Python - Pyinstaller

Python scripts packaged with pyinstaller have an IDE in them. Converts all scripts into bytecode and packages in an executable. Can be encrypted with a key.

What PyInstaller Does and How It Does It — PyInstaller 6.10.0 documentation

Inspect bytecode files in executable:

pip install pyinstaller

pyi-archive_viewer archivefile

-x to extract:

What is a .pyz file?

A .pyz file is just a normal zip with a header that allows it to be executed. Python can import modules from a zip file exactly like from a subdirectory.

So, if the function is in a file called __main__.py, you just do:

from my_pyz_file.__main__ import runJob

Zipapp: This module provides tools to manage the creation of zip files containing Python code, which can be executed directly by the Python interpreter

Automated - Extract packaged python bytecode from .exe.

GitHub - pyinstxtractor/pyinstxtractor-ng: PyInstaller Extractor Next GenerationGitHub

Point at file name and it will output all .pyc files.

python pyinstxtractor-ng.py Filename

Decompile the bytecode:

pip install uncompyle6-3.9.2-py3-none-any.whl

python ./uncompyle6 File.pyc

uncompyle6PyPI

What if it's encrypted?

The AES key is stored in the pyimod00_crypto_key file. It's just a .pyc so it can be decompiled.

SNEAKIER WAY:

If you want to hide your source code more thoroughly, one possible option is to compile some of your modules with Cython. Using Cython you can convert Python modules into C and compile the C to machine language. PyInstaller can follow import statements that refer to Cython C object modules and bundle them.

Decompile compiled python binaries (exe, elf) - Retreive from .pycHackTricks