1、BlackHat Asia 2024/rockygnu.orgBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode Decompiler and:How to Read and Writea High-Level Bytecode DecompilerBlackHat Asia,2024Rocky Bernstein Slide text:uncompyle6decompyle3rockygnu.orghttps:/rocky.github.io
2、/blackhat-asia-2024-additional/all-notes-printBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerSurveyBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerSurveyHow many people ha
3、ve used,or?BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerSurveyHow many people have used,or?How many people have used the above todecompile Python bytecode?BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Writ
4、e a High-Level Bytecode DecompilerSurveyHow many people have used,or?How many people have used the above todecompile Python bytecode?How many people have used uncompyle6,ordecompyle3?BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerGithu
5、b commit statistics for uncompyle6I am the current maintainer and developer of uncompyle6,anddecompyle3.BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerSo,who am I?BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read an
6、d Write a High-Level Bytecode DecompilerSo,who am I?https:/ Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerSome Open Source So?ware that Includes My Code:BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Lev
7、el Bytecode DecompilerBackgroundMalware is on the rise BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBackgroundMalware is on the rise Decompilers are not new,but.BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read an
8、d Write a High-Level Bytecode DecompilerBackgroundMalware is on the rise Decompilers are not new,but.Ideas presented here are new.BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBackgroundMalware is on the rise Decompilers are not new,b
9、ut.Ideas presented here are new.General-purpose DecompilersBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBackgroundMalware is on the rise Decompilers are not new,but.Ideas presented here are new.General-purpose DecompilersBytecode Dec
10、ompilers(Special Purpose)BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerTheory and books on making compilers:.(40 others)BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBo
11、oks on making decompilers:BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBooks on making decompilers:BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerCan AI Save the Day?Bl
12、ackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerCan AI Save the Day?Not yet.BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBlackHat Asia 2024/rockygnu.org-uncompyle6 and dec
13、ompyle3:How to Read and Write a High-Level Bytecode DecompilerDecompilation in the World of High-Level BytecodeBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerDecompilation in the World of High-Level BytecodeRaise awareness of the diffe
14、rences betweenGeneral Purpose decompiling and High-levelBytecode DecompilingBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerDecompilation in the World of High-Level BytecodeRaise awareness of the differences betweenGeneral Purpose decom
15、piling and High-levelBytecode DecompilingIntroduce Decompilation as a Language-Translationproblem.BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerDecompilation in the World of High-Level BytecodeRaise awareness of the differences betwee
16、nGeneral Purpose decompiling and High-levelBytecode DecompilingIntroduce Decompilation as a Language-Translationproblem.Introduce Decompilation as a Compilation Process.BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerKey TakeawaysUnders
17、tand more about what is wrong whensomething goes wrong with decompilation.Understand the difference between disassembly anddecompilation.Begin to see the difference between machine codeand high-level bytecode.Understand the some limits of Pythondecompilation and decompilation in general.BlackHat Asi
18、a 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerSimple Python ProgramIn file five.py:BlackHat Asia Exampledef five():Returns the string five return 5#Call the function we just defined.print(five()BlackHat Asia 2024/rockygnu.org-uncompyle6 and decom
19、pyle3:How to Read and Write a High-Level Bytecode DecompilerSimple Python ProgramIn file five.py:BlackHat Asia Exampledef five():Returns the string five return 5#Call the function we just defined.print(five()Now run the code:$python five.py 5BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:
20、How to Read and Write a High-Level Bytecode DecompilerSimple Python ProgramIn file five.py:BlackHat Asia Exampledef five():Returns the string five return 5#Call the function we just defined.print(five()Now run the code:$python five.py 5Instruction bytecode of main program:0|64 00 5a 00 64 01 64 02|8
21、|84 00 5a 01 65 02 65 00|16|83 00 83 01 01 00 64 03|24|53 00|BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerByte-Compiling PythonBlackHat Asia Exampledef five():Returns the string five return 5#Call the function we just defined.print(f
22、ive()BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerByte-Compiling PythonBlackHat Asia Exampledef five():Returns the string five return 5#Call the function we just defined.print(five()Byte compile this program:BlackHat Asia 2024/rockyg
23、nu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerByte-Compiling PythonBlackHat Asia Exampledef five():Returns the string five return 5#Call the function we just defined.print(five()Byte compile this program:$python-m compileall five.py1Compiling five.py.2$ls-l _
24、pycache_/five.cpython-38.pyc3-rw-rw-r-1 rocky rocky 301 Feb 17 10:16 _pycache_/five.cpython-38.pyc4BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerByte-Compiling PythonBlackHat Asia Exampledef five():Returns the string five return 5#Cal
25、l the function we just defined.print(five()Byte compile this program:$python-m compileall five.py1Compiling five.py.2$ls-l _pycache_/five.cpython-38.pyc3-rw-rw-r-1 rocky rocky 301 Feb 17 10:16 _pycache_/five.cpython-38.pyc4$python-m compileall five.pyCompiling five.py.$ls-l _pycache_/five.cpython-38
26、.pyc-rw-rw-r-1 rocky rocky 301 Feb 17 10:16 _pycache_/five.cpython-38.pyc1234BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerByte-Compiling PythonBlackHat Asia Exampledef five():Returns the string five return 5#Call the function we just
27、 defined.print(five()Byte compile this program:$python-m compileall five.py1Compiling five.py.2$ls-l _pycache_/five.cpython-38.pyc3-rw-rw-r-1 rocky rocky 301 Feb 17 10:16 _pycache_/five.cpython-38.pyc4$python-m compileall five.pyCompiling five.py.$ls-l _pycache_/five.cpython-38.pyc-rw-rw-r-1 rocky r
28、ocky 301 Feb 17 10:16 _pycache_/five.cpython-38.pyc1234I run the bytecode:and again I get 5.$python/tmp/five-moved.pyc5BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerPython Bytecode Decompilation Example$uncompyle6/tmp/five-moved.pyc1#
29、uncompyle6 version 3.9.12#Python bytecode version base 3.8.0(3413)3#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded file name:five.py5#Compiled at:2024-02-17 10:16:086#Size of source mod 2*32:153 bytes78BlackHat Asia Example910 11def five():12 Returns the string five13 r
30、eturn 514 15 16print(five()17#okay decompiling/tmp/five-moved.pyc18BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerPython Bytecode Decompilation Example$uncompyle6/tmp/five-moved.pyc1#uncompyle6 version 3.9.12#Python bytecode version ba
31、se 3.8.0(3413)3#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded file name:five.py5#Compiled at:2024-02-17 10:16:086#Size of source mod 2*32:153 bytes78BlackHat Asia Example910 11def five():12 Returns the string five13 return 514 15 16print(five()17#okay decompiling/tmp/f
32、ive-moved.pyc18$uncompyle6/tmp/five-moved.pyc#uncompyle6 version 3.9.1#Python bytecode version base 3.8.0(3413)#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.0#Embedded file name:five.py#Compiled at:2024-02-17 10:16:08#Size of source mod 2*32:153 bytesBlackHat Asia Example def fiv
33、e():Returns the string five return 5 print(five()#okay decompiling/tmp/five-moved.pyc61718BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerPython Bytecode Decompilation Example$uncompyle6/tmp/five-moved.pyc1#uncompy
34、le6 version 3.9.12#Python bytecode version base 3.8.0(3413)3#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded file name:five.py5#Compiled at:2024-02-17 10:16:086#Size of source mod 2*32:153 bytes78BlackHat Asia Example910 11def five():12 Returns the string five13 return 5
35、14 15 16print(five()17#okay decompiling/tmp/five-moved.pyc18$uncompyle6/tmp/five-moved.pyc#uncompyle6 version 3.9.1#Python bytecode version base 3.8.0(3413)#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.0#Embedded file name:five.py#Compiled at:2024-02-17 10:16:08#Size of source mo
36、d 2*32:153 bytesBlackHat Asia Example def five():Returns the string five return 5 print(five()#okay decompiling/tmp/five-moved.pyc61718#uncompyle6 version 3.9.1#Python bytecode version base 3.8.0(3413)#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.0#Embedded
37、file name:five.py#Compiled at:2024-02-17 10:16:08#Size of source mod 2*32:153 bytes#okay decompiling/tmp/five-moved.pyc$uncompyle6/tmp/five-moved.pyc12345678BlackHat Asia Example910 11def five():12 Returns the string five13 return 514 15 16print(five()1718BlackHat Asia 2024/rockygnu.org-uncompyle6 a
38、nd decompyle3:How to Read and Write a High-Level Bytecode DecompilerPython Bytecode Decompilation Example$uncompyle6/tmp/five-moved.pyc1#uncompyle6 version 3.9.12#Python bytecode version base 3.8.0(3413)3#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded file name:five.py5
39、#Compiled at:2024-02-17 10:16:086#Size of source mod 2*32:153 bytes78BlackHat Asia Example910 11def five():12 Returns the string five13 return 514 15 16print(five()17#okay decompiling/tmp/five-moved.pyc18$uncompyle6/tmp/five-moved.pyc#uncompyle6 version 3.9.1#Python bytecode version base 3.8.0(3413)
40、#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.0#Embedded file name:five.py#Compiled at:2024-02-17 10:16:08#Size of source mod 2*32:153 bytesBlackHat Asia Example def five():Returns the string five return 5 print(five()#okay decompiling/tmp/five-moved.pyc6171
41、8#uncompyle6 version 3.9.1#Python bytecode version base 3.8.0(3413)#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.0#Embedded file name:five.py#Compiled at:2024-02-17 10:16:08#Size of source mod 2*32:153 bytes#okay decompiling/tmp/five-moved.pyc$uncompyle6/tmp/five-moved.pyc1234567
42、8BlackHat Asia Example910 11def five():12 Returns the string five13 return 514 15 16print(five()1718#Python bytecode version base 3.8.0(3413)$uncompyle6/tmp/five-moved.pyc1#uncompyle6 version 3.9.123#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded file name:five.py5#Comp
43、iled at:2024-02-17 10:16:086#Size of source mod 2*32:153 bytes78BlackHat Asia Example910 11def five():12 Returns the string five13 return 514 15 16print(five()17#okay decompiling/tmp/five-moved.pyc18BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode
44、 DecompilerPython Bytecode Decompilation Example$uncompyle6/tmp/five-moved.pyc1#uncompyle6 version 3.9.12#Python bytecode version base 3.8.0(3413)3#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded file name:five.py5#Compiled at:2024-02-17 10:16:086#Size of source mod 2*32
