Mysterium the first tool which permits you to retrieve the most part of a Python code even the .py or .pyc was extracted from an executable file, even it is encrypted with every existing encryptage. Mysterium don't make any difference between encrypted and non encrypted files, it can retrieve code from Pyarmor or .pyc files.
Home Page: https://github.com/venaxyt/mysterium
License: MIT License
Hello,
I'm using latest pyarmor from pip (PyArmor Trial Version 7.0.3):
When using the zip (containing pyarmor obfuscated script and pytransform directory) mysterium keep having the error :
ModuleNotFoundError: No module named 'pytransform'
(Although it correctly copy theses file under modules directory)
I tried to fool it, creating the pytransform directory at the mysterium root, and using mysterium directly on the python file, but then I had a "Restrict mode error".
I think latest pyarmor use by default a "restrict mode = 1" (see : https://pyarmor.readthedocs.io/en/latest/mode.html#restrict-mode ).
It check if the obfuscated script is modified or is called from a non obfuscated script it- and raise the error : "Check bootstrap restrict mode failed" at execution.
I haven't found any workaround so far.
Anyone having the same issue ?
I have an obfuscated flask app that has an encrypted .py file which is like so:
from pytransform import pyarmor_runtime
pyarmor_runtime()
pyarmor(name, file, b'\x50\x59\x ......
the app is a flask app and when I zip it and put it in the mysterium it will only run the flask app and nothing else happen. I have to stop the code with ctrl +c and the mysterium print the exit banner and nothing happen. what should I do and how should I proceed with this?
The following error pops up when I try to inspect a file:
[>] Enter uninspected file directory : C:\Users\Erk\Desktop\reverse\TheRigsNitro.exe_extracted\grabitbitch.pyc
import re
import json
re.escape($)
Traceback (most recent call last):
File "grabitbitch.py", line 10, in
File "C:\Users\Erk\AppData\Local\Programs\Python\Python39\lib\urllib\request.py", line 88, in
import http.client
File "C:\Users\Erk\AppData\Local\Programs\Python\Python39\lib\http\client.py", line 71, in
import email.parser
File "C:\Users\Erk\AppData\Local\Programs\Python\Python39\lib\email\parser.py", line 12, in
from email.feedparser import FeedParser, BytesFeedParser
File "C:\Users\Erk\AppData\Local\Programs\Python\Python39\lib\email\feedparser.py", line 27, in
from email._policybase import compat32
File "C:\Users\Erk\AppData\Local\Programs\Python\Python39\lib\email_policybase.py", line 7, in
from email import header
File "C:\Users\Erk\AppData\Local\Programs\Python\Python39\lib\email\header.py", line 16, in
import email.quoprimime
File "C:\Users\Erk\AppData\Local\Programs\Python\Python39\lib\email\quoprimime.py", line 44, in
from string import ascii_letters, digits, hexdigits
File "C:\Users\Erk\AppData\Local\Programs\Python\Python39\lib\string.py", line 146, in
Template.init_subclass()
File "C:\Users\Erk\AppData\Local\Programs\Python\Python39\lib\string.py", line 85, in init_subclass
cls.pattern = _re.compile(pattern, cls.flags | _re.VERBOSE)
TypeError: unsupported operand type(s) for |: 'str' and 'str'
[>] The code is finished, don't forget to follow @venaxyt and @IDRALOU on Github
The idea of this tool is ngl pretty good... but you can easily get a virus with Mysterium.
Mysterium will execute the virus just by creating additionnal libraries, but if the file (virus) uses another libs, or works in a different way, your computer could get infected.
The file not working properly on windows
I Have error
RuntimeError: Bad magic number in .pyc file
can u help me fix this error
the whole:
[>] Enter uninspected file path : C:\Users\paulr\Downloads\DECOMPILEMAINL\Silence.pyc
RuntimeError: Bad magic number in .pyc file
[>] The code is finished
it was a .pyc file and in pycdc it says
Hello.
Does mysterium work with new PyArmor versions?
I just tried some obfuscated code that runs fine on Windows 10 64-bit and Python 3.8.6, but when I pass it through Mysterium the output is:
import re
import re
re.escape(w)
re.escape(i)
re.escape(n)
re.escape(d)
re.escape(o)
re.escape(w)
re.escape(s)
'str' object has no attribute 'match'
[>] The code is finished, don't forget to follow @venaxyt / @IDRALOU / @Bleu-No / @vjousse on Github
This script cant decrypt pyarmor, this is fake.
