Pinpoint(源伞) 破解

环境配置

sudo apt-get install cmake
wget https://github.com/zrax/pycdc/archive/refs/heads/master.zip
unzip master.zip
cd pycdc-master
cmake CMakeLists.txt
make
sudo make install

[ 82%] Building CXX object CMakeFiles/pycxx.dir/bytes/python_39.cpp.o
[ 85%] Linking CXX static library libpycxx.a
[ 85%] Built target pycxx
Scanning dependencies of target pycdc
[ 87%] Building CXX object CMakeFiles/pycdc.dir/pycdc.cpp.o
[ 90%] Building CXX object CMakeFiles/pycdc.dir/ASTree.cpp.o
[ 92%] Building CXX object CMakeFiles/pycdc.dir/ASTNode.cpp.o
[ 95%] Linking CXX executable pycdc
[ 95%] Built target pycdc
Scanning dependencies of target pycdas
[ 97%] Building CXX object CMakeFiles/pycdas.dir/pycdas.cpp.o
[100%] Linking CXX executable pycdas
[100%] Built target pycdas
➜  pycdc-master sudo make install
[ 85%] Built target pycxx
[ 95%] Built target pycdc
[100%] Built target pycdas
Install the project...
-- Install configuration: ""
-- Installing: /usr/local/bin/pycdas
-- Installing: /usr/local/bin/pycdc
➜  pycdc-master

license文件上传接口:/platform/upload_file。

全局搜索Need valid license file无结果。于是搜索upload_file。

➜  pinpoint find . -type f|xargs grep -a 'upload_file' 2>/dev/null |awk -F ':' '{print $1}'|sort|uniq
./pp-platform/pp_service/celery/celery_tasks.pyc
./pp-platform/report/services/local_reports_manager.pyc
./pp-platform/src/models/pinpoint_task.pyc
./pp-platform/src/views/main_blueprint.pyc
./third-party/Python3.6/lib/python3.6/distutils/command/__pycache__/upload.cpython-36.opt-1.pyc
./third-party/Python3.6/lib/python3.6/distutils/command/__pycache__/upload.cpython-36.opt-2.pyc
./third-party/Python3.6/lib/python3.6/distutils/command/__pycache__/upload.cpython-36.pyc
./third-party/Python3.6/lib/python3.6/distutils/command/upload.py
./third-party/Python3.6/lib/python3.6/site-packages/pip/_vendor/distlib/index.py
./third-party/Python3.6/lib/python3.6/site-packages/pip/_vendor/distlib/__pycache__/index.cpython-36.pyc
./third-party/Python3.6/lib/python3.6/site-packages/setuptools/command/__pycache__/upload_docs.cpython-36.pyc
./third-party/Python3.6/lib/python3.6/site-packages/setuptools/command/upload_docs.py
./third-party/Python3.6/lib/python3.6/site-packages/setuptools/_distutils/command/__pycache__/upload.cpython-36.pyc
./third-party/Python3.6/lib/python3.6/site-packages/setuptools/_distutils/command/upload.py
./web/platform/js/b8fe9eeb4d9ede3e17f8.js

