Understanding Python disassembly with ChatGPT

Hello, I am morimolymoly!

Today, I am going to introduce how to treat disassembly code of Python with ChatGPT!

PyInstaller

You can create single application from Python sources with PyInstaller.

Simple code

executed result

This simple code is going to be a EXE file.

PyInstaller

EXE out from Pyinstaller behaves same as script one!

Executed result

pyinstxtractor

You can extract pyc(Python compiled file) with pyinstxtractor

Executed result

Extracted one

Extracted files are here.

Most interesting one is main.pyc.

HEX

Hex editor reveals this is not human readable file.

We need decompiler or disassembler.

pycdc

pycdc has decompiler and disassembler both!

However, decompiler sometimes emits garbage code.

Decompilation failure

Some CTFs has challenge of PyInstaller and sometimes it was made by new version of Python and pycdc does not work.

We have to look at disassembly code!

disassembly code

Here is a disassembly code!

This is simple script so easy to understand but sometimes you encounter complex script, you need another power./

ChatGPT

Prompt is “Tell me about this python decompilation”

Result is here!

Finally, ChatGPT decompiled this disaseembly code!

Decompiled code

Another prompt “What is decompiled code for this main.pyc?”

Conclusion

Feeding disassembly code of Python to ChatGPT is great technique for CTFers, Malware Analysts!

PyInstaller is really messy sometimes but disassembly is 90% works!

Let’s try!