Identifying if the program I have is python and then decompiling

[jpnyc]

First try, if the program was written with Python and packed with PyInstaller: https://github.com/extremecoders-re/pyinstxtractor

Decompiler for pyc-files:

Python >3.7: https://github.com/rocky/python-decompile3
Python all : https://pypi.org/project/uncompyle6/

Tool to analyze Binary files: https://ghidra-sre.org/


I guess he has taken the easy way. Program written with Python and packed as distribution with PyInstaller.

First try, if the program was written with Python and packed with PyInstaller: https://github.com/extremecoders-re/pyinstxtractor

Decompiler for pyc-files:

Python >3.7: https://github.com/rocky/python-decompile3
Python all : https://pypi.org/project/uncompyle6/

Tool to analyze Binary files: https://ghidra-sre.org/


I guess he has taken the easy way. Program written with Python and packed as distribution with PyInstaller.

Thanks for your reply. I was hopeful from your post I might be getting somewhere with this. I ran into some snags and Ill relate them to you, maybe something will be of some more help.

First, as I originally mentioned the program in question was written for a Mac. I tried pyinstxtractor but couldn't get it to run on the Mac (I suspect I need to install a full python install, not just use the built in OS version).

So I installed python on a Win10 box. The first thing I noticed is that the program I trying to decompile wouldn't run on the Win10 machine. I assume the packer makes an executable that is platform specific.

after adding an extension .pyo to the file I tried pyinstxtractor again. This is the output

Output:
C:\Users\David>D:\pyinstxtractor.py d:\SA.pyo
[+] Processing d:\SA.pyo
[+] Pyinstaller version: 2.0
[+] Python version: 309
[+] Length of package: 9419143 bytes
Traceback (most recent call last):
  File "D:\pyinstxtractor.py", line 423, in <module>
    main()
  File "D:\pyinstxtractor.py", line 411, in main
    arch.parseTOC()
  File "D:\pyinstxtractor.py", line 235, in parseTOC
    struct.unpack( \
struct.error: unpack requires a buffer of 6906162 bytes

I also tried decompyle3 d:\SA.pyo

Output:
Unknown magic number 64207 in D:\SA.pyo

I installed the Java SDK and ran ghidra-sre. I havent figured out how to use the program but it looks like it is trying to load a project file not a python file. Maybe I'm missing something.

Couldn't figure ut how to install uncompyle6 but I'm pretty fried. Will look at it again tomorrow.

Does any of this information help or give you any more clues?

Thanks