1	`uncompyle6 ./pp-platform/src/views/main_blueprint.pyc`

1	`pycdas ./pp-platform/src/views/main_blueprint.pyc`

[Code]
File Name: /tmp/.cache/pp-platform/1eeee29886d99e482e50f6e68b59916a/install/src/views/main_blueprint.py
Object Name: upload_file
Arg Count: 0
KW Only Arg Count: 0
Locals: 7
Stack Size: 4
Flags: 0x00000013 (CO_OPTIMIZED | CO_NEWLOCALS | CO_NESTED)
[Names]
    'jsonify'
    'HTTPStatus'
    'INTERNAL_SERVER_ERROR'
    'REQUEST_FORMAT_ERR_MSG'
    'request'
    'files'
    'filename'
    'secure_filename'
    '_MainBlueprintManager__platform_manager'
    'tmp_dir'
    'os'
    'path'
    'join'
    'name'
    'isdir'
    'makedirs'
    'save'
    'validate_file'
    'OK'
[Var Names]
    'format_err_res'
    'file'
    'filename'
    'tmp_dir'
    'upload_dir'
    'file_path'
    'res'
[Free Vars]
    'self'
[Cell Vars]
[Constants]
    None
    (
        'code'
        'errmsg'
    )
    'file'
    'upload'
    448
    (
        'mode'
    )
    (
        'code'
        'data'
    )
[Disassembly]
    0       LOAD_GLOBAL             0: jsonify
    2       LOAD_GLOBAL             1: HTTPStatus
    4       LOAD_ATTR               2: INTERNAL_SERVER_ERROR
    6       LOAD_GLOBAL             3: REQUEST_FORMAT_ERR_MSG
    8       LOAD_CONST              1: ('code', 'errmsg')
    10      CALL_FUNCTION_KW        2
    12      STORE_FAST              0: format_err_res
    14      LOAD_CONST              2: 'file'
    16      LOAD_GLOBAL             4: request
    18      LOAD_ATTR               5: files
    20      COMPARE_OP              7 (not in)
    22      POP_JUMP_IF_FALSE       28
    24      LOAD_FAST               0: format_err_res
    26      RETURN_VALUE
    28      LOAD_GLOBAL             4: request
    30      LOAD_ATTR               5: files
    32      LOAD_CONST              2: 'file'
    34      BINARY_SUBSCR
    36      STORE_FAST              1: file
    38      LOAD_FAST               1: file
    40      POP_JUMP_IF_FALSE       158
    42      LOAD_FAST               1: file
    44      LOAD_ATTR               6: filename
    46      POP_JUMP_IF_FALSE       158
    48      LOAD_GLOBAL             7: secure_filename
    50      LOAD_FAST               1: file
    52      LOAD_ATTR               6: filename
    54      CALL_FUNCTION           1
    56      STORE_FAST              2: filename
    58      LOAD_DEREF              0: self
    60      LOAD_ATTR               8: _MainBlueprintManager__platform_manager
    62      LOAD_ATTR               9: tmp_dir
    64      STORE_FAST              3: tmp_dir
    66      LOAD_GLOBAL             10: os
    68      LOAD_ATTR               11: path
    70      LOAD_ATTR               12: join
    72      LOAD_FAST               3: tmp_dir
    74      LOAD_ATTR               13: name
    76      LOAD_CONST              3: 'upload'
    78      CALL_FUNCTION           2
    80      STORE_FAST              4: upload_dir
    82      LOAD_GLOBAL             10: os
    84      LOAD_ATTR               11: path
    86      LOAD_ATTR               14: isdir
    88      LOAD_FAST               4: upload_dir
    90      CALL_FUNCTION           1
    92      POP_JUMP_IF_TRUE        108
    94      LOAD_GLOBAL             10: os
    96      LOAD_ATTR               15: makedirs
    98      LOAD_FAST               4: upload_dir
    100     LOAD_CONST              4: 448
    102     LOAD_CONST              5: ('mode',)
    104     CALL_FUNCTION_KW        2
    106     POP_TOP
    108     LOAD_GLOBAL             10: os
    110     LOAD_ATTR               11: path
    112     LOAD_ATTR               12: join
    114     LOAD_FAST               4: upload_dir
    116     LOAD_FAST               2: filename
    118     CALL_FUNCTION           2
    120     STORE_FAST              5: file_path
    122     LOAD_FAST               1: file
    124     LOAD_ATTR               16: save
    126     LOAD_FAST               5: file_path
    128     CALL_FUNCTION           1
    130     POP_TOP
    132     LOAD_DEREF              0: self
    134     LOAD_ATTR               8: _MainBlueprintManager__platform_manager
    136     LOAD_ATTR               17: validate_file
    138     LOAD_FAST               5: file_path
    140     CALL_FUNCTION           1
    142     STORE_FAST              6: res
    144     LOAD_GLOBAL             0: jsonify
    146     LOAD_GLOBAL             1: HTTPStatus
    148     LOAD_ATTR               18: OK
    150     LOAD_FAST               6: res
    152     LOAD_CONST              6: ('code', 'data')
    154     CALL_FUNCTION_KW        2
    156     RETURN_VALUE
    158     LOAD_FAST               0: format_err_res
    160     RETURN_VALUE
    162     LOAD_CONST              0: None
    164     RETURN_VALUE
'MainBlueprintManager.define_license_manager_routes.<locals>.upload_file'

