You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have been recently learning reverse engineering and have stumbled upon an executable which happens to using Nuitka. So far i have looked across how Nuitka works internally, and the other issue regarding decompilation #392 , i am currently trying to load the executable into a disassembler but seems like the executable creates multiple threads and does some other stuff to make it harder, i was wondering if there's a better solution. I tried giving it malformed input and found out something interesting,
Traceback (most recent call last):
File "C:\bin\bootstrap.py", line 17, in <module>
File "C:\bin\crackme.py", line 1018, in main
File "C:\bin\crackme.py", line 913, in start
File "C:\bin\bridge.py", line 456, in run
File "C:\bin\timer.py", line 142, in check
File "C:\bin\timer.py", line 103, in <lambda>
File "C:\bin\bridge.py", line 1061, in _checkQuit
SystemExit: 0
Seems like the executable indeed has the code in there somewhere? how else would it be able to figure out the exact traceback, with exact line numbers. I tried using objectdump and stringdump, seems like there are string literals in the executable which could resemble to the source, but so far i am having a hard time extracting the logic from the program.
Is there any way i can better analyse the problem?
Nuitka is purposefully making sure that tracebacks have line numbers. Depending on the source reference mode, the original file locations are potentially used, in which case the files would be read if present.
The data is intact, but code is in C, and can be found there.
The writing of the byte code flag is for when Python source code loader reads a .py file, if the compiled bytecode should be stored on disk, so next time reading it will not have to parse it. Has nothing to do with Nuitka.
There is no bytecode in Nuitka except for standard library in standalone mode, so there seems no point in your issue really?
Thank you for the explanation, that makes sense. Seems like i'll need to use standard disassembly tools and treat the executable as if compiled from a C compiler.
I have been recently learning reverse engineering and have stumbled upon an executable which happens to using Nuitka. So far i have looked across how Nuitka works internally, and the other issue regarding decompilation #392 , i am currently trying to load the executable into a disassembler but seems like the executable creates multiple threads and does some other stuff to make it harder, i was wondering if there's a better solution. I tried giving it malformed input and found out something interesting,
Seems like the executable indeed has the code in there somewhere? how else would it be able to figure out the exact traceback, with exact line numbers. I tried using objectdump and stringdump, seems like there are string literals in the executable which could resemble to the source, but so far i am having a hard time extracting the logic from the program.
Is there any way i can better analyse the problem?
Possible helpful info
cs:Py_DontWriteBytecodeFlag
could be a key help?Thank you so much for any help.
The text was updated successfully, but these errors were encountered: