• Stars
    star
    900
  • Rank 50,742 (Top 1.0 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 5 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Python decompiler for 3.7-3.8 Stripped down from uncompyle6 so we can refactor and start to fix up some long-standing problems

TravisCI CircleCI PyPI Installs

decompyle3

A native Python cross-version decompiler and fragment decompiler. A reworking of uncompyle6.

Introduction

decompyle3 translates Python bytecode back into equivalent Python source code. It accepts bytecodes from Python version 3.7 on.

For decompilation of older Python bytecode see uncompyle6.

Why this?

Uncompyle6 is awesome, but it has a fundamental problem in the way it handles control flow. In the early days of Python when there was little optimization and code was generated in a very template-oriented way, figuring out control flow-structures could be done by simply looking at code patterns.

Over the years more code optimization, specifically around handling jumps has made it harder to support detecting control flow strictly from code patterns. This was noticed as far back as Python 2.4 (2004) but since this is a difficult problem, so far it hasn't been tackled in a satisfactory way.

The initial attempt to fix to this problem was to add markers in the instruction stream, initially this was a COME_FROM instruction, and then use that in pattern detection.

Over the years, I've extended that to be more specific, so COME_FROM_LOOP and COME_FROM_WITH were added. And I added checks at grammar-reduce time to make try to make sure jumps match with supposed COME_FROM targets.

However all of this is complicated, not robust, has greatly slowed down deparsing and is not really tenable.

So in this project we started rewriting and refactoring the grammar.

However it is clear that even this isn't enough. Control flow needs to be addressed by using dominators and reverse-dominators which the python-control-flow project can give.

This I am finally slowly doing in yet another non-public project. It is a lot of work. Funding in the form of sponsorhip while greatly appreciated isn't commensurate with the amount of effort, and currently I have a full-time job. So it may take time before it is available publicly.

Requirements

The code here can be run on Python versions 3.7 or 3.8. The bytecode files it can read have been tested on Python bytecodes from versions 3.7 and 3.8.

Installation

You can install from PyPI using the name decompyle3:

pip install decompyle3

To install from source code, this project uses setup.py, so it follows the standard Python routine:

$ pip install -e .  # set up to run from source tree

or:

$ python setup.py install # may need sudo

A GNU Makefile is also provided so make install (possibly as root or sudo) will do the steps above.

Running Tests

make check

A GNU makefile has been added to smooth over setting running the right command, and running tests from fastest to slowest.

If you have remake installed, you can see the list of all tasks including tests via remake --tasks

Usage

Run

$ decompyle3 *compiled-python-file-pyc-or-pyo*

For usage help:

$ decompyle3 -h

Verification

If you want Python syntax verification of the correctness of the decompilation process, add the --syntax-verify option. However since Python syntax changes, you should use this option if the bytecode is the right bytecode for the Python interpreter that will be checking the syntax.

You can also cross compare the results with another python decompiler like unpyc37 . Since they work differently, bugs here often aren't in that, and vice versa.

There is an interesting class of these programs that is readily available give stronger verification: those programs that when run test themselves. Our test suite includes these.

And Python comes with another a set of programs like this: its test suite for the standard library. We have some code in test/stdlib to facilitate this kind of checking too.

Known Bugs/Restrictions

We support only released versions, not candidate versions. Note however that the magic of a released version is usually the same as the last candidate version prior to release.

We also don't handle PJOrion or otherwise obfuscated code. For PJOrion try: PJOrion Deobfuscator to unscramble the bytecode to get valid bytecode before trying this tool; pydecipher might help with that.

This program can't decompile Microsoft Windows EXE files created by Py2EXE, although we can probably decompile the code after you extract the bytecode properly. Pydeinstaller may help with unpacking Pyinstaller bundlers.

Handling pathologically long lists of expressions or statements is slow. We don't handle Cython or MicroPython which don't use bytecode.

There are numerous bugs in decompilation. And that's true for every other CPython decompiler I have encountered, even the ones that claimed to be "perfect" on some particular version like 2.4.

As Python progresses decompilation also gets harder because the compilation is more sophisticated and the language itself is more sophisticated. I suspect that attempts there will be fewer ad-hoc attempts like unpyc37 (which is based on a 3.3 decompiler) simply because it is harder to do so. The good news, at least from my standpoint, is that I think I understand what's needed to address the problems in a more robust way. But right now until such time as project is better funded, I do not intend to make any serious effort to support Python versions 3.8 or 3.9, including bugs that might come in. I imagine at some point I may be interested in it.

You can easily find bugs by running the tests against the standard test suite that Python uses to check itself. At any given time, there are dozens of known problems that are pretty well isolated and that could be solved if one were to put in the time to do so. The problem is that there aren't that many people who have been working on bug fixing.

