{"id":1095,"date":"2022-11-18T00:05:23","date_gmt":"2022-11-17T16:05:23","guid":{"rendered":"https:\/\/blog.langsasec.cn\/?p=1095"},"modified":"2022-11-18T00:08:19","modified_gmt":"2022-11-17T16:08:19","slug":"reserve_edusrc","status":"publish","type":"post","link":"https:\/\/blog.langsasec.cn\/index.php\/2022\/11\/18\/reserve_edusrc\/","title":{"rendered":"\u4ece\u624b\u6b20\u5220\u9664\u6e90\u4ee3\u7801\u5230\u53cd\u7f16\u8bd1exe\u627e\u56de"},"content":{"rendered":"

<\/span>\u524d\u8a00<\/span><\/h2>\n

\u4e4b\u524d\u53d1\u7684EDU\u67e5\u8be2\u8f85\u52a9\u5de5\u5177\uff0c\u53ea\u7528Pyinstaller\u6253\u5305\u4e86exe\uff0c\u6709MAC\u7684\u5c0f\u4f19\u4f34\u60f3\u8981\u8fd0\u884c\uff0c\u4f46\u662f\u6211\u89c9\u5f97\u5c4e\u5c71\u4ee3\u7801\u6ca1\u5fc5\u8981\u5f00\u6e90\uff0c\u5728\u67d0\u4e00\u5929\u6211\u5c06\u9879\u76ee\u6e90\u7801\u6c38\u4e45\u5220\u9664\uff0c\u6062\u590d\u4e4b\u540e\u4e71\u7801\uff0c\u6240\u4ee5\u6ca1\u529e\u6cd5\u6ee1\u8db3\u5c0f\u4f19\u4f34\u7684\u9700\u6c42\u3002\u540e\u9762\u60f3\u7740\u627e\u4e2a\u673a\u4f1a\u80fd\u4e0d\u80fd\u53cd\u7f16\u8bd1\u4e00\u4e0b\uff0c\u53cd\u6b63\u4ee3\u7801\u8d85\u7b80\u5355\u3002<\/p>\n

<\/span>\u9879\u76ee\u4ecb\u7ecd<\/span><\/h2>\n

<\/span>\u9879\u76ee\u5730\u5740<\/span><\/h3>\n
\n

https:\/\/github.com\/langsasec\/edusrc<\/a><\/p>\n<\/blockquote>\n

\"image-20221117234238848\"<\/p>\n

\u8fd9\u662f\u4e4b\u524d\u95f2\u7684\u6ca1\u4e8b\u7528Flask\u5f00\u53d1\u7684\u4e00\u4e2a\u8d85\u8f7b\u91cf\u7684\u7f51\u7ad9\uff0c\u4e3b\u8981\u65b9\u4fbf\u7528\u4e8eEDU_SRC\u67e5\u8be2\u5177\u4f53\u5b66\u6821\u548c\u4fe1\u606f\u641c\u96c6\u7528\uff0c\u6700\u5f00\u59cb\u662f\u5305\u542bSqlite\u6570\u636e\u5e93\u6587\u4ef6\u7684\uff0c\u540e\u6765\u89c9\u5f97\u5c31\u4e24\u5f20\u8868\uff0c\u7d22\u6027\u628a\u6570\u636e\u67e5\u51fa\u6765\u653e\u5230Python\u5217\u8868\u91cc\u66f4\u65b9\u4fbf\u3002\u6700\u540e\u53ea\u6709\u4e00\u4e2a\u540e\u7aef\u6587\u4ef6main.py\u548c\u9759\u6001\u8d44\u6e90\u3002<\/p>\n

<\/span>\u51c6\u5907\u5de5\u4f5c<\/span><\/h2>\n

<\/span>\u6240\u7528\u8f6f\u4ef6<\/span><\/h3>\n

\u73af\u5883\uff1aPython3<\/p>\n

    \n
  1. edusrc.exe(\u5df2\u7528Pyinstaller\u6253\u5305\u597dFlask\u7684exe)<\/li>\n
  2. X-ways(16\u8fdb\u5236\u7f16\u8f91\u5668\u5373\u53ef\uff0c\u6211\u7528\u7684X-ways\uff0cwindows\u7528WinHex\uff0cMac\u7528010 editor)<\/li>\n
  3. reverse_pyexe(pyinstaller\u6253\u5305\u7684exe\u9006\u5411\u8fd8\u539f\u9879\u76ee)<\/li>\n
  4. Pyc\u53cd\u7f16\u8bd1\u5de5\u5177(\u5728\u7ebf\u6216uncompyle6\u7b49\u5176\u4ed6\u65b9\u6cd5)<\/li>\n<\/ol>\n