upload_file会调用_MainBlueprintManager__platform_manager.validate_file()

validate_file定义在文件./pp-platform/src/services/pp_platform_manager.pyc中，同样无法使用uncompyle6反编译。

[Code]
File Name: /tmp/.cache/pp-platform/1eeee29886d99e482e50f6e68b59916a/install/src/services/pp_platform_manager.py
Object Name: validate_file
Arg Count: 1
KW Only Arg Count: 0
Locals: 10
Stack Size: 17
Flags: 0x00000043 (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)
[Names]
    'get_os_buf_limit'
    'pp_service.consts'
    'm'
    'join'
    'os'
    'path'
    'PP_DATA_PATH'
    'isfile'
    'shutil'
    'move'
    'Path'
    'PLATFORM_APP_ROOT_PATH'
    'exists'
    'copy'
    'str'
    'OSError'
    'logger'
    'exception'
    'remove'
[Var Names]
    'file_path'
    'l'
    '_'
    'm'
    'msg'
    'flag'
    'new_path'
    'static_download_dir'
    'download_file'
    'e'
[Free Vars]
[Cell Vars]
[Constants]
    None
    0
    (
        'm'
    )
    ''
    False
    [Code]
        File Name: /tmp/.cache/pp-platform/1eeee29886d99e482e50f6e68b59916a/install/src/services/pp_platform_manager.py
        Object Name: <listcomp>
        Arg Count: 1
        KW Only Arg Count: 0
        Locals: 2
        Stack Size: 4
        Flags: 0x00000053 (CO_OPTIMIZED | CO_NEWLOCALS | CO_NESTED | CO_NOFREE)
        [Names]
            'chr'
        [Var Names]
            '.0'
            'c'
        [Free Vars]
        [Cell Vars]
        [Constants]
        [Disassembly]
            0       BUILD_LIST              0
            2       LOAD_FAST               0: .0
            4       FOR_ITER                12 (to 18)
            6       STORE_FAST              1: c
            8       LOAD_GLOBAL             0: chr
            10      LOAD_FAST               1: c
            12      CALL_FUNCTION           1
            14      LIST_APPEND             2
            16      JUMP_ABSOLUTE           4
            18      RETURN_VALUE
    'PPPlatformManager.validate_file.<locals>.<listcomp>'
    [Code]
        File Name: /tmp/.cache/pp-platform/1eeee29886d99e482e50f6e68b59916a/install/src/services/pp_platform_manager.py
        Object Name: <listcomp>
        Arg Count: 1
        KW Only Arg Count: 0
        Locals: 2
        Stack Size: 4
        Flags: 0x00000053 (CO_OPTIMIZED | CO_NEWLOCALS | CO_NESTED | CO_NOFREE)
        [Names]
            'chr'
        [Var Names]
            '.0'
            'c'
        [Free Vars]
        [Cell Vars]
        [Constants]
        [Disassembly]
            0       BUILD_LIST              0
            2       LOAD_FAST               0: .0
            4       FOR_ITER                12 (to 18)
            6       STORE_FAST              1: c
            8       LOAD_GLOBAL             0: chr
            10      LOAD_FAST               1: c
            12      CALL_FUNCTION           1
            14      LIST_APPEND             2
            16      JUMP_ABSOLUTE           4
            18      RETURN_VALUE
    1
    True
    [Code]
        File Name: /tmp/.cache/pp-platform/1eeee29886d99e482e50f6e68b59916a/install/src/services/pp_platform_manager.py
        Object Name: <listcomp>
        Arg Count: 1
        KW Only Arg Count: 0
        Locals: 2
        Stack Size: 4
        Flags: 0x00000053 (CO_OPTIMIZED | CO_NEWLOCALS | CO_NESTED | CO_NOFREE)
        [Names]
            'chr'
        [Var Names]
            '.0'
            'c'
        [Free Vars]
        [Cell Vars]
        [Constants]
        [Disassembly]
            0       BUILD_LIST              0
            2       LOAD_FAST               0: .0
            4       FOR_ITER                12 (to 18)
            6       STORE_FAST              1: c
            8       LOAD_GLOBAL             0: chr
            10      LOAD_FAST               1: c
            12      CALL_FUNCTION           1
            14      LIST_APPEND             2
            16      JUMP_ABSOLUTE           4
            18      RETURN_VALUE
    4
    '.bak'
    'pp_service'
    'jobs'
