py files and use them. If they give the wrong program as implied by wanting to change != to == then you could ask the supplier to fix the bug.
IDA up to 6.0 doesn't have a .pyc decompilation module.
I don't know if this directly helps you, but Python already has a bytecode disassembler.
For the opposite operation, i.e., generating bytecode, there are a couple of alternatives. On one hand you have the standard compiler package and then there is also the BytecodeAssembler library, which may be more suited to your needs.
Very recently I've developed tools that should help with this sort of thing. Some of the stuff is still very much alpha, but with some work you could have used it here.
There are several disassemblers around and they generally appear in the decompiler. The one I am partial to of course is the one I wrote called xdis because it gives the most information about what is in the bytecode file. There is also one called pycdas written in C++ and is in the project that has the pycdc decompiler. So that part is not new.
Also, as you indicate you used a decompiler but it wasn't perfect. Hopefully in later versions called uncompyle6 these bugs have been addressed. But if not, file a github issue.
Ok. So now onto what is new. Recently I've modified the disassembler to make it amenable to modification and have written an Python assembler to store it back into the pyc bytecode format. This stuff is still in alpha; find it at http://github.com/rocky/python-xasm .
So with that you could make the simple changes to the constants and the condition tests.
So now let me go into the condition test since you asked about that specifically and it hasn't been fully answered here.
Consider this simple Python code:
___file__ == '__main'
Let's disassemble that with pydisasm:
...
# Constants:
# 0: '__main'
# 1: None
# Names:
# 0: ___file__
1: 0 LOAD_NAME 0 (___file__)
3 LOAD_CONST 0 ('__main')
6 COMPARE_OP 2 (==)
9 POP_TOP
10 LOAD_CONST 1 (None)
13 RETURN_VALUE
Ok. so we see that the == is the operand of a COMPARE_OP
instructions which is encoded as 2.
Looking at the doc for this https://docs.python.org/3.6/library/dis.html#opcode-COMPARE_OP (this is for Python 3.6, but it's the same across pretty much all Python versions) there is the marginally helpful explanation:
The operation name can be found in cmp_op[opname].
But for the secret decoder ring information you'll have to go to the Python source code for opcode.py which you probably have on your disk somewhere, but here's a link: https://github.com/python/cpython/blob/master/Lib/opcode.py#L24 where we have
cmp_op = ('<', '<=', '==', '!=', '>', '>=', 'in', 'not in', 'is', ...
And you'll see that while == is 2, != is 3.
As for changing the constant [116901, 141, 349244, 39, 1159488] that would appear in my disassembler in the section called Constants and you'd basically change the numbers there and then run the assembler.
加载中,请稍侯......
精彩评论