Decompiling an pyinstaller exe and compatibility with BeautifulSoup+Request
232 views
Skip to first unread message
Alessandro Minghelli
May 28, 2020, 5:32:02 AM5/28/20
to PyInstaller
Hi
In my office I developed a little utility and I compiling this with PyInstaller.
It's not very important someone copy this (there isn't commercial value), but is very important none can decompiling the source.
First question is: Is there a way to decompiling an executable made with PyInstaller to obtain the source code?
Second question is in the subject. PyInstaller is compatible with BS4 and Request libraries?
Thanks
Hartmut Goebel
May 28, 2020, 5:37:35 AM5/28/20
to pyins...@googlegroups.com
Am 28.05.20 um 10:45 schrieb Alessandro
Minghelli:
It's not very important someone copy this (there isn't commercial value), but is very important none can decompiling the source.
First question is: Is there a way to decompiling an executable made with PyInstaller to obtain the source code?
Yes, his is possible.
There is a feature for encrypting the source, but this is currently broken. Please consider funding the fix: http://www.pyinstaller.org/funding.html
--
Schönen Gruß
Hartmut Goebel
Dipl.-Informatiker (univ), CISSP, CSSLP, ISO 27001 Lead Implementer
Information Security Management, Security Governance, Secure Software Development
Schönen Gruß
Hartmut Goebel
Dipl.-Informatiker (univ), CISSP, CSSLP, ISO 27001 Lead Implementer
Information Security Management, Security Governance, Secure Software Development
Goebel Consult, Landshut
http://www.goebel-consult.de
Blog:
https://www.goe-con.de/blog/chatsecure-ist-tot-lang-lebe-chatsecure
Kolumne:
https://www.goe-con.de/hartmut-goebel/cissp-gefluester/2011-11-in-troja-nichts-neues
墨焓
May 29, 2020, 4:23:38 AM5/29/20
to pyins...@googlegroups.com
I'm not sure about the compatibility issue, but I guess it should be fine.
As for the decompiling thing, yes, it's easy to decompile. The tool called "pyinstxtractor" shipped with pyinstaller is designed to unpack the built binary. After that, all individual files can be found, by default they are just python bytecode ".pyc" files, while python-bytecode-to-sourcecode-converter can be found everywhere on internet. So basically you can get everything back including docstrings and comments. However if they are not ".pyc" bytecode files, but pre-built binary library files like ".so" or ".pyd", the the reverse-engineering job would be very very tough, even nearly impossible.
Alessandro Minghelli <alessandro...@gmail.com> 于 2020年5月28日周四 17:32写道:
--
You received this message because you are subscribed to the Google Groups "PyInstaller" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pyinstaller...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pyinstaller/32b53b3c-7760-42e9-9b2b-cbf5919e165d%40googlegroups.com.
Hartmut Goebel
May 29, 2020, 10:29:28 AM5/29/20
to pyins...@googlegroups.com
Am 29.05.20 um 08:42 schrieb 墨焓:
The tool called "pyinstxtractor" shipped with pyinstaller
This tool is not shipped with PyInstaller. If your PyInstaller archive contains this tool, you you have an faulty archive.
So basically you can get everything back including docstrings and comments.
This is wrong, you can not get back comments from a .pyc file.
(Trust me, I'm offered a python-bytecode-to-sourcecode service for
many years.)
--
Schönen Gruß
Hartmut Goebel
Dipl.-Informatiker (univ), CISSP, CSSLP, ISO 27001 Lead Implementer
Information Security Management, Security Governance, Secure Software Development
Schönen Gruß
Hartmut Goebel
Dipl.-Informatiker (univ), CISSP, CSSLP, ISO 27001 Lead Implementer
Information Security Management, Security Governance, Secure Software Development
Goebel Consult, Landshut
http://www.goebel-consult.de
Alessandro Minghelli
May 29, 2020, 12:29:40 PM5/29/20
to PyInstaller
Thanks for your answer.
Alessandro Minghelli
May 29, 2020, 12:30:30 PM5/29/20
to PyInstaller
Thanks for your answer.
Just another question.
There's a way so in the exe the file will be .so or .pyd?
Otherwise need I make some pre elaboration before I make the exe file?
Otherwise need I make some pre elaboration before I make the exe file?