45、:153 bytes78BlackHat Asia Example910 11def five():12 Returns the string five13 return 514 15 16print(five()17#okay decompiling/tmp/five-moved.pyc18$uncompyle6/tmp/five-moved.pyc#uncompyle6 version 3.9.1#Python bytecode version base 3.8.0(3413)#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)
46、GCC 13.2.0#Embedded file name:five.py#Compiled at:2024-02-17 10:16:08#Size of source mod 2*32:153 bytesBlackHat Asia Example def five():Returns the string five return 5 print(five()#okay decompiling/tmp/five-moved.pyc61718#uncompyle6 version 3.9.1#Python bytecode version base 3
47、.8.0(3413)#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.0#Embedded file name:five.py#Compiled at:2024-02-17 10:16:08#Size of source mod 2*32:153 bytes#okay decompiling/tmp/five-moved.pyc$uncompyle6/tmp/five-moved.pyc12345678BlackHat Asia Example910 11def five():12 Returns the str
48、ing five13 return 514 15 16print(five()1718#Python bytecode version base 3.8.0(3413)$uncompyle6/tmp/five-moved.pyc1#uncompyle6 version 3.9.123#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded file name:five.py5#Compiled at:2024-02-17 10:16:086#Size of source mod 2*32:153
49、bytes78BlackHat Asia Example910 11def five():12 Returns the string five13 return 514 15 16print(five()17#okay decompiling/tmp/five-moved.pyc18$uncompyle6/tmp/five-moved.pyc#Embedded file name:five.py1#uncompyle6 version 3.9.12#Python bytecode version base 3.8.0(3413)3#Decompiled from:Python 3.12.2(m
50、ain,Feb 14 2024,04:48:40)GCC 13.2.045#Compiled at:2024-02-17 10:16:086#Size of source mod 2*32:153 bytes78BlackHat Asia Example910 11def five():12 Returns the string five13 return 514 15 16print(five()17#okay decompiling/tmp/five-moved.pyc18BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:H
51、ow to Read and Write a High-Level Bytecode DecompilerPython Bytecode Decompilation Example$uncompyle6/tmp/five-moved.pyc1#uncompyle6 version 3.9.12#Python bytecode version base 3.8.0(3413)3#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded file name:five.py5#Compiled at:20
52、24-02-17 10:16:086#Size of source mod 2*32:153 bytes78BlackHat Asia Example910 11def five():12 Returns the string five13 return 514 15 16print(five()17#okay decompiling/tmp/five-moved.pyc18$uncompyle6/tmp/five-moved.pyc#uncompyle6 version 3.9.1#Python bytecode version base 3.8.0(3413)#Decompiled fro
53、m:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.0#Embedded file name:five.py#Compiled at:2024-02-17 10:16:08#Size of source mod 2*32:153 bytesBlackHat Asia Example def five():Returns the string five return 5 print(five()#okay decompiling/tmp/five-moved.pyc61718#uncompyle6 ve
54、rsion 3.9.1#Python bytecode version base 3.8.0(3413)#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.0#Embedded file name:five.py#Compiled at:2024-02-17 10:16:08#Size of source mod 2*32:153 bytes#okay decompiling/tmp/five-moved.pyc$uncompyle6/tmp/five-moved.pyc12345678BlackHat Asia
55、Example910 11def five():12 Returns the string five13 return 514 15 16print(five()1718#Python bytecode version base 3.8.0(3413)$uncompyle6/tmp/five-moved.pyc1#uncompyle6 version 3.9.123#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded file name:five.py5#Compiled at:2024-02
56、-17 10:16:086#Size of source mod 2*32:153 bytes78BlackHat Asia Example910 11def five():12 Returns the string five13 return 514 15 16print(five()17#okay decompiling/tmp/five-moved.pyc18$uncompyle6/tmp/five-moved.pyc#Embedded file name:five.py1#uncompyle6 version 3.9.12#Python bytecode version base 3.
57、8.0(3413)3#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.045#Compiled at:2024-02-17 10:16:086#Size of source mod 2*32:153 bytes78BlackHat Asia Example910 11def five():12 Returns the string five13 return 514 15 16print(five()17#okay decompiling/tmp/five-moved.pyc18BlackHat Asia Exa
58、mple def five():Returns the string five return 5 print(five()$uncompyle6/tmp/five-moved.pyc1#uncompyle6 version 3.9.12#Python bytecode version base 3.8.0(3413)3#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded file name:five.py5#Compiled at:2024-02-17 10:16:086#Size of so
59、urce mod 2*32:153 bytes78951617#okay decompiling/tmp/five-moved.pyc18BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerSource code:Decompiled code:Source Code Differences BlackHat Asia Example def five():Returns the string five
60、 return 5print(five()12345678 9 10#Call the function we just defined.1112BlackHat Asia Example def five():Returns the string five return 5 print(five()#uncompyle6 version 3.9.11#Python bytecode version base 3.8.0(3413)2#Decompiled from:Python 3.12.2(main,Feb 14 2024,3#Embedded file name:five.py4#Com
61、piled at:2024-02-17 10:16:085#Size of source mod 2*32:153 bytes6789516 17#okay decompiling/tmp/five-moved.pyc18BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerSource code:Decompiled code:Source Code Differences BlackHat Asia
62、Example def five():Returns the string five return 5print(five()12345678 9 10#Call the function we just defined.1112#Call the function we just defined.1BlackHat Asia Example23 4 5def five():6 Returns the string five7 return 58 9 1011print(five()12BlackHat Asia Example def five():Returns the string fi
63、ve return 5 print(five()#uncompyle6 version 3.9.11#Python bytecode version base 3.8.0(3413)2#Decompiled from:Python 3.12.2(main,Feb 14 2024,3#Embedded file name:five.py4#Compiled at:2024-02-17 10:16:085#Size of source mod 2*32:153 bytes6789516 17#okay decompiling/tmp/five-moved.pyc18Black
64、Hat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerSource code:Decompiled code:Source Code Differences BlackHat Asia Example def five():Returns the string five return 5print(five()12345678 9 10#Call the function we just defined.1112#Call the fu