You may run across a bug, that you want to report. Please do so. But be aware that it might not get my attention for a while. If you sponsor or support the project in some way, I'll prioritize your issues above the queue of other things I might be doing instead.

See Also

More Repositories

1

python-uncompyle6

A cross-version Python bytecode decompiler
Python
3,298
star
2

remake

Enhanced GNU Make - tracing, error reporting, debugging, profiling and more
C
776
star
3

zshdb

gdb-like "trepan" debugger for zsh
Shell
288
star
4

python-xdis

Python cross-version bytecode library and disassembler
Python
223
star
5

elisp-bytecode

Let's document Emacs Lisp Bytecode (Lisp Assembly Program) instructions
Emacs Lisp
178
star
6

python3-trepan

A gdb-like Python3 Debugger in the Trepan family
Python
137
star
7

python-xasm

Python cross version bytecode/wordcode assembler
Python
88
star
8

python2-trepan

A gdb-like Python 2.x Debugger in the Trepan family
Python
88
star
9

rb-trepanning

Ruby MRI 2.1.5, 1.9.3 or 1.9.2 debugger. See also rbx-trepanning
Ruby
73
star
10

python-control-flow

Control-Flow, Dominator Tree, and dot output from Python bytecode
Python
47
star
11

python-spark

An Earley-Algorithm Context-free grammar Parser Toolkit
Python
44
star
12

libcdio-paranoia

CD paranoia on top of libcdio
C
43
star
13

go-fish

A simple go REPL building on top of the go-interactive expression evaluator
Go
41
star
14

columnize

Arrange an array aligned in columns vertically or horizontally.
Ruby
37
star
15

Perl-Devel-Trepan

Perl port of trepanning debugger
Perl
35
star
16

kshdb

Korn Shell (93v- 2014-12-24 or greater) Debugger
Shell
33
star
17

ssa-interp

A Go SSA Debugger and Interpreter
Go
31
star
18

emacs-load-relative

Relative loads for Emacs Lisp files. Adds functions __FILE__ and load-relative and require-relative.
Emacs Lisp
29
star
19

emacs-test-simple

Unit tests for GNU emacs that work interactively and in batch
Emacs Lisp
27
star
20

elisp-decompile

Emacs Lisp Decompiler
Python
26
star
21

pydb

Older python debugger (please use python-trepan2 instead)
Python
23
star
22

shell-term-background

POSIX shell scripts to figure out if a terminal has a dark or light background
Shell
23
star
23

rb-threadframe

Frame introspection in Ruby 2.1.5, 1.9.3 and 1.9.2
C
17
star
24

trepan-xpy

Debugger in the Trepan family for x-python
Python
16
star
25

pycolumnize

Python module to align a simple (not nested) list in columns. Adapted from the routine of the same name inside cmd.py
Python
15
star
26

trepanjs

A more gdb-like debugger for nodejs. In style of the trepan family of debuggers.
JavaScript
15
star
27

elisp-earley

Earley parser in Emacs Lisp
Emacs Lisp
15
star
28

rbx-trepanning

Ruby debugger for Rubinius 2.0x. See also rb-trepanning
Ruby
14
star
29

ipython-trepan

Add ipython magic to call python trepan
Python
12
star
30

emacs-loc-changes

Emacs package to help users and programs keep track of positions even after buffer changes.
Emacs Lisp
10
star
31

go-play

Automatically exported from code.google.com/p/go-play
JavaScript
9
star
32

pycdio

Python interface to the libcdio - the CD Input and Control library
Python
9
star
33

trepan-ni

A more gdb-like (v8) node-inspect (v8), in the trepan debugger family
JavaScript
7
star
34

solc-lsp

LSP functions for solidity using solc's AST
TypeScript
7
star
35

python2ruby

A real hacky way to convert between Python and Ruby
Emacs Lisp
7
star
36

vcdimager

GNU VCDImager
C
7
star
37

pytest-trepan

pytest plugin to invoke the trepan debugger
Python
6
star
38

emacs-test-unit

Simple Emacs Test/Unit framework (but see also emacs-test-simple)
Emacs Lisp
6
star
39

go-eval

Fork of 0xfaded/go-eval before API change that broke ssa-interp. This is temporary until ssa-interp is fixed properly.
Go
6
star
40

solc-vscode

Microsoft LSP functions VSCode extension for Solidity
TypeScript
6
star
41

p5-Term-ReadLine-Perl5

A Perl5 implementation GNU Readline
Perl
5
star
42

rocky.github.com

Rocky's talks
JavaScript
5
star
43

rbx-require-relative

Ruby 1.9's require_relative for rubinius and MRI 1.8. Compatibility on 1.9..2
Ruby
5
star
44

linecache

Read and cache Ruby source-code file information
Ruby
4
star
45

go-gnureadline

Go bindings for GNU Readline
Go
4
star
46

python-loctraceback

Python 3.6 API traceback module adding in fragment decomplation info for more precise location information
Python
3
star
47

