Posted June 29, 20196 yr I have renamed the program to ensure anonymity. Hello everyone. I am trying to debug this program that is compiled with py2exe (you can tell from the icon) But when I try to debug it (x64dbg and others) it does not show the text. When you first run the program it gives you 3 options. One is to start mining, 2nd is to Send coins, and 3rd is to Check balance or view your public key. What I expected is that when running in a debugger it would expose what server it connects to and other ways. I can tell that the program is created in python because when ran in a debugger it shows Py commands. I have tried a method known as unpy2exe to decompile it but when I try to use that it says "This is not python code." and when ran with a PE scanner it says its created in visual studio v14 Is there a way I can decompile it into a way where I can see the instructions clearly? Thanks.
June 29, 20196 yr Load the file in a Resource Editor (Resource Hacker). If its really a py2exe binary you would see a resource named PYTHONSCRIPT. Another tool for the same purpose: https://sourceforge.net/projects/p2ebe/ but its better to check manually first.
June 29, 20196 yr Could it be that this was compiled using Cython or some other library that converts it to C code first?
June 29, 20196 yr It could be compiled with something such as cython or nukita which is hard to unpack. Also that does not mean it was made in Visual Studio. It means it is compiled with C++ runtime version 14 which all python exes say that when trying to find the packer.
June 29, 20196 yr It is also possible that a wrapper made with C++ was used while the underlying app was coded originally with python.
June 30, 20196 yr Its actually a PyInstaller generated executable. The first sign of this is the relatively large overlay 0x5e014c bytes ~ 6 MB. Further, you can search for one of the strings ("Failed to convert executable path to UTF-8.") on the PyInstaller GitHub repo and you would get a hit. For extracting PyInstaller binaries you can use my script pyinstxtractor.py There are also wrapper scripts on top of this for the same purpose https://github.com/countercept/python-exe-unpacker
June 30, 20196 yr send me file, i could atleast take a look at it. i have experience in unpacking those kind of assemblies.
Create an account or sign in to comment