65、nction we just defined.1BlackHat Asia Example23 4 5def five():6 Returns the string five7 return 58 9 1011print(five()12BlackHat Asia Example def five():Returns the string five return 5 print(five()#uncompyle6 version 3.9.11#Python bytecode version base 3.8.0(3413)2#Decompiled from:Python 3.12.2(main
66、,Feb 14 2024,3#Embedded file name:five.py4#Compiled at:2024-02-17 10:16:085#Size of source mod 2*32:153 bytes6789516 17#okay decompiling/tmp/five-moved.pyc18#uncompyle6 version 3.9.1#Python bytecode version base 3.8.0(3413)#Decompiled from:Python 3.12.2(main,Feb 14#Embedded file name:five
67、.py#Compiled at:2024-02-17 10:16:08#Size of source mod 2*32:153 bytes#okay decompiling/tmp/five-moved.pyc1234567BlackHat Asia Example89 10def five():11 Returns the string five12 return 513 14 15print(five()16 1718BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-
68、Level Bytecode DecompilerHow These Decompilers WorkBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerHow These Decompilers WorkDecompilation processed in a pipeline of these phases:BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3
69、:How to Read and Write a High-Level Bytecode DecompilerHow These Decompilers WorkDecompilation processed in a pipeline of these phases:1.Get bytecode disassembly via xdisBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerHow These Decompil
70、ers WorkDecompilation processed in a pipeline of these phases:1.Get bytecode disassembly via xdis2.Tokenize or li?the disassemblyBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerHow These Decompilers WorkDecompilation processed in a pipe
71、line of these phases:1.Get bytecode disassembly via xdis2.Tokenize or li?the disassembly3.Parse tokens into a Parse TreeBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerHow These Decompilers WorkDecompilation processed in a pipeline of t
72、hese phases:1.Get bytecode disassembly via xdis2.Tokenize or li?the disassembly3.Parse tokens into a Parse Tree4.Abstract the Parse Tree into an Abstract Syntax TreeBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerHow These Decompilers W
73、orkDecompilation processed in a pipeline of these phases:1.Get bytecode disassembly via xdis2.Tokenize or li?the disassembly3.Parse tokens into a Parse Tree4.Abstract the Parse Tree into an Abstract Syntax Tree5.Produce Source from the Abstract Syntax TreeBlackHat Asia 2024/rockygnu.org-uncompyle6 a
74、nd decompyle3:How to Read and Write a High-Level Bytecode DecompilerDisassembly using pydisasm from$pydisasm/tmp/five_moved.pycxdisBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerDisassembly using pydisasm from$pydisasm/tmp/five_moved.p
75、ycxdis#pydisasm version 6.1.0#Python bytecode 3.8.0(3413)#Disassembled from Python 3.8.18(default,Sep 4 2023,13:19:52)#GCC 12.3.0#Timestamp in code:1708217267(2024-02-17 19:47:47)#Source code size mod 2*32:148 bytes#Method Name:#Filename:five.py#Argument count:0#Position-only argument count:0#Keywor
76、d-only arguments:0#Number of locals:0#Stack size:2#Flags:0 x00000040(NOFREE)#First Line:01112131415BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerDisassembly using pydisasm from$pydisasm/tmp/five_moved.pycxdis#pydisasm versi
77、on 6.1.0#Python bytecode 3.8.0(3413)#Disassembled from Python 3.8.18(default,Sep 4 2023,13:19:52)#GCC 12.3.0#Timestamp in code:1708217267(2024-02-17 19:47:47)#Source code size mod 2*32:148 bytes#Method Name:#Filename:five.py#Argument count:0#Position-only argument count:0#Keyword-only arguments:0#Nu
78、mber of locals:0#Stack size:2#Flags:0 x00000040(NOFREE)#First Line:01112131415#Python bytecode 3.8.0(3413)#Disassembled from Python 3.8.18(default,Sep 4 2023,13:19:52)#GCC 12.3.0#Timestamp in code:1708217267(2024-02-17 19:47:47)#Source code size mod 2*32:148 bytes#pydisasm version 6.1.012
79、3456#Method Name:7#Filename:five.py8#Argument count:09#Position-only argument count:010#Keyword-only arguments:011#Number of locals:012#Stack size:213#Flags:0 x00000040(NOFREE)14#First Line:115BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode Decom
80、pilerDisassembly using pydisasm from$pydisasm/tmp/five_moved.pycxdis#pydisasm version 6.1.0#Python bytecode 3.8.0(3413)#Disassembled from Python 3.8.18(default,Sep 4 2023,13:19:52)#GCC 12.3.0#Timestamp in code:1708217267(2024-02-17 19:47:47)#Source code size mod 2*32:148 bytes#Method Name:#Filename:
81、five.py#Argument count:0#Position-only argument count:0#Keyword-only arguments:0#Number of locals:0#Stack size:2#Flags:0 x00000040(NOFREE)#First Line:01112131415#Python bytecode 3.8.0(3413)#Disassembled from Python 3.8.18(default,Sep 4 2023,13:19:52)#GCC 12.3.0#Timestamp in code:170821726
82、7(2024-02-17 19:47:47)#Source code size mod 2*32:148 bytes#pydisasm version 6.1.0123456#Method Name:7#Filename:five.py8#Argument count:09#Position-only argument count:010#Keyword-only arguments:011#Number of locals:012#Stack size:213#Flags:0 x00000040(NOFREE)14#First Line:115 1:0 LOAD_CONST (nBlackH
83、at Asia Examplen)2 STORE_NAME (_doc_)#2:five19#3:None20#Names:21#0:_doc_22#1:five23#2:print24252627 6:4 LOAD_CONST (code object five at 0 x7f3f4c3d17c0,file five.py,28 6 LOAD_CONST (five)29 8 MAKE_FUNCTION (Neither defaults,keyword-only args,annotations,nor 30 10 STORE_NAME (five)31 32 12:12 LOAD_NA
84、ME (print)33BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBytecode Disassembly:Parser Input Tokens:Phases 1 and 2:Bytecode to Tokens 1:0 LOAD_CONST (nBlackHat Asia Examplen)2 STORE_NAME (_doc_)6:4 LOAD_CONST 6 LOAD_CONST (five)8 MAKE_
85、FUNCTION (No parameters)10 STORE_NAME (five)1234567 1:0 LOAD_STR (nBlackHat Asia Examplen)2 STORE_NAME (_doc_)6:4 LOAD_CODE 6 LOAD_STR (five)8 MAKE_FUNCTION_0 (No parameters)10 STORE_NAME (five)1234567BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Byteco