rbx-tracer

set_trace_func for Rubinius
Ruby
3
star
48

rb-lpsolve

Ruby bindings for lpsolve 5.5.10
C
3
star
49

gjchaitin

Two years circa 1982 I knew GJChaitin
TeX
3
star
50

pytracer

Automatically exported from code.google.com/p/pytracer
Python
3
star
51

Perl-Array-Columnize

Display Arrays in nice columns. Port of Ruby Columnize
Perl
3
star
52

rb-parsetree19

C Extension to support ParseTree for Ruby 1.9
Ruby
3
star
53

rb-trace

Ruby trace hook enhancements
Ruby
3
star
54

solidity-language-server

TypeScript
3
star
55

bashdb

Bash debugger (code imported from sourceforge)
Shell
3
star
56

decompile-2.4

Python decompiler for Python 1.5-2.4 (for historical archive)
Python
2
star
57

Perl-Syntax

Perl module for syntax checking a string or Perl file. Like perl -c, but with more control over output
Perl
2
star
58

go-types

Freeze save code.google.com/p/go.tools/go/types before API changed and broke go-fish
Go
2
star
59

klondike

A slightly less lame version of gnome-games klondike solitaire program
Scheme
2
star
60

rb8-trepanning

Backport of rb{,x}-trepanning to MRI 1.8 with some tolerance for MRI 1.9.2
Ruby
2
star
61

ps-watcher

Rewrite of sourceforge ps-watcher in Ruby
Ruby
2
star
62

Perl-Devel-Callsite

Get caller Perl OP address
Perl
2
star
63

go-importer

Freeze save code.google.com/p/go.tools/importer before API changed and broke go-fish
Go
2
star
64

Perl-Devel-Trepan-TTY

Remote debugging support via pseudo ttys
Perl
2
star
65

csharp-columnize

C# version of Ruby columnize
C#
1
star
66

Perl-Task-Trepan

A Perl task to get the most out of Devel::Trepan
Perl
1
star
67

um

Universal machine
Python
1
star
68

Perl-Devel-Trepan-Disassemble

Adds "disassemble" command to Perl-Devel-Trepan
Perl
1
star
69

go-gcimporter

Freeze save code.google.com/p/go.tools/go/gcimporter before API changed and broke go-fish
Go
1
star
70

ruby19-headers

Additional Ruby 1.9 headers for introspection (rb-threadframe, rb-parsetree19)
C
1
star
71

p5-lead-sentence

Find leading sentence in some text
Perl
1
star
72

python-filecache

module for Python module for reading and caching lines. This may be useful for example in a debugger where the same lines are shown many times.
Python
1
star
73

python-deparse

deparse fragments of python code (via uncompyle)
Python
1
star
74

Perl-B-CodeLines

List executable lines of a Perl program
Perl
1
star
75

p5-B-DeparseTree

Perl's B::Deparse saving OP Tree Information and text fragments accessible by OP address
Perl
1
star
76

Perl-Devel-Trepan-Shell

Adds an Interactive Shell to Devel::Trepan
Perl
1
star
77

Perl-Devel-Trepan-Psh

Devel::Trepan plugin to add an interactive shell via "psh"
Perl
1
star
78

irb-method-capture

Save module, methods and classes in irb exactly the way you entered them
Ruby
1
star
79

python-perl-translations

1
star
80

go-columnize

A Go module to format a simple (i.e. not nested) list into aligned columns.
Go
1
star
81

mult-by-constants

Code, library, and tables to search for optimal sequences of shift, adds, and subtracts to multiply by a constant.
Jupyter Notebook
1
star
82

p5-Term-ReadLine-Perl5-Demo

Shell for learning and experimenting with Term::ReadLine::Perl5
Perl
1
star
83

go-loader

fork of "experimental" loader which breaks our code too much can causes too much unappreciated reworking.
Go
1
star
84

emacs.d-modes

My customized emacs.d modes
Emacs Lisp
1
star
85

pfor

A simple server blast script
Perl
1
star
86

p5-Devel-Trepan-Deparse

Adds a "deparse" command to Devel::Trepan
Perl
1
star
87

go-astutil

Copy of golang.org/x/tools/astutil. It is a pity one has to resort to tricks like this, but one can't rely on golang.org/x/tools/astutil, what it was called before or is called now or (possibly) the API
Go
1
star
88

Perl-Device-Cdio

Perl bindings for libcdio
Perl
1
star
89

Perl-Devel-Trepan-BWProcessor

Bullwinkle Protocol Processor for Devel::Trepan - useful for front-ends controlling Devel::Trepan
Perl
1
star
90

pygtk3-pstree

GNU/Linux process tree animation in real time using PyGTK
Python
1
star