Alex
Il giorno venerdì 29 maggio 2020 10:23:38 UTC+2, 墨焓 ha scritto:
I'm not sure about the compatibility issue, but I guess it should be fine.As for the decompiling thing, yes, it's easy to decompile. The tool called "pyinstxtractor" shipped with pyinstaller is designed to unpack the built binary. After that, all individual files can be found, by default they are just python bytecode ".pyc" files, while python-bytecode-to-sourcecode-converter can be found everywhere on internet. So basically you can get everything back including docstrings and comments. However if they are not ".pyc" bytecode files, but pre-built binary library files like ".so" or ".pyd", the the reverse-engineering job would be very very tough, even nearly impossible.
Alessandro Minghelli <alessandr...@gmail.com> 于 2020年5月28日周四 17:32写道:
Hi--In my office I developed a little utility and I compiling this with PyInstaller.It's not very important someone copy this (there isn't commercial value), but is very important none can decompiling the source.First question is: Is there a way to decompiling an executable made with PyInstaller to obtain the source code?Second question is in the subject. PyInstaller is compatible with BS4 and Request libraries?Thanks
You received this message because you are subscribed to the Google Groups "PyInstaller" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pyins...@googlegroups.com.
墨焓
May 29, 2020, 12:30:39 PM5/29/20
to pyins...@googlegroups.com
Then it must be my incorrect memory. The pyinstxtractor should be from internet too, and the comments are not in bytecode, while the real code including docstrings are.
I will cythonize the source file which I'd like to protect, which could pretty much stop the decompiling (to source), but all the libraries packed inside by pyinstaller are still accessible by anyone.
Hartmut Goebel <h.go...@goebel-consult.de> 于 2020年5月29日周五 22:29写道:
--
You received this message because you are subscribed to the Google Groups "PyInstaller" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pyinstaller...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pyinstaller/0b91fa16-4969-928f-7602-e494861eda74%40goebel-consult.de.
墨焓
May 30, 2020, 5:12:18 AM5/30/20
to pyins...@googlegroups.com
If you need pre-compiled binary library like ".so" (unix-like OS) or ".pyd" (Windows OS, similar to DLL), then you need cython.
Cython is not only used to convert bytecode to binary, it's made to convert python dynamic type into C static type which improves performance tremendously, it's also used to build C extensions for python using python Lang.
Alessandro Minghelli <alessandro...@gmail.com> 于 2020年5月30日周六 00:30写道:
To unsubscribe from this group and stop receiving emails from it, send an email to pyinstaller...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pyinstaller/3c254997-9dfd-446e-be00-074e7a1c0038%40googlegroups.com.
Brendan Simon (GMAIL)
May 30, 2020, 11:01:19 AM5/30/20
to pyins...@googlegroups.com, Hartmut Goebel
On 28/5/20 7:37 pm, Hartmut Goebel
wrote:
Am 28.05.20 um 10:45 schrieb Alessandro Minghelli:
It's not very important someone copy this (there isn't commercial value), but is very important none can decompiling the source.
First question is: Is there a way to decompiling an executable made with PyInstaller to obtain the source code?
Yes, his is possible.
There is a feature for encrypting the source, but this is currently broken. Please consider funding the fix: http://www.pyinstaller.org/funding.html
I've used Cython, before PyInstaller packaging
step, to "compile" your python modules to "executable" code
(.so/.dylib files). It's a step harder to decompile it to useful
python code, but I suspect it's not impossible. And the upside is
you will get some performance improvement too (if that is
important at all).
Brendan.
Brendan.
Alessandro Minghelli
May 30, 2020, 12:04:27 PM5/30/20
to PyInstaller
Thanks
The commercial value of my utility is not big. I just wish complicate life who wish use my source. Also the speed is not so important.
The commercial value of my utility is not big. I just wish complicate life who wish use my source. Also the speed is not so important.
Chris Barker - NOAA Federal
May 31, 2020, 3:51:35 AM5/31/20
to pyins...@googlegroups.com
>
> The commercial value of my utility is not big. I just wish complicate life who wish use my source. Also the speed is not so important.
Then you are fine with pyInstaller, only shipping *.pyc files.
> The commercial value of my utility is not big. I just wish complicate life who wish use my source. Also the speed is not so important.
A determined hacker can decompile it fairly easily, but unless you
have proprietary algorithms— no one is going to bother.
-CHB
>
> --
> You received this message because you are subscribed to the Google Groups "PyInstaller" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to pyinstaller...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages