Scribd
Upload
51 views

De-Obfuscation Report

This document provides a detailed guide on using the Dearmor tool to de-obfuscate Python code obfuscated with PyArmor. It describes the tool, installation instructions, and step-by-step process of running Dearmor on an obfuscated file which results in de-obfuscated Python files in a dump folder that can then be analyzed.

Uploaded by

r8899814
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
51 views

De-Obfuscation Report

This document provides a detailed guide on using the Dearmor tool to de-obfuscate Python code obfuscated with PyArmor. It describes the tool, installation instructions, and step-by-step process of running Dearmor on an obfuscated file which results in de-obfuscated Python files in a dump folder that can then be analyzed.

Uploaded by

r8899814
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

De-Obfuscating Python Code Using Dearmor - Report

Introduction
This report provides a detailed guide on how to de-obfuscate Python code using the
[Dearmor](https://pypi.org/project/dearmor/) tool. Dearmor is a specialized utility designed to handle
code obfuscated using PyArmor encryption. The tool injects a DLL into the running process, executing
custom code to de-obfuscate the target Python script. This report includes information on the tool, its
description, how to use it, and the step-by-step process involved.

Tool Used: Dearmor


1. Tool Link: [Dearmor on PyPI](https://pypi.org/project/dearmor/)

Description of the Tool


Dearmor is a Python de-obfuscation tool primarily used for decrypting Python scripts obfuscated
using PyArmor. It is optimized for Windows environments and operates by injecting a dynamic-link
library (DLL) into the running process. This DLL then executes custom Python code to de-obfuscate the
target script. Dearmor simplifies the process of recovering the original Python code from an obfuscated
form, allowing for better code analysis and understanding.

How the Tool Was Used


The following section outlines the steps taken to utilize the Dearmor tool for de-obfuscating
Python code:

Step 1: Prepare Your Environment

1. Create a dedicated directory for your de-obfuscation work.

2. Place the obfuscated Python code file (e.g., `textcode.txt`) into this directory.

Step 2: Install Dearmor

1. Open a command prompt or terminal on your Windows system.

2. Execute the following command to install Dearmor using pip:

pip install dearmor

This command downloads and installs Dearmor, along with its necessary dependencies.
Step 3: Run Dearmor

1. Navigate to the directory where your obfuscated code file (`textcode.txt`) is located using the
command prompt or terminal.

2. Execute the following command to initiate the de-obfuscation process:

dearmor -i textcode.txt

Dearmor injects a DLL into the running process, which executes custom code to de-obfuscate the
contents of `textcode.txt`.

Step 4: Review De-Obfuscated Code

1. After running Dearmor, it creates a folder named "dump" in the same directory where your
obfuscated code file is located.

2. Inside the "dump" folder, you will find one or more de-obfuscated Python code files. These files will
have names similar to the original obfuscated script but with de-obfuscated content.

3. You can review these de-obfuscated files using a text editor or a Python IDE to understand the original
code's functionality.

Optional: Convert Pyc to Py

1. De-obfuscated files may have a ".pyc" extension, indicating that they are compiled Python files.

2. To work with the code in its human-readable ".py" format, you can use a tool like `docompyle++` to
convert them. Instructions for using `docompyle++` can be found in its documentation.

Conclusion
Dearmor is a powerful tool for de-obfuscating Python code obfuscated with PyArmor encryption. This
report has provided a comprehensive guide on how to use Dearmor, from installation to code de-
obfuscation. Keep in mind that the effectiveness of de-obfuscation may vary depending on the
complexity of the obfuscation techniques used in the original code. Always ensure you have proper
permissions to de-obfuscate code and respect intellectual property rights when dealing with proprietary
or copyrighted material.

You might also like