Hacker News new | past | comments | ask | show | jobs | submit login
Unfuck: A utility for deobfuscating Python 2.7 bytecode (github.com/landaire)
82 points by mmastrac on Aug 13, 2021 | hide | past | favorite | 30 comments



Not to deobfuscate, but Rizin[1][2] supports disassembling the Python bytecode for both 2.x and 3.x versions out of the box.

[1] https://rizin.re

[2] https://github.com/rizinorg/rizin


I haven't heard of this tool before, but I don't think it would work for obfuscated code. Check out the graph image on my wiki [1]. While this image doesn't show the exact scenario, imagine that the first instruction is a `JUMP_ABSOLUTE 100` and the rest of the instructions between offset [3,100) are just garbage or invalid.

A naive disassembler (like the `dis` module in python) interprets the bytecode linearly -- i.e. one instruction after another. Rizin's diassembler [2] seems to take the same approach. The way I do disassembly is to only disassemble code paths that are potentially executed by queueing non-conditional jumps, both targets of a conditional jump, and the next instruction when the current instruction is non-jumping instruction.

[1] https://github.com/landaire/unfuck/wiki/Obfuscation-Tricks

[2] https://github.com/rizinorg/rizin/blob/e3d1b967854c33cf9dfbb...


Rizin is basically the name of a fork of Radare2 disassembler after the community had particularly nasty "value" disagreements.


We have diverged quite a lot already, it's not a simple rename etc. See https://news.ycombinator.com/item?id=27830230


Thanks for the details, we will look into that.


Look, I get that edgy names are fun, but I'm happy that I will never have to use this tool for work, and I pity the fool who has to explain why "unfuck" was needed to solve a real problem.


The Fuck[1] is a handy tool that I use daily in the office.

Is fsck something you'd avoid because of its name, or is the single letter change enough to make it safe?

[1] https://github.com/nvbn/thefuck


Fsck stands for file system check


Thanks for giving me an idea: I'll name each of my project I don't want to be used in professional setting with outrageous names for Americans. Btw Coq will be soon free to use for another project.


(Un)fortunately, it should be recognized that the name of the tool has an impact on what people will want to use. I think it's deliberately obtuse to ignore that certain workplaces just don't accept language like this.

But you go ahead and name your projects whatever foul names you can think of. It will never come back to bite you, I promise.


If your goal is to get usage in those types of workplaces sure otherwise it's obtuse to cater to them not the other way around. Even if you're not sure if you'll ever want it to go into such a place it's not like you can't rebrand your own project (unless you chose to not own it in which case it's not your concern anymore).


I’m going to write a personal budgeting app and call it <redacted for pearl-clutching Americans> (an archaic word for miser/pennypincher, roughly homophonous but etymologically unrelated to an extremely offensive slur)


There are people who get upset that Chancellor Merkel is leading Germany because they sincerely believe she is the granddaughter of Hitler, when there is a coincidental resemblance at best.

Those people who get upset with the synonym for “stingy person” because it sounds like the slur are the equivalent but for linguistics.

I didn’t even write it (to accommodate them) yet they still find my racy joke controversial.


Others have expressed the thought that this is a bad name because of obscenity. I think it's a bad name for another reason. It's incredibly generic and very likely people are already using some tool, likely an internal one, with exactly the same name. My houseguest was just bragging yesterday about a tool called unfuck he wrote for Wikipedia when he was there.

Call it py27-unfuck or unfuck-py27.

Reminds me of a guy who wrote a tool called "cmp" at an old employer. Stupid choice, man.


I feel bad for the person that had to deal with obfuscated Python 2.7 bytecode so frequently that they had the itch to write this.


Myself and other “enthusiasts” wanted to know how certain functionality was implemented in a commercial application, so I wrote this. I was taking about a month off from work for a winter break and spent 2 weeks deep diving and reverse engineering the initial PoC, and some time off and on over the next 2 months or so refining it. So far it’s been an invaluable tool for this enthusiast community.


I’ve seen people obfuscating .NET, gotta say seeing python bytecode getting used like this is a first…

God I hope the RenPy game studios don’t see the obfuscator.


Interesting dual licensing

> This project is dual-licensed under MIT and the ABSE ("Anyone But Stefan Esser") license. Note that an additional exception to the license is added, forbidding use/redistribution of said content to his trainees as well, but only when in a 5 mile radius from "Stefan Esser" or while holding any sort of (video)conference/chat with him.

> Note that this license will only be used as long as what would capstone decode / that one other arm64 ida plugin thing by i0n1c ("Stefan Esser") are not under the MIT license. afterwards, all exceptions are cleared and basically MIT license applies


But why?


Ooof, really bad name. Makes me think the project or maintainer are immature...


I am the maintainer. I explained on reddit:

>Why the name?

>

>There were many times that I looked at a code graph and said “this is fucked”. Seemed like a good name.

it's just a fun side project. not that serious


I was at a social event many years ago at a friend's home. Several families and their children were in attendance. One child started pulling books out of a bookcase. The mother said to the host, "Do you mind Jimmy taking books out of your bookcase?" She answered, "Well, I don't really mind -- but do you really want to be training your child that it's ok to be doing this?"

Yes, I do find it crass and offensive. But the real question is: Do you want to be known as someone who glibly uses this kind of language -- not even in a fit of anger, but totally gratuitously?


Fuck yes


Go big or go home, as they say...


Makes me think you are uptight. It's just a side project


Counterpoint: un-fuck is maybe the most engineery naughty word that exists.


"Successback". It's not naughty, it's just gross.

Failover / failback --> Successover / successback

Ugh.


Do you think the same for Brainfuck?


Not OP but yes, but free stuff can be as immature as they want, who is it going to be upset?


I absolutely adore the name.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: