Bidasci Posted June 29, 2019 Posted June 29, 2019 I have renamed the program to ensure anonymity. Hello everyone. I am trying to debug this program that is compiled with py2exe (you can tell from the icon) But when I try to debug it (x64dbg and others) it does not show the text. When you first run the program it gives you 3 options. One is to start mining, 2nd is to Send coins, and 3rd is to Check balance or view your public key. What I expected is that when running in a debugger it would expose what server it connects to and other ways. I can tell that the program is created in python because when ran in a debugger it shows Py commands. I have tried a method known as unpy2exe to decompile it but when I try to use that it says "This is not python code." and when ran with a PE scanner it says its created in visual studio v14 Is there a way I can decompile it into a way where I can see the instructions clearly? Thanks.
Extreme Coders Posted June 29, 2019 Posted June 29, 2019 Load the file in a Resource Editor (Resource Hacker). If its really a py2exe binary you would see a resource named PYTHONSCRIPT. Another tool for the same purpose: https://sourceforge.net/projects/p2ebe/ but its better to check manually first. 1
_null_ Posted June 29, 2019 Posted June 29, 2019 Could it be that this was compiled using Cython or some other library that converts it to C code first?
Pured Posted June 29, 2019 Posted June 29, 2019 It could be compiled with something such as cython or nukita which is hard to unpack. Also that does not mean it was made in Visual Studio. It means it is compiled with C++ runtime version 14 which all python exes say that when trying to find the packer. 1
Samz Posted June 29, 2019 Posted June 29, 2019 It is also possible that a wrapper made with C++ was used while the underlying app was coded originally with python.
Extreme Coders Posted June 30, 2019 Posted June 30, 2019 Its actually a PyInstaller generated executable. The first sign of this is the relatively large overlay 0x5e014c bytes ~ 6 MB. Further, you can search for one of the strings ("Failed to convert executable path to UTF-8.") on the PyInstaller GitHub repo and you would get a hit. For extracting PyInstaller binaries you can use my script pyinstxtractor.py There are also wrapper scripts on top of this for the same purpose https://github.com/countercept/python-exe-unpacker 1
Cursedzx Posted June 30, 2019 Posted June 30, 2019 send me file, i could atleast take a look at it. i have experience in unpacking those kind of assemblies.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now