86、de DecompilerBytecode Disassembly:Parser Input Tokens:Phases 1 and 2:Bytecode to Tokens 1:0 LOAD_CONST (nBlackHat Asia Examplen)2 STORE_NAME (_doc_)6:4 LOAD_CONST 6 LOAD_CONST (five)8 MAKE_FUNCTION (No parameters)10 STORE_NAME (five)1234567 1:0 LOAD_CONST (nBlackHat Asia Examplen)6 LOAD_CONST (five)
87、8 MAKE_FUNCTION (No parameters)1 2 STORE_NAME (_doc_)2 3 6:4 LOAD_CONST 456 10 STORE_NAME (five)7 1:0 LOAD_STR (nBlackHat Asia Examplen)2 STORE_NAME (_doc_)6:4 LOAD_CODE 6 LOAD_STR (five)8 MAKE_FUNCTION_0 (No parameters)10 STORE_NAME (five)1234567BlackHat Asia 2024/rockygnu.org-uncompyle6 and decomp
88、yle3:How to Read and Write a High-Level Bytecode DecompilerBytecode Disassembly:Parser Input Tokens:Phases 1 and 2:Bytecode to Tokens 1:0 LOAD_CONST (nBlackHat Asia Examplen)2 STORE_NAME (_doc_)6:4 LOAD_CONST 6 LOAD_CONST (five)8 MAKE_FUNCTION (No parameters)10 STORE_NAME (five)1234567 1:0 LOAD_CONS
89、T (nBlackHat Asia Examplen)6 LOAD_CONST (five)8 MAKE_FUNCTION (No parameters)1 2 STORE_NAME (_doc_)2 3 6:4 LOAD_CONST 456 10 STORE_NAME (five)7 1:0 LOAD_STR (nBlackHat Asia Examplen)2 STORE_NAME (_doc_)6:4 LOAD_CODE 6 LOAD_STR (five)8 MAKE_FUNCTION_0 (No parameters)10 STORE_NAME (five)1234567 1:0 LO
90、AD_STR (nBlackHat Asia Examplen)6 LOAD_STR (five)8 MAKE_FUNCTION_0 (No parameters)1 2 STORE_NAME (_doc_)2 3 6:4 LOAD_CODE 456 10 STORE_NAME (five)7BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerPhase 3:Parsing Tokens into a Parse TreeC
91、onstructing Parse Tree from Tokens:BlackHat Asia Example LOAD_STR nBlackHat Asia Examplen STORE_NAME _doc_BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerPhase 3:Parsing Tokens into a Parse TreeConstructing Parse Tree from Tokens:BlackH
92、at Asia Example LOAD_STR nBlackHat Asia Examplen STORE_NAME _doc_Is parsed:BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerPhase 3:Parsing Tokens into a Parse TreeConstructing Parse Tree from Tokens:BlackHat Asia Example LOAD_STR nBlack
93、Hat Asia Examplen STORE_NAME _doc_Is parsed:LOAD_STRBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerPhase 3:Parsing Tokens into a Parse TreeConstructing Parse Tree from Tokens:BlackHat Asia Example LOAD_STR nBlackHat Asia Examplen STORE
94、_NAME _doc_Is parsed:LOAD_STR expr :=LOAD_STRBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerPhase 3:Parsing Tokens into a Parse TreeConstructing Parse Tree from Tokens:BlackHat Asia Example LOAD_STR nBlackHat Asia Examplen STORE_NAME _
95、doc_Is parsed:LOAD_STR expr :=LOAD_STRBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerParsing Tokens into a Parse Tree(Part 2)Constructing Parse Tree from Tokens:LOAD_STR expr :=LOAD_STRBlackHat Asia 2024/rockygnu.org-uncompyle6 and dec
96、ompyle3:How to Read and Write a High-Level Bytecode DecompilerParsing Tokens into a Parse Tree(Part 2)Constructing Parse Tree from Tokens:LOAD_STR expr :=LOAD_STR STORE_NAMEBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerParsing Tokens
97、into a Parse Tree(Part 2)Constructing Parse Tree from Tokens:LOAD_STR expr :=LOAD_STR STORE_NAME store :=STORE_NAMEBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerParsing Tokens into a Parse Tree(Part 2)Constructing Parse Tree from Toke
98、ns:LOAD_STR expr :=LOAD_STR STORE_NAME store :=STORE_NAMEBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerParsing Tokens into a Parse Tree(Part 3)LOAD_STR expr :=LOAD_STR STORE_NAME store :=STORE_NAMEBlackHat Asia 2024/rockygnu.org-uncom
99、pyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerParsing Tokens into a Parse Tree(Part 3)LOAD_STR expr :=LOAD_STR STORE_NAME store :=STORE_NAME assign :=expr storeBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode Decompile
100、rParsing Tokens into a Parse Tree(Part 3)LOAD_STR expr :=LOAD_STR STORE_NAME store :=STORE_NAME assign :=expr storeBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerParsing Tokens into a Parse Tree(Part 4)LOAD_STR expr :=LOAD_STR STORE_NA
101、ME store :=STORE_NAME assign :=expr storeBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerParsing Tokens into a Parse Tree(Part 4)LOAD_STR expr :=LOAD_STR STORE_NAME store :=STORE_NAME assign :=expr store stmts :=assignBlackHat Asia 2024
102、/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerParsing Tokens into a Parse Tree(Part 4)LOAD_STR expr :=LOAD_STR STORE_NAME store :=STORE_NAME assign :=expr store stmts :=assignBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Wri
103、te a High-Level Bytecode DecompilerPhases 3-5:Final Parse Tree to Source TextPhase 3.Parse Tree in ASCII Format(First Line):stmts 0.assign 0.expr L.1 0 LOAD_STR nBlackHat Asia Examplen 1.store 2 STORE_NAME _doc_ BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-L
104、evel Bytecode DecompilerPhases 3-5:Final Parse Tree to Source TextPhase 3.Parse Tree in ASCII Format(First Line):stmts 0.assign 0.expr L.1 0 LOAD_STR nBlackHat Asia Examplen 1.store 2 STORE_NAME _doc_ Phase 4.Abstract Syntax Tree(First Line)stmts 0.docstring 0 LOAD_STR nBlackHat Asia Examplen 2 STOR
105、E_NAME _doc_BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerPhases 3-5:Final Parse Tree to Source TextPhase 3.Parse Tree in ASCII Format(First Line):stmts 0.assign 0.expr L.1 0 LOAD_STR nBlackHat Asia Examplen 1.store 2 STORE_NAME _doc_
106、 Phase 4.Abstract Syntax Tree(First Line)stmts 0.docstring 0 LOAD_STR nBlackHat Asia Examplen 2 STORE_NAME _doc_Phase 5.Printing the Abstract Syntax Tree(First line)BlackHat Asia ExampleBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBl
107、ackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBytecode Disassembly 0|64 00 5a 00 64 01 64 02|8|84 00 5a 01 65 02 65 00|16|83 00 83 01 01 00 64 03|24|53 00|BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a
108、 High-Level Bytecode DecompilerBytecode Disassembly 0|64 00 5a 00 64 01 64 02|8|84 00 5a 01 65 02 65 00|16|83 00 83 01 01 00 64 03|24|53 00|Disassembly using pydisasm from xdis:BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBytecode Di
109、sassembly 0|64 00 5a 00 64 01 64 02|8|84 00 5a 01 65 02 65 00|16|83 00 83 01 01 00 64 03|24|53 00|Disassembly using pydisasm from xdis:$pydisasm-F extended-bytes-S _pycache_/five.cpython-38.pycBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode Decom
110、pilerBytecode Disassembly$pydisasm-F extended-bytes-S _pycache_/five.cpython-38.pyc 0|64 00 5a 00 64 01 64 02|8|84 00 5a 01 65 02 65 00|12|65 02 65 01 83 01 01 00|16|83 00 83 01 01 00 64 03|24|53 00|#.#Constants:#0:nBlackHat Asia Examplen#1:#2:five#3:None#Names:#0:_doc_#1:five#2:print#nBl
111、ackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(
112、.):.19 20i(fi()21BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBytecode Disassembly$pydisasm-F extended-bytes-S _pycache_/five.cpython-38.pyc 0|64 00 5a 00 64 01 64 02|8|84 00 5a 01 65 02 65 00|12|65 02 65 01 83 01 01 00|16|83 00 83 0
113、1 01 00 64 03|24|53 00|#.#Constants:#0:nBlackHat Asia Examplen#1:#2:five#3:None#Names:#0:_doc_#1:five#2:print#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|
114、64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#.123#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asi
115、a Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21BlackHat Asia 2024/rockygnu.org-uncompyle
116、6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBytecode Disassembly$pydisasm-F extended-bytes-S _pycache_/five.cpython-38.pyc 0|64 00 5a 00 64 01 64 02|8|84 00 5a 01 65 02 65 00|12|65 02 65 01 83 01 01 00|16|83 00 83 01 01 00 64 03|24|53 00|#.#Constants:#0:nBlackHat Asia Exam
117、plen#1:#2:five#3:None#Names:#0:_doc_#1:five#2:print#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No argume
118、nts);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#.123#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat A
119、sia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#Names:#0:_doc_#nBlackHat Asia Examplen 1:0|64 00|LOAD_CONST (
120、nBlackHat Asia Examplen)2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen#.123#1:4#2:five5#3:None678#1:five9#2:print10111213 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five
121、(.):.19 20i(fi()21BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBytecode Disassembly$pydisasm-F extended-bytes-S _pycache_/five.cpython-38.pyc 0|64 00 5a 00 64 01 64 02|8|84 00 5a 01 65 02 65 00|12|65 02 65 01 83 01 01 00|16|83 00 83
122、01 01 00 64 03|24|53 00|#.#Constants:#0:nBlackHat Asia Examplen#1:#2:five#3:None#Names:#0:_doc_#1:five#2:print#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6
123、|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#.123#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat As
124、ia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#Na
125、mes:#0:_doc_#nBlackHat Asia Examplen 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen#.123#1:4#2:five5#3:None678#1:five9#2:print10111213 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);T
126、OS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#nBlackHat Asia Examplen#.1#Constants:2#0:nBlackHat Asia Examplen3#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print1011 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Ex
127、amplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20#print(five()21BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytec
128、ode DecompilerBytecode Disassembly$pydisasm-F extended-bytes-S _pycache_/five.cpython-38.pyc 0|64 00 5a 00 64 01 64 02|8|84 00 5a 01 65 02 65 00|12|65 02 65 01 83 01 01 00|16|83 00 83 01 01 00 64 03|24|53 00|#.#Constants:#0:nBlackHat Asia Examplen#1:#2:five#3:None#Names:#0:_doc_#1:five#2:print123456
129、78910#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=
130、def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#.123#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16
131、 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#Names:#0:_doc_#nBlackHat Asia Examplen 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)2|5a 00|STORE_NAME (_doc_);_doc_=
132、nBlackHat Asia Examplen#.123#1:4#2:five5#3:None678#1:five9#2:print10111213 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#nBlackHat Asia Examplen#.1#Constants:2
133、#0:nBlackHat Asia Examplen3#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print1011 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments)
134、;TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#0:nBlackHat Asia Examplen 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)#.1#Constants:23#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen1112 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia
135、Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode D
136、ecompilerBytecode Disassembly$pydisasm-F extended-bytes-S _pycache_/five.cpython-38.pyc 0|64 00 5a 00 64 01 64 02|8|84 00 5a 01 65 02 65 00|12|65 02 65 01 83 01 01 00|16|83 00 83 01 01 00 64 03|24|53 00|#.#Constants:#0:nBlackHat Asia Examplen#1:#2:five#3:None#Names:#0:_doc_#1:five#2:print
137、#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def f
138、ive(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#.123#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64
139、 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#Names:#0:_doc_#nBlackHat Asia Examplen 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)2|5a 00|STORE_NAME (_doc_);_doc_=nBlac