    'nginx_static'
    'download'
    [Code]
        File Name: /tmp/.cache/pp-platform/1eeee29886d99e482e50f6e68b59916a/install/src/services/pp_platform_manager.py
        Object Name: <listcomp>
        Arg Count: 1
        KW Only Arg Count: 0
        Locals: 2
        Stack Size: 4
        Flags: 0x00000053 (CO_OPTIMIZED | CO_NEWLOCALS | CO_NESTED | CO_NOFREE)
        [Names]
            'chr'
        [Var Names]
            '.0'
            'c'
        [Free Vars]
        [Cell Vars]
        [Constants]
        [Disassembly]
            0       BUILD_LIST              0
            2       LOAD_FAST               0: .0
            4       FOR_ITER                12 (to 18)
            6       STORE_FAST              1: c
            8       LOAD_GLOBAL             0: chr
            10      LOAD_FAST               1: c
            12      CALL_FUNCTION           1
            14      LIST_APPEND             2
            16      JUMP_ABSOLUTE           4
            18      RETURN_VALUE
    (
        'flag'
        'msg'
    )
[Disassembly]
    0       LOAD_GLOBAL             0: get_os_buf_limit
    2       LOAD_FAST               0: file_path
    4       CALL_FUNCTION           1
    6       UNPACK_SEQUENCE         2
    8       STORE_FAST              1: l
    10      STORE_FAST              2: _
    12      LOAD_CONST              1: 0
    14      LOAD_CONST              2: ('m',)
    16      IMPORT_NAME             1: pp_service.consts
    18      IMPORT_FROM             2: m
    20      STORE_FAST              3: m
    22      POP_TOP
    24      LOAD_CONST              3: ''
    26      STORE_FAST              4: msg
    28      LOAD_CONST              4: False
    30      STORE_FAST              5: flag
    32      LOAD_FAST               1: l
    34      LOAD_CONST              4: False
    36      COMPARE_OP              8 (is)
    38      POP_JUMP_IF_FALSE       66
    40      LOAD_CONST              3: ''
    42      LOAD_ATTR               3: join
    44      LOAD_CONST              5: <CODE> <listcomp>
    46      LOAD_CONST              6: 'PPPlatformManager.validate_file.<locals>.<listcomp>'
    48      MAKE_FUNCTION           0
    50      LOAD_FAST               3: m
    52      LOAD_CONST              1: 0
    54      BINARY_SUBSCR
    56      GET_ITER
    58      CALL_FUNCTION           1
    60      CALL_FUNCTION           1
    62      STORE_FAST              4: msg
    64      JUMP_FORWARD            38 (to 104)
    66      LOAD_FAST               1: l
    68      LOAD_CONST              0: None
    70      COMPARE_OP              8 (is)
    72      POP_JUMP_IF_FALSE       100
    74      LOAD_CONST              3: ''
    76      LOAD_ATTR               3: join
    78      LOAD_CONST              7: <CODE> <listcomp>
    80      LOAD_CONST              6: 'PPPlatformManager.validate_file.<locals>.<listcomp>'
    82      MAKE_FUNCTION           0
    84      LOAD_FAST               3: m
    86      LOAD_CONST              8: 1
    88      BINARY_SUBSCR
    90      GET_ITER
    92      CALL_FUNCTION           1
    94      CALL_FUNCTION           1
    96      STORE_FAST              4: msg
    98      JUMP_FORWARD            4 (to 104)
    100     LOAD_CONST              9: True
    102     STORE_FAST              5: flag
    104     LOAD_FAST               5: flag
    106     POP_JUMP_IF_FALSE       312
    110     LOAD_GLOBAL             4: os
    112     LOAD_ATTR               5: path
    114     LOAD_ATTR               3: join
    116     LOAD_GLOBAL             6: PP_DATA_PATH
    118     LOAD_CONST              3: ''
    120     LOAD_ATTR               3: join
    122     LOAD_CONST              10: <CODE> <listcomp>
    124     LOAD_CONST              6: 'PPPlatformManager.validate_file.<locals>.<listcomp>'
    126     MAKE_FUNCTION           0
    128     LOAD_FAST               3: m
    130     LOAD_CONST              11: 4
    132     BINARY_SUBSCR
    134     GET_ITER
