Hi list, So after much delay pyREtic is finally available.
Thanks to Dave for allowing this to be released the GPLv3 license, even though I no longer work at Immunity. The pyREtic code includes the REpdb debugger extension, the OpcodeRemap code for discovering a new opcode map at runtime and the pyREtic in memory decompilation (via UnPYC) using all 3 techniques shown in the summer in Las Vegas. The code is available from (including a HOWTO doc): http://www.immunityinc.com/downloads/pyREtic_0.5.1.zip and http://pyretic.googlecode.com/files/pyREtic_0.5.1.zip The presentation given at Blackhat and Defcon is available at: http://prezi.com/kmyvgiobsl1d/pyretic-rich-smith-blackhatdefcon-2010 A slightly updated paper is available at: http://pyretic.googlecode.com/files/pyREtic%20%20In%20memory%20reverse%20engineering%20for%20obfuscated%20Python%20bytecode.pdf If you find bugs, write new features or just use it and it helps you find nice bugs feel free to let me know :) Cheers Rich If you are unfamiliar with what pyREtic is intended to be useful for then this may help, from the readme: <snip> What is it ? -------------------------------------------------------------------------------- pyREtic is an extensible framework to assist in performing various reverse engineering tasks for Python language projects. It assists a reverse engineer in gaining sourcecode (.py's) back from bytecode (.pyc's), in particular it assists when the code that is being reversed has put some effort into trying to stop decompilation using standard toolsets. It consists of 3 main parts: * REpdb : A RE centric superset of the pdb functionality to allow the easy interaction by a reverser to the code they are reversing. * OpcodeRemap : The component that is able to deduce a new opcode table from a Python runtime that has changed its opcode layout in order to confuse many standard Python decompilers. * LiveUnpyc : An extension to Dmitri Kornev's UnPyc decompiler project (http://unpyc.sourceforge.net/) which allows live Python objects in memory to be decompiled back to Python sourcecode via 3 different methods. The capabilities within the pyREtic toolkit were written to be effective against the protections that a majority of closed source Python developers were using to protect the code they were distributing from being read in its source form. The output from pyREtic was to produce a source code representation of an object to which you could gain access to in a running instance of the target application. This representation only needed to be good enough to be able to assess the security of the target application rather than being absolutely perfect copy. History -------------------------------------------------------------------------------- pyREtic began life when I worked at Immunity Inc, and was first publicly presented at the BlackHat 2010 conference in Las Vegas, and then at Defcon 17. I am now no longer employed by Immunity but Dave Aitel was kind enough to release the code under the GPL to allow people to access it and allow its development to continue. The latest version of the framework can be found at http://pyretic.googlecode.com and will be mirrored at www.immunityinc.com as well Future -------------------------------------------------------------------------------- The features that will be added to pyREtic in future will reflect the development of my needs for dealing with reversing Python applications moving forward. If you have suggestions however let me know. </snip>
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