    <\/span>edusrc.exe\u2192main.pyc<\/span><\/h2>\n

    <\/span>\u6267\u884c\u547d\u4ee4<\/span><\/h3>\n

    \u5c06\u9700\u8981\u53cd\u7f16\u8bd1\u7684exe<\/code>\u548cpyinstxtractor.py<\/code>\u653e\u5230\u540c\u4e00\u4e2a\u76ee\u5f55\u4e0b\u76f4\u63a5\u8fd0\u884c<\/p>\n

    \"image-20221117220830287\"<\/p>\n

    python pyinstxtractor.py edusrc.exe<\/code><\/pre>\n
    \"image-20221117222110116\"<\/p>\n
    \u751f\u6210edusrc.exe_extracted\u6587\u4ef6\u5939<\/p>\n
    \"image-20221117221133702\"<\/p>\n
    \u5305\u542b\u7684\u9759\u6001\u8d44\u6e90\u5df2\u7ecf\u53cd\u7f16\u8bd1\u51fa\u6765<\/p>\n
    \"image-20221117221642035\"<\/p>\n
    <\/span>\u5341\u516d\u8fdb\u5236\u6784\u9020main.pyc<\/span><\/h3>\n
    <\/span>\u539f\u7406<\/span><\/h4>\n
    pyinstaller<\/code>\u5728\u6253\u5305\u7684\u65f6\u5019\uff0c\u4f1a\u5c06pyc\u6587\u4ef6\u7684\u524d8<\/code>\u4e2a\u5b57\u8282\u6e05\u9664\uff0c\u6240\u4ee5\u540e\u671f\u9700\u8981\u81ea\u5df1\u6dfb\u52a0\u4e0a\u53bb\uff0c\u524d\u56db\u4e2a\u5b57\u8282\u4e3apython<\/code>\u7f16\u8bd1\u7684\u7248\u672c\uff0c\u540e\u56db\u4e2a\u5b57\u8282\u4e3a\u65f6\u95f4\u6233\u3002\uff08\u56db\u4e2a\u5b57\u8282\u7684magic number<\/code>\u3001\u56db\u4e2a\u5b57\u8282\u7684timestamp<\/code>\uff09
    \n\u6240\u4ee5\u5728\u8fd9\u91cc\u53ef\u4ee5\u901a\u8fc7struct<\/code>\u6587\u4ef6\u6765\u83b7\u53d6\u5176\u4e2d\u7684\u4fe1\u606f\u3002<\/p>\n
    <\/span>\u5f00\u5e72<\/span><\/h4>\n
    \u627e\u5230\u5982\u4e0b\u4e24\u4e2a\u6587\u4ef6\uff1amain\u548cstruct<\/p>\n
    \"image-20221117221811664\"<\/p>\n
    \u752816\u8fdb\u5236\u7f16\u8f91\u5668\u6253\u5f00\u8fd9\u4e24\u4e2a\u6587\u4ef6\uff0c\u5e76\u65b0\u5efa\u4e00\u4e2amain.pyc\uff0c\u5171\u540c\u6253\u5f00\uff0c\u6211\u8fd9\u91cc\u7528X-ways\u4ee3\u66ff\u3002<\/p>\n
    \"image-20221117223339450\"<\/p>\n
    main.pyc=struct\u7b2c\u4e00\u884c+main<\/strong><\/p>\n
    struct<\/p>\n
    \"image-20221117223513401\"<\/p>\n
    main<\/p>\n
    \"image-20221117223602881\"<\/p>\n
    main.pyc<\/p>\n
    \"image-20221117223704367\"<\/p>\n
    <\/span>main.pyc\u2192main.py<\/span><\/h2>\n
    \u65b9\u6cd5\u4e00\uff1auncompyle6<\/p>\n
    \u5de5\u5177\u63a8\u8350\u2014\u2014\u53c8\u6709\u4e09\u4e2aBurp\u63d2\u4ef6<\/a><\/p>\n
    pip3 install uncompyle6\nuncompyle6 main.pyc<\/code><\/pre>\n
    \u6211\u672c\u5730\u662fPython3.10\uff0c\u6240\u4ee5\u4e0d\u652f\u6301\uff0c\u5982\u679c\u8981\u7528\u8fd9\u4e2a\u5c3d\u91cf\u7528Python3.8<\/p>\n
    \"image-20221117224147467\"<\/p>\n