140、kHat Asia Examplen#.123#1:4#2:five5#3:None678#1:five9#2:print10111213 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#nBlackHat Asia Examplen#.1#Constants:2#0:nB
141、lackHat Asia Examplen3#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print1011 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=
142、def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#0:nBlackHat Asia Examplen 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)#.1#Constants:23#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen1112 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examp
143、len13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#0:_doc_ 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen#.1#Constants:2#0:nBlackHat Asia Examplen3#
144、1:4#2:five5#3:None6#Names:78#1:five9#2:print10#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)1213 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19
145、20i(fi()21BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBytecode Disassembly$pydisasm-F extended-bytes-S _pycache_/five.cpython-38.pyc 0|64 00 5a 00 64 01 64 02|8|84 00 5a 01 65 02 65 00|12|65 02 65 01 83 01 01 00|16|83 00 83 01 01 00
146、 64 03|24|53 00|#.#Constants:#0:nBlackHat Asia Examplen#1:#2:five#3:None#Names:#0:_doc_#1:five#2:print#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|L
147、OAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#.123#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examp
148、len)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#Names:#0:_
149、doc_#nBlackHat Asia Examplen 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen#.123#1:4#2:five5#3:None678#1:five9#2:print10111213 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def f
150、ive(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#nBlackHat Asia Examplen#.1#Constants:2#0:nBlackHat Asia Examplen3#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print1011 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13
151、 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#0:nBlackHat Asia Examplen 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)#.1#Constants:23#1:4#2:five5#3:None6#Nam
152、es:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen1112 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(f
153、i()21#0:_doc_ 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen#.1#Constants:2#0:nBlackHat Asia Examplen3#1:4#2:five5#3:None6#Names:78#1:five9#2:print10#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)1213 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (
154、five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#0:_doc_ 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen#.1#Constants:2#0:nBlackHat Asia Examplen3#1:4#2:five5#3:None6#Nam
155、es:78#1:five9#2:print10#nBlackHat Asia Examplen111213 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:Ho
156、w to Read and Write a High-Level Bytecode DecompilerBytecode Disassembly$pydisasm-F extended-bytes-S _pycache_/five.cpython-38.pyc 0|64 00 5a 00 64 01 64 02|8|84 00 5a 01 65 02 65 00|12|65 02 65 01 83 01 01 00|16|83 00 83 01 01 00 64 03|24|53 00|#.#Constants:#0:nBlackHat Asia Examplen#1:#2:five#3:No
157、ne#Names:#0:_doc_#1:five#2:print#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.
158、):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#.123#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#d
159、ef five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#Names:#0:_doc_#nBlackHat Asia Examplen 1:0|64 00|LOAD_CONST (nBlackHat Asia Exam
160、plen)2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen#.123#1:4#2:five5#3:None678#1:five9#2:print10111213 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#
161、nBlackHat Asia Examplen#.1#Constants:2#0:nBlackHat Asia Examplen3#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print1011 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)1
162、7 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#0:nBlackHat Asia Examplen 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)#.1#Constants:23#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen1112 2|5a 00|ST
163、ORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#0:_doc_ 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen
164、#.1#Constants:2#0:nBlackHat Asia Examplen3#1:4#2:five5#3:None6#Names:78#1:five9#2:print10#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)1213 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a
165、 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#0:_doc_ 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen#.1#Constants:2#0:nBlackHat Asia Examplen3#1:4#2:five5#3:None6#Names:78#1:five9#2:print10#nBlackHat Asia Examplen111213 14#def five():15
166、 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#print(five()12:12|65 02|LOAD_NAME (print)14|65 01|LOAD_NAME (five)16|83 00|CALL_FUNCTION (0 positional arguments);TOS=five()18|83
167、 01|CALL_FUNCTION (1 positional argument);TOS=print(five()2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 2021222
168、32425 20|01 00|POP_TOP26 22|64 03|LOAD_CONST (None)27 24|53 00|RETURN_VALUE return None28 29 30#Method Name:five31#Filename:five.py32#Argument count:033BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerChained Compare BytecodePython Expre
169、ssion:a=_file_=b 1:0|64 00|LOAD_CONST (a)2|65 00|LOAD_NAME (_file_)4|04 00|DUP_TOP 6|03 00|ROT_THREE 8|6b 01|COMPARE_OP (=)10|6f 12|JUMP_IF_FALSE_OR_POP(to 18)12|64 01|LOAD_CONST (b)14|6b 01|COMPARE_OP (=);TOS=(to 18)18|02 00|ROT_TWO 20|01 00|POP_TOP 22|01 00|POP_TOP 24|64 02|LOAD_CONST (None)26|53