Author spent all time to draw this shit with his nickname, and thats all. Very good job. lol
You are just a script kiddy =)
Hello! When I run the script I get this error: NameError: name '__pyarmor__' is not defined
There is my zip file:
dist.zip
Thank you! :)
Hi,
when I enter the file path to pyarmor obfuscate ".zip", the following error appears:
import re import re re.escape(w) re.escape(i) re.escape(n) re.escape(d) re.escape(o) re.escape(w) re.escape(s) 'str' object has no attribute 'match'
Hello friend, could you help me with decompiling the encrypted python file,
The problem is that there is a Python project, but it is encrypted using Pyarmor,
The source code is there and everything adjacent to it too
Thanks in advance
I was have this error "str object has no attribute match", and i used this solution #26, but after than i have a new error "IndexError: tuple index out of range", i dont know how solve this. Help me pls
Python version: 3.10.2
deobfuscate.zip contains my obfuscated app code in zip format
pyarmor==7.3.6
$ uname -a
Darwin
[>] Enter uninspected file path : /Users/username/app-code/mysterium/deobfuscate.zip
[>] Enter Python obfuscated file name with extension : deobfuscate/init.py
Traceback (most recent call last):
File "modules/deobfuscate/init.py", line 1, in
from .pytransform import pyarmor_runtime
ModuleNotFoundError: No module named 'main.pytransform'; 'main' is not a package
obfuscated init.py
from .pytransform import pyarmor_runtime
pyarmor_runtime()
__pyarmor__(__name__, __file__, b'\x50\x59\x4ca....', 2)
source init.py
__version__ = '1.0.0.0'
Hi!
When I try to "reverse" a file with the program, this comes up:
File "C:\Users\Carry\Desktop\mysterium-main\modules\blue.py", line 173, in execute_file
exec(self.content, globals(), self.variables)
File "", line 3, in
ModuleNotFoundError: No module named 'pytransform'
I did everything as in the guide (), but when I start mysterium.py, it just executes the script, but does not output the code.
mysterium output:
[>] Enter uninspected file path : C:\Users\katy\Desktop\mysterium\FINAL_VIRUS.zip
[>] Enter Python obfuscated file name with extension : C:\Users\katy\Desktop\mysterium\modules\FINAL_VIRUS\virus.pyc
3.9.6 (tags/v3.9.6:db3ff76, Jun 28 2021, 15:26:21) [MSC v.1929 64 bit (AMD64)]
[>] The code is finished, don't forget to follow @venaxyt / @IDRALOU / @Bleu-No / @vjousse on Github
source virus.py:
import sys
def print_ver(version):
print(version)
x = sys.version
print_ver(x)
all good
BRO MAKE IT SUPPORT LINUX PATH!!!
Traceback (most recent call last):
File "/home/abdullahsh/Desktop/fucking/mysterium/mysterium.py", line 202, in
modules.blue.Blue(f'modules\{uninspected_file_name}.{uninspected_file_extension}', uninspected_file_directory)
File "/home/abdullahsh/Desktop/fucking/mysterium/modules/blue.py", line 39, in init
self.reading_file()
File "/home/abdullahsh/Desktop/fucking/mysterium/modules/blue.py", line 95, in reading_file
with open(self.filePath, 'rb') as f:
FileNotFoundError: [Errno 2] No such file or directory: 'modules\uninspected.pyc'
So I tried to deobfuscate this file Brute-FB but failed
Is it possible to decrypt premium pyarmor? Your tutorial requires me to obfuscate an init.py file. Without access to the pyarmor capsule that was used for the real entry script, how do I make this work?
getting error.
TypeError: 'str' object is not callable
Traceback (most recent call last):
File "C:\Users\123\Downloads\Telegram Desktop\BTC@mining_20_bot v6.1\BTC@mining_20_bot v6.1\Bip39Gen.py", line 2, in
File "C:\Users\EpicYT\AppData\Local\Programs\Python\Python39\lib\secrets.py", line 19, in
from random import SystemRandom
ImportError: cannot import name 'SystemRandom' from 'random' (E:\DEMO\mysterium-main\modules\random.py)
When I run mysterium, i get this message:
But when I run this program with python, it absolutely works.
NOTE: abi/standart.json exists.
