Unpacking and decompiling PyInstaller python executables
Nov 24, 2021
There are plenty of tutorials out there on how to do this process, I’m just writing it here for my own reference so I can come to a single place to find these notes.
Windows exe
Use this:
Linux ELF
$ pip install pydecipher
Then take your executable and do:
$ pydecipher path_to_elf
If you get no output, try 7zip to extract the ELF sections for us:
$ 7z x path_to_elf
This may produce several files, for the different sections and hopefully one called pydata. We can now try pydecipher on that:
$ pydecipher pydata
Now .pyc files are extracted and decompiled for us, ready for analysis.