170、00|RETURN_VALUE return None11121314BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerChained Compare BytecodePython Expression:a=_file_=b 1:0|64 00|LOAD_CONST (a)2|65 00|LOAD_NAME (_file_)4|04 00|DUP_TOP 6|03 00|ROT_THREE 8|6b
171、01|COMPARE_OP (=)10|6f 12|JUMP_IF_FALSE_OR_POP(to 18)12|64 01|LOAD_CONST (b)14|6b 01|COMPARE_OP (=);TOS=(to 18)18|02 00|ROT_TWO 20|01 00|POP_TOP 22|01 00|POP_TOP 24|64 02|LOAD_CONST (None)26|53 00|RETURN_VALUE return None11121314 10|6f 12|JUMP_IF_FALSE_OR_POP(to 18)16|6e 04|JUMP_FORWARD (
172、to 22)1:0|64 00|LOAD_CONST (a)1 2|65 00|LOAD_NAME (_file_)2 4|04 00|DUP_TOP3 6|03 00|ROT_THREE4 8|6b 01|COMPARE_OP (=)56 12|64 01|LOAD_CONST (b)7 14|6b 01|COMPARE_OP (=);TOS=(to 18)18|02 00|ROT_TWO10 20|01 00|POP_TOP11 22|01 00|POP_TOP12 24|64 02|LOAD_CONST (None)13 26|53 00|RETURN_VALUE return None
173、14BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerChained Compare Parse Tree(new code)Python Expression:a=_file_=bBB_START 1 Basic Block 1compare_chained 0.expr pare_chained_middle .4.jifop 0.10 JUMP_IF_FALSE_OR_POP 18 to 18nnn 1.10 BB_
174、END 1 Basic Block 1 5.12 BB_START 2 Basic Block 2 pare_chained_right .2.16 JUMP_FORWARD 22 to 22 3.16 BB_END 2 Basic Block 2 2.18 BB_START 3 Basic Block 3 3.18 SIBLING_BLOCK 4.18 ROT_TWO 5.20 POP_TOP 6.20 BB_END 3 Basic Block 3 7.20 BLOCK_END_JOIN 3 Basic Block DominatorSet6171
175、81920BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerChained Compare Parse Tree(new code)Python Expression:a=_file_=bBB_START 1 Basic Block 1compare_chained 0.expr pare_chained_middle .4.jifop 0.10 JUMP_IF_FALSE_OR_POP 18 to 18nnn 1.10
176、BB_END 1 Basic Block 1 5.12 BB_START 2 Basic Block 2 pare_chained_right .2.16 JUMP_FORWARD 22 to 22 3.16 BB_END 2 Basic Block 2 2.18 BB_START 3 Basic Block 3 3.18 SIBLING_BLOCK 4.18 ROT_TWO 5.20 POP_TOP 6.20 BB_END 3 Basic Block 3 7.20 BLOCK_END_JOIN 3 Basic Block DominatorSet6
177、17181920BB_START 1 Basic Block 1nnn 1.10 BB_END 1 Basic Block 1 5.12 BB_START 2 Basic Block 2 3.16 BB_END 2 Basic Block 2 2.18 BB_START 3 Basic Block 3 3.18 SIBLING_BLOCK 6.20 BB_END 3 Basic Block 3 7.20 BLOCK_END_JOIN 3 Basic Block DominatorSet1compare_chained2 0.expr3 .4 pare_chained_middle5 .6 4.
178、jifop7 0.10 JUMP_IF_FALSE_OR_POP 18 to 188910 pare_chained_right11 .12 2.16 JUMP_FORWARD 22 to 2213141516 4.18 ROT_TWO17 5.20 POP_TOP181920BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerClassifying Scopes and Important Control-FlowPoin
179、ts i:int=6 zero_bits=0 one_bits=0#loop dominator while i 0:#if dominator if i%0:#first sibling one_bits+=1 else:#second sibling zero_bits+=1#join point i 0:#if dominator if i%0:#first sibling one_bits+=1 else:#second sibling zero_bits+=1#join point i 0:#if dominator if i%0:#first sibling one_bits+=1
180、 else:#second sibling zero_bits+=1#join point i 0:#if dominator if i%0:#first sibling one_bits+=1 else:#second sibling zero_bits+=1#join point i 0:#if dominator if i%0:#first sibling one_bits+=1 else:#second sibling zero_bits+=1#join point i 0:5678910111213 i 0:#if dominator if i%0:#first sibling on
181、e_bits+=1 else:#second sibling zero_bits+=1#join point i 0:#if dominator if i%0:#first sibling one_bits+=1 else:#second sibling zero_bits+=1#join point i 0:5678910111213 i 0:5#if dominator6 if i%0:789 else:101112#join point13 i 0:56 if i%0:78 one_bits+=19 else:1011 zero_bits+=11213 i 11415 print(one
182、_bits,zero_bits)16BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerControl Flow Produced from control_flowBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerDominator Regions a
183、nd DominatorsBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerGeneral RemarksBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerGeneral RemarksOther Python decompilersBlackHat
184、Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerGeneral RemarksOther Python decompilersGeneral-Purpose DecompilersBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerGeneral RemarksOthe
185、r Python decompilersGeneral-Purpose DecompilersHow Control Flow DiffersBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerGeneral RemarksOther Python decompilersGeneral-Purpose DecompilersHow Control Flow DiffersChoice of Intermediate Lang
186、uageBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerWrapping Up1.Understand,pinpoint,report,and even fix problems.2.Understand how Python text code is related to its bytecode.3.Extend this code for newer Python Bytecode.4.Use these tech
187、niques in other High-level Bytecode Languages:BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerThanksJohn Aycott and Hartmut GoebelBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode Deco
188、mpilerThanksJohn Aycott and Hartmut GoebelBlackHat 2024 Asia Reviewers and OrganizersBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerThanksJohn Aycott and Hartmut GoebelBlackHat 2024 Asia Reviewers and OrganizersPhil Young and Speaker-C
189、oaching ProgramBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerThanksJohn Aycott and Hartmut GoebelBlackHat 2024 Asia Reviewers and OrganizersPhil Young and Speaker-Coaching ProgramStuart FrankelBlackHat Asia 2024/rockygnu.org-uncompyle
190、6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerThanksJohn Aycott and Hartmut GoebelBlackHat 2024 Asia Reviewers and OrganizersPhil Young and Speaker-Coaching ProgramStuart FrankelYouBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level B
191、ytecode DecompilerAdditional InformationPython Decompilers:,andCross-Version Python Disassembler:Python Control Flow:Older Decompiler Paper:PyCon Columbia 2018 talk slides:PyCon Columbia 2018 talk video:Additional Slides:Slide Text:https:/pypi.org/project/uncompyle6https:/pypi.org/project/decompyle3/https:/pypi.org/project/xdishttps:/ Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode Decompiler