Nuitka 2.1.5 (Python 3.11)

Hi 

Nuitka compiled python 3.11 file 

Correct password doesn't important 

Just patching

Thanks

File Information

Submitter Sh4DoVV

Submitted 04/18/2024

Category CrackMe

View File

idk but it need to copy Python311 folder to C:\Python311 in order to run your CrackMe.exe

00007FF7344C57A6 | 85ED                     | test ebp,ebp
00007FF7344C57A8 | 74 76                    | je crackme.7FF7344C5820 <-- NOP THIS
00007FF7344C57AA | 49:83F8 FF               | cmp r8,FFFFFFFFFFFFFFFF

I found out that input() use PyDict_GetItemString so I find xref to function and trace down then found some branching that look like it preparing data for printing output and exit the program.

CrackMe_patched.7z

Nuitka can be easily unpacked and reversed. It doesn't obfuscate your code well. I'm suprised nobody solved this very easily. Also your executable is broken. Here is the full source code:

def check_password(): """Check password function""" user_password = input("Enter the password: ") specific_password = "secret110" if user_password specific_password: print("Good boy!") else: print("Bad boy!") if name "__main__": check_password()

On 8/27/2025 at 8:55 PM, hydradragonantivirus said:

Nuitka can be easily unpacked and reversed. It doesn't obfuscate your code well. I'm suprised nobody solved this very easily. Also your executable is broken. Here is the full source code:

def check_password(): """Check password function""" user_password = input("Enter the password: ") specific_password = "secret110" if user_password specific_password: print("Good boy!") else: print("Bad boy!") if name "__main__": check_password()

Can you tell me how you did it ? Because from what I know Nuitka transpiles python bytecode to C and the compiled program contains very little python bytecode embedded into it and there's nothing else related other than native assembly code, that's where disassemblers come to play but everything disassembled will become pseudo C code instead of python

On 8/27/2025 at 9:55 PM, hydradragonantivirus said:

Nuitka can be easily unpacked and reversed. It doesn't obfuscate your code well. I'm suprised nobody solved this very easily. Also your executable is broken. Here is the full source code:

def check_password(): """Check password function""" user_password = input("Enter the password: ") specific_password = "secret110" if user_password specific_password: print("Good boy!") else: print("Bad boy!") if name "__main__": check_password()

Can you reveal some knowledge and tutorials?

You can look for HydraDragonAntivirus/AutoNuitkaDecompiler: Get malware payload without dynamic analysis with this auto decompiler

or my main project. I did with that. If you want dynamic analysis then Is Nuitka No Longer Secure? A Reverse Engineering Tool for Nuitka/Cython-Packed Applications — pymodhook | by qfcy | Medium

(There more advanced special python code for pymodhook but it's closed source for vxnet and not made by me so I can't make it public)

If you want both dynamic and static: Siradankullanici/nuitka-helper: Symbol Recovery Tool for Nuitka Binaries

I did extract with stage1.py or nuitka-extractor extremecoders-re/nuitka-extractor: Tool to extract nuitka compiled executables

(or just do dynamic analysis for extract and sometimes it can't extract or Nuitka compiles executable as dll so you need dll loader It seems like it becoming obsolete · Issue #15 · extremecoders-re/nuitka-extractor)

my main project not stable but if he is become stable then he can detect is he nuitka and do auto extract with auto decompile and you get source code.

Nuitka is actually hiding data in resources section in specia bytecode format. Actual source code starts from (u)python.exe or /python.exe (generally in broken executables) then you need look for <modulecode part for import recovery and Nuitka compiles with everything for obfuscation. So too many comment lines from file exists. You can detect junks by that line contains no u word. Which means this line is junk because u means go to next line in Nuitka bytecode. Nuitka is not obfuscated if he doesn't compile with everything otherwise it's obfuscated. You can improve my script by looking Nuitka bytecode source code. You can post to ay AI to recover code but Gemini is currently best for very long codes. Compared to other obfuscators you need pyarmor with Nuitka to make him more secure (or guardshield with pip install guardshield), otherwise it's easy task if there no too many imports. Rarely user disables compile everything even if the docs then your task much easier but in default Nuitka compiles everything. Nuitka clearly worser than Rust for some reason. 1) Antiviruses flags as malware because malware analysts can't understand Nuitka (even if they are too experinced they really don't know how to solve Nuitka) so you get false positives. 2) It's not good obfuscator and it's not creating millions of line hello world code via normal cython. I don't recommend python to use for avoid reverse engineering but you can still use it. If you want I can give all details which I know with tutorial or I can release my main project for auto Nuitka decomplication. My last words are don't use pyoxidizer, pyinstaller, cx_freeze if you want obfuscate your code because Nuitka is still best open source option for python. Nuitka can't remove python.h so the code must be pseudo python (Cython like style)

4 hours ago, hydradragonantivirus said:

You can look for HydraDragonAntivirus/AutoNuitkaDecompiler: Get malware payload without dynamic analysis with this auto decompiler

or my main project. I did with that. If you want dynamic analysis then Is Nuitka No Longer Secure? A Reverse Engineering Tool for Nuitka/Cython-Packed Applications — pymodhook | by qfcy | Medium

(There more advanced special python code for pymodhook but it's closed source for vxnet and not made by me so I can't make it public)

If you want both dynamic and static: Siradankullanici/nuitka-helper: Symbol Recovery Tool for Nuitka Binaries

I did extract with stage1.py or nuitka-extractor extremecoders-re/nuitka-extractor: Tool to extract nuitka compiled executables

(or just do dynamic analysis for extract and sometimes it can't extract or Nuitka compiles executable as dll so you need dll loader It seems like it becoming obsolete · Issue #15 · extremecoders-re/nuitka-extractor)

my main project not stable but if he is become stable then he can detect is he nuitka and do auto extract with auto decompile and you get source code.

Nuitka is actually hiding data in resources section in specia bytecode format. Actual source code starts from (u)python.exe or /python.exe (generally in broken executables) then you need look for <modulecode part for import recovery and Nuitka compiles with everything for obfuscation. So too many comment lines from file exists. You can detect junks by that line contains no u word. Which means this line is junk because u means go to next line in Nuitka bytecode. Nuitka is not obfuscated if he doesn't compile with everything otherwise it's obfuscated. You can improve my script by looking Nuitka bytecode source code. You can post to ay AI to recover code but Gemini is currently best for very long codes. Compared to other obfuscators you need pyarmor with Nuitka to make him more secure (or guardshield with pip install guardshield), otherwise it's easy task if there no too many imports. Rarely user disables compile everything even if the docs then your task much easier but in default Nuitka compiles everything. Nuitka clearly worser than Rust for some reason. 1) Antiviruses flags as malware because malware analysts can't understand Nuitka (even if they are too experinced they really don't know how to solve Nuitka) so you get false positives. 2) It's not good obfuscator and it's not creating millions of line hello world code via normal cython. I don't recommend python to use for avoid reverse engineering but you can still use it. If you want I can give all details which I know with tutorial or I can release my main project for auto Nuitka decomplication. My last words are don't use pyoxidizer, pyinstaller, cx_freeze if you want obfuscate your code because Nuitka is still best open source option for python. Nuitka can't remove python.h so the code must be pseudo python (Cython like style)

Awesome job! A tutorial would really help us understand it better