    136     CALL_FUNCTION           1
    138     CALL_FUNCTION           1
    140     CALL_FUNCTION           2
    142     STORE_FAST              6: new_path
    144     LOAD_GLOBAL             4: os
    146     LOAD_ATTR               5: path
    148     LOAD_ATTR               7: isfile
    150     LOAD_FAST               6: new_path
    152     CALL_FUNCTION           1
    154     POP_JUMP_IF_FALSE       174
    156     LOAD_GLOBAL             8: shutil
    158     LOAD_ATTR               9: move
    160     LOAD_FAST               6: new_path
    162     LOAD_FAST               6: new_path
    164     FORMAT_VALUE            0
    166     LOAD_CONST              12: '.bak'
    168     BUILD_STRING            2
    170     CALL_FUNCTION           2
    172     POP_TOP
    174     LOAD_GLOBAL             8: shutil
    176     LOAD_ATTR               9: move
    178     LOAD_FAST               0: file_path
    180     LOAD_FAST               6: new_path
    182     CALL_FUNCTION           2
    184     POP_TOP
    186     LOAD_GLOBAL             10: Path
    188     LOAD_GLOBAL             11: PLATFORM_APP_ROOT_PATH
    190     LOAD_CONST              13: 'pp_service'
    192     LOAD_CONST              14: 'jobs'
    194     LOAD_CONST              15: 'nginx_static'
    196     LOAD_CONST              16: 'download'
    198     CALL_FUNCTION           5
    200     STORE_FAST              7: static_download_dir
    202     LOAD_GLOBAL             10: Path
    204     LOAD_FAST               7: static_download_dir
    206     LOAD_CONST              3: ''
    208     LOAD_ATTR               3: join
    210     LOAD_CONST              17: <CODE> <listcomp>
    212     LOAD_CONST              6: 'PPPlatformManager.validate_file.<locals>.<listcomp>'
    214     MAKE_FUNCTION           0
    216     LOAD_FAST               3: m
    218     LOAD_CONST              11: 4
    220     BINARY_SUBSCR
    222     GET_ITER
    224     CALL_FUNCTION           1
    226     CALL_FUNCTION           1
    228     CALL_FUNCTION           2
    230     STORE_FAST              8: download_file
    232     LOAD_FAST               8: download_file
    234     LOAD_ATTR               12: exists
    236     CALL_FUNCTION           0
    238     POP_JUMP_IF_FALSE       322
    242     SETUP_EXCEPT            20 (to 264)
    244     LOAD_GLOBAL             8: shutil
    246     LOAD_ATTR               13: copy
    248     LOAD_FAST               6: new_path
    250     LOAD_GLOBAL             14: str
    252     LOAD_FAST               8: download_file
    254     CALL_FUNCTION           1
    256     CALL_FUNCTION           2
    258     POP_TOP
    260     POP_BLOCK
    262     JUMP_FORWARD            46 (to 310)
    264     DUP_TOP
    266     LOAD_GLOBAL             15: OSError
    268     COMPARE_OP              10 (<EXCEPTION MATCH>)
    270     POP_JUMP_IF_FALSE       308
    274     POP_TOP
    276     STORE_FAST              9: e
    278     POP_TOP
    280     SETUP_FINALLY           16 (to 298)
    282     LOAD_GLOBAL             16: logger
    284     LOAD_ATTR               17: exception
    286     LOAD_FAST               9: e
    288     CALL_FUNCTION           1
    290     POP_TOP
    292     POP_BLOCK
    294     POP_EXCEPT
    296     LOAD_CONST              0: None
    298     LOAD_CONST              0: None
    300     STORE_FAST              9: e
    302     DELETE_FAST             9: e
    304     END_FINALLY
    306     JUMP_FORWARD            2 (to 310)
    308     END_FINALLY
    310     JUMP_FORWARD            10 (to 322)
    312     LOAD_GLOBAL             4: os
    314     LOAD_ATTR               18: remove
    316     LOAD_FAST               0: file_path
    318     CALL_FUNCTION           1
    320     POP_TOP
    322     LOAD_FAST               5: flag
    324     LOAD_FAST               4: msg
    326     LOAD_CONST              18: ('flag', 'msg')
    328     BUILD_CONST_KEY_MAP     2
    330     RETURN_VALUE

