Reverse Engineering PyInstaller programs

Pyinstaller is a popular tool for "compiling" python programs into a native program. Can you get the original code out?
1 min read
#reverse-engineering#notes

pyinstaller is a tool to compile your python programs into “native code”. How secure is it actually? Spoiler: It’s not.

When pyinstaller bundles your app - it compiles all your python code to bytecode, and compresses it. Then, it embeds that compressed version within the program you distribute.

Someone can easily run a tool to extract that archive, and then run a tool like uncompyle6 to de-compile the python bytecode (.pyc) files back into almost original state.

You’ll know you’re likely dealing with pyinstaller, if your binary has lots of symbols that start with _pyi_, or the entrypoint calls _pyi_main().

https://github.com/extremecoders-re/pyinstxtractor

https://github.com/rocky/python-uncompyle6

Obviously - only do this for programs you’re legally allowed to decompile.

Feedback

Found a typo or technical problem? report an issue!

Subscribe to my Newsletter

Like this post? Subscribe to get notified for future posts like this.