Sign In
Create Account
I am reverse engineering my first piece of software and already fixed the "unknown magic numbers" errors.
I have run into a block of code that says this and i don't know what to do. Any tips appreciated:
Stuck at PyArmor deobfusaction
Started By Aqu4, Sep 24 2019 02:39 AM
#1
Posted 24 September 2019 - 02:39 AM
Aqu4
Offline
33
Likes
Likes
TRADER
Posts: 88
Threads: 24
Joined: Sep 13, 2019
Credits: 0
Five years registered
#2
Posted 24 September 2019 - 05:08 AM
FaithHF
Offline
235
Likes
Likes
SESH
Posts: 408
Threads: 36
Joined: Dec 04, 2016
Credits: 0
Eight years registered
#2
Posted 24 September 2019 - 05:08 AM
Although I'm not familiar with pyarmor (or much regarding python obfuscation,) I do know that it basically works like this:
Now, again, it's my assumption that the pyarmor runtime, rather than executing data within the function, will simply decrypt the data and shift it down to the offset of 0 (or maybe just call it at the offset for the bytecode.) From there, it'll call the bytecode as a function, finish execution, then finally return/exit the program.
My best guess is to maybe play around with the pyarmor runtime and see if you can get it to output anything. Poke around until something moves, I guess. Maybe find a pirated copy of IDA and some python plugins so you can step through and see how the bytecode actually works.
Sorry I probably can't be too much help :/
#3
Posted 25 September 2019 - 11:32 PM
tonu96
Offline
40
Likes
Likes
Addicted
Posts: 211
Threads: 6
Joined: Mar 12, 2019
Credits: 0
Five years registered
#3
Posted 25 September 2019 - 11:32 PM
Perhaps PyArmor somehow defeats this, but with a decent IDE like PyCharm you should be able to run the software through the debugger and have it show the decompiled code as it's executed. It'll still be obfuscated, but at least you could capture the obfuscated code portion and try to work out what it's doing manually and/or write a script to deobfuscate it.
#4
Posted 05 October 2019 - 07:19 AM
Lavidon
Offline
685
Likes
Likes
Jockers best friend
Posts: 1739
Threads: 469
Joined: Dec 30, 2016
Credits: 4
Deal with caution
User has an open scam report.
User has an open scam report.
User has joined recently.
Make sure to use a MiddleMan.
Make sure to use a MiddleMan.
Seven years registered
#4
If you are lucky enough person was using trial version wich means you can use any lib to run software,idk if that helps you in any way tho.
PS here are docs ,take a look it will give you some clues and good luck
Posted 05 October 2019 - 07:19 AM
If you are lucky enough person was using trial version wich means you can use any lib to run software,idk if that helps you in any way tho.
PS here are docs ,take a look it will give you some clues and good luck
I am reverse engineering my first piece of software and already fixed the "unknown magic numbers" errors.
I have run into a block of code that says this and i don't know what to do. Any tips appreciated:
#5
Posted 16 November 2019 - 04:17 PM
leonh03
Offline
0
Likes
Likes
Advanced Member
Posts: 105
Threads: 0
Joined: Aug 13, 2017
Credits: 0
Seven years registered
#6
Posted 20 March 2020 - 02:30 PM
SkillDima
Offline
2
Likes
Likes
New Member
Posts: 22
Threads: 0
Joined: Aug 18, 2018
Credits: 0
Six years registered
Users browsing this thread: and 1 guests