关键函数get_os_buf_limit，仅看这个函数名并不能猜测它的功能。

这个函数在文件./pp-platform/pp_service/utils.pyc中定义，这个文件居然可以用uncompyle6反编译成功。

def get_os_buf_limit(env=None):
    from pp_service.consts import m
    RES_LEN = 9
    ERROR_RES = (None, [None] * RES_LEN)
    if windows:
        return ERROR_RES
    else:
        if env is None:
            from common.consts import PP_DATA_PATH
            p = os.path.join(PP_DATA_PATH, '*') + ''.join([chr(c) for c in m[2]])
            os_env = glob.glob(p)
            if os_env:
                env = os_env[0]
            else:
                return ERROR_RES
        so = os.path.join(PP_ROOT_PATH, 'lib', 'libdhl.so')
        r = []
        lib = None
        try:
            try:
                lib = ctypes.cdll.LoadLibrary(so)
                if not os.path.isfile(env):
                    return ERROR_RES
                result = ctypes.c_uint16(1)
                result_p = ctypes.c_void_p(ctypes.addressof(result))
                ret = lib.get_attribute(ctypes.c_char_p(env.encode(encoding=PREFERRED_ENCODING, errors='surrogateescape')), 0, result_p, 2)
                if ret == 0:
                    r.append(result.value)
                else:
                    r.append(None)
                ret = lib.cs(env.encode(encoding=PREFERRED_ENCODING, errors='surrogateescape'))
                if ret != 1:
                    return ERROR_RES
                default_size = 10001603
                tmp_size1 = ctypes.c_ulonglong(lib.f_1(env.encode(encoding=PREFERRED_ENCODING, errors='surrogateescape'))).value
                r.append(None)
                tmp_size2 = ctypes.c_ulonglong(lib.f_2(env.encode(encoding=PREFERRED_ENCODING, errors='surrogateescape'))).value
                r.append(False)
                for i in (1, 3, 4, 5, 6, 7):
                    result = ctypes.create_string_buffer(1024)
                    ret = lib.get_attribute(ctypes.c_char_p(env.encode(encoding=PREFERRED_ENCODING, errors='surrogateescape')), i, result, len(result))
                    if ret == 0:
                        r.append(result.value.decode())
                    else:
                        r.append(None)

