All Activity

Awesome job! A tutorial would really help us understand it better

You can look for HydraDragonAntivirus/AutoNuitkaDecompiler: Get malware payload without dynamic analysis with this auto decompiler or my main project. I did with that. If you want dynamic analysis then Is Nuitka No Longer Secure? A Reverse Engineering Tool for Nuitka/Cython-Packed Applications — pymodhook | by qfcy | Medium (There more advanced special python code for pymodhook but it's closed source for vxnet and not made by me so I can't make it public) If you want both dynamic and static: Siradankullanici/nuitka-helper: Symbol Recovery Tool for Nuitka Binaries I did extract with stage1.py or nuitka-extractor extremecoders-re/nuitka-extractor: Tool to extract nuitka compiled executables (or just do dynamic analysis for extract and sometimes it can't extract or Nuitka compiles executable as dll so you need dll loader It seems like it becoming obsolete · Issue #15 · extremecoders-re/nuitka-extractor) my main project not stable but if he is become stable then he can detect is he nuitka and do auto extract with auto decompile and you get source code. Nuitka is actually hiding data in resources section in specia bytecode format. Actual source code starts from (u)python.exe or /python.exe (generally in broken executables) then you need look for <modulecode part for import recovery and Nuitka compiles with everything for obfuscation. So too many comment lines from file exists. You can detect junks by that line contains no u word. Which means this line is junk because u means go to next line in Nuitka bytecode. Nuitka is not obfuscated if he doesn't compile with everything otherwise it's obfuscated. You can improve my script by looking Nuitka bytecode source code. You can post to ay AI to recover code but Gemini is currently best for very long codes. Compared to other obfuscators you need pyarmor with Nuitka to make him more secure (or guardshield with pip install guardshield), otherwise it's easy task if there no too many imports. Rarely user disables compile everything even if the docs then your task much easier but in default Nuitka compiles everything. Nuitka clearly worser than Rust for some reason. 1) Antiviruses flags as malware because malware analysts can't understand Nuitka (even if they are too experinced they really don't know how to solve Nuitka) so you get false positives. 2) It's not good obfuscator and it's not creating millions of line hello world code via normal cython. I don't recommend python to use for avoid reverse engineering but you can still use it. If you want I can give all details which I know with tutorial or I can release my main project for auto Nuitka decomplication. My last words are don't use pyoxidizer, pyinstaller, cx_freeze if you want obfuscate your code because Nuitka is still best open source option for python. Nuitka can't remove python.h so the code must be pseudo python (Cython like style)

@Teddy Rogers #include <stdio.h> int main() { puts("Seems to work fine now, thanks!"); return 0; }

@Washi thank you for reporting. Can you try now, as it should be fixed. I had to upload some fresh files on to the server and it seems to have made the editor template revert back to a previous update... Ted.

@Teddy Rogers It seems the menu item disappeared again (or at least on Firefox)? At least I cannot see it under the + button anymore, even after a ctrl+f5.

Can you reveal some knowledge and tutorials?

Can you tell me how you did it ? Because from what I know Nuitka transpiles python bytecode to C and the compiled program contains very little python bytecode embedded into it and there's nothing else related other than native assembly code, that's where disassemblers come to play but everything disassembled will become pseudo C code instead of python

@jackyjask I was meant to post this a few days ago, if you have not already noticed, IPS moved the "Code Block", to menu... Ted.

1.dump 2.fix dump 3.ConfuserEx-Unpacker-v2.0 &Constants Decrypter 4.de4dot ConfuserEx-Unpacker-v2.0 prompts an error [$] Loading Module... [$] Loading References... [$] Detected: Confuser.Core 1.6.0+447341964f [$] Anti Tamper Detected [$] Anti Tamper Removed Successfully [$] Cleaned Control Flow on 272 Methods [$] Fixed proxy calls: 6749 [$] Removed proxy methods: 944 [$] Cleaned Control Flow on 2 Methods [$] Cleaned Control Flow on 2 Methods [$] Patched 5 Anti Invokes [$] Cleaned Control Flow on 2 Methods Error: Could not load file or assembly 'DEMO123456, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'. This assembly was compiled for a different processor. at System.Reflection.RuntimeAssembly.nLoadImage(Byte[] rawAssembly, Byte[] rawSymbolStore, Evidence evidence, StackCrawlMark& stackMark, Boolean fIntrospection, Boolean fSkipIntegrityCheck, SecurityContextSource securityContextSource) at System.Reflection.Assembly.Load(Byte[] rawAssembly) at Unpacker.Core.Deobfuscators.Resource.ResourceDeobfuscator.Deobfuscate(UnpackerContext context) in D:\Documents\Visual Studio 2017\Projects\GitHub\ConfuserEx-Unpacker\Unpacker.Core\Deobfuscators\Resource\ResourceDeobfuscator.cs:line 40 at Unpacker.Core.UnpackerEngine.Run(UnpackerParameters parameters) in D:\Documents\Visual Studio 2017\Projects\GitHub\ConfuserEx-Unpacker\Unpacker.Core\UnpackerEngine.cs:line 38 Error: Object reference not set to an instance of an object. at Unpacker.Core.Utils.FindInstructionsNumber(MethodDef method, OpCode opCode, Object operand) in D:\Documents\Visual Studio 2017\Projects\GitHub\ConfuserEx-Unpacker\Unpacker.Core\Helpers\Utils.cs:line 33 at Unpacker.Core.Deobfuscators.AntiDebugDeobfuscator.Deobfuscate(UnpackerContext context) in D:\Documents\Visual Studio 2017\Projects\GitHub\ConfuserEx-Unpacker\Unpacker.Core\Deobfuscators\AntiDebugDeobfuscator.cs:line 18 at Unpacker.Core.UnpackerEngine.Run(UnpackerParameters parameters) in D:\Documents\Visual Studio 2017\Projects\GitHub\ConfuserEx-Unpacker\Unpacker.Core\UnpackerEngine.cs:line 38 [$] Removed 1 Attributes [$] Cleaning unused methods... [$] Writing Module... [$] Saving Module...

hi all. i know this thread is like 13 years old but i am trying to call the DLL functions from nsf_player.dll but it's not working. does anyone can help me? i've used chatgpt to transform the C++ code into a MASM32 one but apparently it's not working. thanks! NSF_MASM32.rar