    \u65b9\u6cd5\u4e8c\uff1a\u5728\u7ebfpyc\u53cd\u7f16\u8bd1<\/p>\n
    \u5730\u5740\uff1ahttps:\/\/tool.lu\/pyc<\/a><\/p>\n
    \"image-20221117224513652\"<\/p>\n
    \u6210\u529f\u62ff\u5230main.py\u6e90\u7801<\/p>\n
    \"image-20221117224734204\"<\/p>\n
    <\/span>\u4e00\u4e9b\u95ee\u9898<\/span><\/h2>\n
      \n
    1. \n
      \u76f4\u63a5\u53cd\u7f16\u8bd1\u51fa\u6765\u7684\u4ee3\u7801\u53ef\u80fd\u4f1a\u548c\u6700\u5f00\u59cb\u81ea\u5df1\u5199\u7684\u6709\u4e00\u90e8\u5206\u51fa\u5165\u3002<\/p>\n<\/li>\n
    2. \n
      \u90e8\u5206\u4ee3\u7801\u56e0\u4e3a\u903b\u8f91\u95ee\u9898\u53ef\u80fd\u51fa\u73b0Bug\uff0c\u7ecf\u8fc7\u6211\u7684\u8c03\u8bd5\u5df2\u89e3\u51b3\u3002<\/p>\n
      \u4f8b\u5982\uff1a<\/p>\n
      Flask\u4e2d\u7684app\u8def\u7531\u88c5\u9970\u5668\u4ee3\u7801\u88ab\u4fee\u6539\u4f7f\u5f97\u7a0b\u5e8f\u65e0\u6cd5\u8fd0\u884c\u3002<\/p>\n
      Flask\u4e2d\u7684\u6e32\u67d3\u6a21\u5757render_template<\/code>\u7684\u53c2\u6570\u683c\u5f0f\u4e5f\u88ab\u4fee\u6539<\/p>\n<\/li>\n
    3. \n
      \u53cd\u7f16\u8bd1\u540e\u9700\u8981\u505a\u5c11\u91cf\u7684\u8c03\u8bd5\u624d\u80fd\u6b63\u5e38\u8fd0\u884c\uff0c\u4ee3\u7801\u91cf\u5de8\u5927\u65f6\u4f30\u8ba1\u4f1a\u5f88\u5934\u75bc\u3002<\/p>\n<\/li>\n<\/ol>\n
      <\/span>Reference<\/span><\/h2>\n
      \n
      https:\/\/github.com\/MrWQ\/reverse_pyinstaller<\/a><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"
      \u524d\u8a00 \u4e4b\u524d\u53d1\u7684EDU\u67e5\u8be2\u8f85\u52a9\u5de5\u5177\uff0c\u53ea\u7528Pyinstaller\u6253\u5305\u4e86exe\uff0c\u6709MAC\u7684\u5c0f\u4f19\u4f34\u60f3\u8981\u8fd0\u884c\uff0c\u4f46\u662f\u6211\u89c9\u5f97 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36,48],"tags":[],"class_list":["post-1095","post","type-post","status-publish","format-standard","hentry","category-tools","category-48"],"_links":{"self":[{"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/posts\/1095","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/comments?post=1095"}],"version-history":[{"count":2,"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/posts\/1095\/revisions"}],"predecessor-version":[{"id":1098,"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/posts\/1095\/revisions\/1098"}],"wp:attachment":[{"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/media?parent=1095"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/categories?post=1095"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/tags?post=1095"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}