Reversing python elf files setup

Dear all,
I am trying to reverse an elf file which was compiled starting from a python script using PyInstaller. I first decompiled the file to pyc using pyi-archive_viewer. Then, when I try to convert it from .pyc to .py I always get weird errors with different tools ( pycdc, uncompyle6 and unpyc ). The errors that I get are mainly related to the magic number and even if I correct it manually I never manage to make it work with any of the mentioned tools.

Is there a docker image with the decompile feature ready to use? Or anyone knows how it can be possible to address such issues?


Most of the time I use pyinstxtractor to get the the pyc files and pycdc/decompyle3/uncompyle6 to get the decompiled code.
The problem may be caused by the python version as some decompiling tools are for specific versions of python only.
PM me the details and I can try to help with the issue.

we’re probably working on the same box. I went the manual route as well, and copied the magic bytes from a working file in a hex editor, but there were just way to many files to handle this way, and even then decompilation didn’t always work. I’ve installed pyenv to get the python version right, and now the extract does indeed work. If you want to give pyenv a try, it wouldn’t work unless I had all the dependencies installed make sure to check this out if you run into any probs: Pyenv's python is missing bzip2 module - Stack Overflow

1 Like