                tmp_size3 = ctypes.c_ulonglong(lib.f_3(env.encode(encoding=PREFERRED_ENCODING, errors='surrogateescape'))).value
                r_len = len(r)
                if len(r) < RES_LEN:
                    r.extend([None] * (RES_LEN - r_len))
                tmp_size4 = ctypes.c_ulonglong(lib.f_4(env.encode(encoding=PREFERRED_ENCODING, errors='surrogateescape'))).value
                tmp_size5 = ctypes.c_ulonglong(lib.f_5(env.encode(encoding=PREFERRED_ENCODING, errors='surrogateescape'))).value
                tmp_size6 = ctypes.c_ulonglong(lib.f_6(env.encode(encoding=PREFERRED_ENCODING, errors='surrogateescape'))).value
                if all(size == default_size for size in (tmp_size1, tmp_size2, tmp_size3, tmp_size4, tmp_size5, tmp_size6)):
                    r[2] = True
                else:
                    r[2] = None
                if not r[2]:
                    return (
                     None, r)
            except Exception as e:
                if DEBUG:
                    raise e
                return ERROR_RES

        finally:
            if lib:
                try:
                    libdl = ctypes.cdll.LoadLibrary('libdl.so.2')
                    libdl.dlclose(ctypes.c_void_p(lib._handle))
                    del lib
                except Exception:
                    pass

        return (
         True, r)

实际上是调用了so中的函数。env就是license文件的路径。

if env is None:
    from common.consts import PP_DATA_PATH
    p = os.path.join(PP_DATA_PATH, '*') + ''.join([chr(c) for c in m[2]])
    os_env = glob.glob(p)
    if os_env:
        env = os_env[0]
    else:
        return ERROR_RES

根据这段代码发现开发者将关键字符串都进行了转换，保存在consts，使用时需要转码。

# ./pp-platform/pp_service/consts.pyc
m = [
    [ 84, 104, 101, 32, 108, 105, 99, 101, 110, 115, 101, 32, 102, 105, 108, 101, 32, 105, 115, 32, 101, 120, 112, 105, 114, 101, 100], 
    [ 78, 101, 101, 100, 32, 118, 97, 108, 105, 100, 32, 108, 105, 99, 101, 110, 115, 101, 32, 102, 105, 108, 101], 
    [ 46, 108, 105, 99], 
    [ 37, 89, 45, 37, 109, 45, 37, 100], 
    [ 115, 98, 114, 101, 108, 108, 97, 46, 108, 105, 99]
]

Patch urils.py 实现破解:

1 2	`def get_os_buf_limit(env=None): return (True, [1024, None, True, '20990101235959', 'enterprise', '123456@qq.com', 'TEST', 'TEST', 'TEST'])`