Please create a docker version, I can’t set up the environment in any way, it swears on dependencies! and youtube video removed
[>] Enter uninspected file path : contract_module.pyc
import re
import re
re.escape($)
Traceback (most recent call last):
File "./mechanism/contract_module.py", line 1, in <module>
File "C:\Python38\lib\site-packages\web3\__init__.py", line 4, in <module>
import pkg_resources
File "C:\Python38\lib\site-packages\pkg_resources\__init__.py", line 33, in <module>
import email.parser
File "C:\Python38\lib\email\parser.py", line 12, in <module>
from email.feedparser import FeedParser, BytesFeedParser
File "C:\Python38\lib\email\feedparser.py", line 27, in <module>
from email._policybase import compat32
File "C:\Python38\lib\email\_policybase.py", line 7, in <module>
from email import header
File "C:\Python38\lib\email\header.py", line 16, in <module>
import email.quoprimime
File "C:\Python38\lib\email\quoprimime.py", line 44, in <module>
from string import ascii_letters, digits, hexdigits
File "C:\Python38\lib\string.py", line 80, in <module>
class Template(metaclass=_TemplateMetaclass):
File "C:\Python38\lib\string.py", line 77, in __init__
cls.pattern = _re.compile(pattern, cls.flags | _re.VERBOSE)
TypeError: unsupported operand type(s) for |: 'str' and 'str'
[>] The code is finished
What if i don't have the _pytransform.dll and init files? The code I have was an exe and I uncompylied it so i have the source code, but the source is protected with pyarmor on top of the exe. So I'm left with the pyarmor code. Is it possible to get the real source now?
any help?
[>] Enter uninspected file path : zaz.pyc
import random
import re
import re
re.escape(~)
re.escape(})
re.escape(|=)
re.escape(|)
re.escape({)
re.escape(^=)
re.escape(^)
re.escape(])
re.escape([)
re.escape(@=)
re.escape(@)
re.escape(>>=)
re.escape(>>)
re.escape(>=)
re.escape(>)
re.escape(==)
re.escape(=)
re.escape(<=)
re.escape(<<=)
re.escape(<<)
re.escape(<)
re.escape(;)
re.escape(:=)
re.escape(:)
re.escape(/=)
re.escape(//=)
re.escape(//)
re.escape(/)
re.escape(...)
re.escape(.)
re.escape(->)
re.escape(-=)
re.escape(-)
re.escape(,)
re.escape(+=)
re.escape(+)
re.escape(*=)
re.escape(**=)
re.escape(**)
re.escape(*)
re.escape())
re.escape(()
re.escape(&=)
re.escape(&)
re.escape(%=)
re.escape(%)
re.escape(!=)
re.escape($)
Traceback (most recent call last):
File "CNPFLOOD.py", line 3, in <module>
File "/opt/virtualenvs/python3/lib/python3.8/site-packages/discord/__init__.py", line 23, in <module>
import logging
File "/usr/lib/python3.8/logging/__init__.py", line 28, in <module>
from string import Template
File "/usr/lib/python3.8/string.py", line 80, in <module>
class Template(metaclass=_TemplateMetaclass):
File "/usr/lib/python3.8/string.py", line 77, in __init__
cls.pattern = _re.compile(pattern, cls.flags | _re.VERBOSE)
TypeError: unsupported operand type(s) for |: 'str' and 'str'
[>] The code is finished, don't forget to follow @venaxyt / @IDRALOU / @Bleu-No / @vjousse on Github
I have a file that ends with .pyd instead of the pytransform folder. I think its the Super Mode of PyArmor...
can mysterium deop this mode?
import re
import re
re.sub(\s+, , DB7C 2ABF62E3 5E668076 BEAD208B)
Traceback (most recent call last):
File "<modules\BTC.py>", line 2, in
File "", line 7, in
File "C:\Users\EpicYT\AppData\Local\Programs\Python\Python38\lib\site-packages\bip32utils_init_.py", line 1, in
from bip32utils.BIP32Key import BIP32Key, BIP32_HARDEN
File "C:\Users\EpicYT\AppData\Local\Programs\Python\Python38\lib\site-packages\bip32utils\BIP32Key.py", line 10, in
import ecdsa
File "C:\Users\EpicYT\AppData\Local\Programs\Python\Python38\lib\site-packages\ecdsa_init_.py", line 4, in
from .keys import (
File "C:\Users\EpicYT\AppData\Local\Programs\Python\Python38\lib\site-packages\ecdsa\keys.py", line 76, in
from . import ecdsa
File "C:\Users\EpicYT\AppData\Local\Programs\Python\Python38\lib\site-packages\ecdsa\ecdsa.py", line 311, in
_p = int(remove_whitespace("DB7C 2ABF62E3 5E668076 BEAD208B"), 16)
ValueError: invalid literal for int() with base 16: ''
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.