GithubHelp home page GithubHelp logo

Comments (6)

extremecoders-re avatar extremecoders-re commented on August 30, 2024

Most likely the key you're to decrypt is incorrect. It's 16 bytes in size.
If you share the pyimod00_crypto_key.pyc file, will be able to tell the correct key.

from pyinstxtractor.

4o3F avatar 4o3F commented on August 30, 2024

pyimod00_crypto_key.zip
The file is here and I decrypted the key Downloader-PyJun
Also, the pyz file is as follow
PYZ.zip

from pyinstxtractor.

extremecoders-re avatar extremecoders-re commented on August 30, 2024

The key is correct indeed. Looks the the executable may be using a modified pyinstaller.
Can you share the file pyimod02_archive.pyc?

from pyinstxtractor.

4o3F avatar 4o3F commented on August 30, 2024

Of course
extracted.zip

from pyinstxtractor.

extremecoders-re avatar extremecoders-re commented on August 30, 2024

This is an older version (<4.0) of PyInstaller which uses AES in CFB mode. Actually this is documented in the wiki.

The first snippet => https://github.com/extremecoders-re/pyinstxtractor/wiki/Frequently-Asked-Questions#are-encrypted-pyz-archives-supported

To automate the process you can use this script

import glob
import zlib
from Crypto.Cipher import AES
from pathlib import Path

CRYPT_BLOCK_SIZE = 16

# key obtained from pyimod00_crypto_key
key = bytes('Downloader-PyJun', 'utf-8')

for p in Path("PYZ-00.pyz_extracted").glob("**/*.pyc.encrypted"):
	inf = open(p, 'rb') # encrypted file input
	outf = open(p.with_name(p.stem), 'wb') # output file 

	# Initialization vector
	iv = inf.read(CRYPT_BLOCK_SIZE)

	cipher = AES.new(key, AES.MODE_CFB, iv)

	# Decrypt and decompress
	plaintext = zlib.decompress(cipher.decrypt(inf.read()))

	# Write pyc header
	# The header below is for Python 3.8
	outf.write(b'\x55\x0d\x0d\x0a\0\0\0\0\0\0\0\0\0\0\0\0')

	# Write decrypted data
	outf.write(plaintext)

	inf.close()
	outf.close()

	# Delete .pyc.encrypted file
	p.unlink()

from pyinstxtractor.

4o3F avatar 4o3F commented on August 30, 2024

Thanks! It is my mistake😥

from pyinstxtractor.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.