Reverse Engineering Pyarmor V2 | Tutorial

Hey, Method on reverse engineering pyarmor. I decided to make a new tutorial.

Download pyinstxtractor.py: Click here
VT: Click here

Code:

python pyinstxtractor.py unpackme.exe
mkdir tmp
copy unpackme.exe_extracted\crackme.pyc tmp
copy unpackme.exe_extracted\_pytransform.dll tmp
copy unpackme.exe_extracted\PYZ-00.pyz_extracted\pytransform.pyc tmp
cd tmp

Explanation:

  • First, you need to make sure that you are running the same python version as the file you’re trying to reverse.
  • You can find out the version when you run the first command as you can see here.
  • The python version is 38 (aka 3.8)
  • So make sure that that is the python version that you’re running.
  • You should be using Linux for all of this.
  • You can either install it through a VM or you can set up a WSL.
  • You should use all of the other commands on Linux and they are all self-explanatory.
  • After running through all the commands you should have the final .pyc file.
  • You need to move that file back into windows if you’re on a VM.
  • Next you need to download HxD. You can download it from here.
  • Now open cmd and type: "python " then drag and drop the pyc file.
  • Click enter then open HxD and go to Tools > Open Main Memory.
  • This shows you all the running programs.
  • Then click on python in HxD.
  • This shows you the decoded text.
  • You can scour through the decoded text and look for stuff like API’s, Passwords, etc…

This method won’t get you the full source code. It’s very hard to find and it may not be possible anymore.

Happy learning!

6 Likes