解决uncompyle6反编译失败

1	Parse error at or near `STORE_ANNOTATION' instruction at offset 484

根据报错信息可以确定是在反编译STORE_ANNOTATION指令时发生错误。

Python3.6.3指令表(Python-3.6.3/Include/opcode.h)：

/* Instruction opcodes for compiled code */
#define POP_TOP                   1
#define ROT_TWO                   2
#define ROT_THREE                 3
#define DUP_TOP                   4
#define DUP_TOP_TWO               5
#define NOP                       9
#define UNARY_POSITIVE           10
#define UNARY_NEGATIVE           11
#define UNARY_NOT                12
#define UNARY_INVERT             15
#define BINARY_MATRIX_MULTIPLY   16
#define INPLACE_MATRIX_MULTIPLY  17
#define BINARY_POWER             19
#define BINARY_MULTIPLY          20
#define BINARY_MODULO            22
#define BINARY_ADD               23
#define BINARY_SUBTRACT          24
#define BINARY_SUBSCR            25
#define BINARY_FLOOR_DIVIDE      26
#define BINARY_TRUE_DIVIDE       27
#define INPLACE_FLOOR_DIVIDE     28
#define INPLACE_TRUE_DIVIDE      29
#define GET_AITER                50
#define GET_ANEXT                51
#define BEFORE_ASYNC_WITH        52
#define INPLACE_ADD              55
#define INPLACE_SUBTRACT         56
#define INPLACE_MULTIPLY         57
#define INPLACE_MODULO           59
#define STORE_SUBSCR             60
#define DELETE_SUBSCR            61
#define BINARY_LSHIFT            62
#define BINARY_RSHIFT            63
#define BINARY_AND               64
#define BINARY_XOR               65
#define BINARY_OR                66
#define INPLACE_POWER            67
#define GET_ITER                 68
#define GET_YIELD_FROM_ITER      69
#define PRINT_EXPR               70
#define LOAD_BUILD_CLASS         71
#define YIELD_FROM               72
#define GET_AWAITABLE            73
#define INPLACE_LSHIFT           75
#define INPLACE_RSHIFT           76
#define INPLACE_AND              77
#define INPLACE_XOR              78
#define INPLACE_OR               79
#define BREAK_LOOP               80
#define WITH_CLEANUP_START       81
#define WITH_CLEANUP_FINISH      82
#define RETURN_VALUE             83
#define IMPORT_STAR              84
#define SETUP_ANNOTATIONS        85
#define YIELD_VALUE              86
#define POP_BLOCK                87
#define END_FINALLY              88
#define POP_EXCEPT               89
#define HAVE_ARGUMENT            90
#define STORE_NAME               90
#define DELETE_NAME              91
#define UNPACK_SEQUENCE          92
#define FOR_ITER                 93
#define UNPACK_EX                94
#define STORE_ATTR               95
#define DELETE_ATTR              96
#define STORE_GLOBAL             97
#define DELETE_GLOBAL            98
#define LOAD_CONST              100
#define LOAD_NAME               101
#define BUILD_TUPLE             102
#define BUILD_LIST              103
#define BUILD_SET               104
#define BUILD_MAP               105
#define LOAD_ATTR               106
#define COMPARE_OP              107
#define IMPORT_NAME             108
#define IMPORT_FROM             109
#define JUMP_FORWARD            110
#define JUMP_IF_FALSE_OR_POP    111
#define JUMP_FORWARD            110
#define JUMP_IF_FALSE_OR_POP    111
#define JUMP_IF_TRUE_OR_POP     112
#define JUMP_ABSOLUTE           113
#define POP_JUMP_IF_FALSE       114
#define POP_JUMP_IF_TRUE        115
#define LOAD_GLOBAL             116
#define CONTINUE_LOOP           119
#define SETUP_LOOP              120
#define SETUP_EXCEPT            121
#define SETUP_FINALLY           122
#define LOAD_FAST               124
#define STORE_FAST              125
#define DELETE_FAST             126
#define STORE_ANNOTATION        127
#define RAISE_VARARGS           130
#define CALL_FUNCTION           131
#define MAKE_FUNCTION           132
#define BUILD_SLICE             133
#define LOAD_CLOSURE            135
#define LOAD_DEREF              136
#define STORE_DEREF             137
#define DELETE_DEREF            138
#define CALL_FUNCTION_KW        141
#define CALL_FUNCTION_EX        142
#define SETUP_WITH              143
#define EXTENDED_ARG            144
#define LIST_APPEND             145
#define SET_ADD                 146
#define MAP_ADD                 147
#define LOAD_CLASSDEREF         148
#define BUILD_LIST_UNPACK       149
#define BUILD_MAP_UNPACK        150
#define BUILD_MAP_UNPACK_WITH_CALL 151
#define BUILD_TUPLE_UNPACK      152
#define BUILD_SET_UNPACK        153
#define SETUP_ASYNC_WITH        154
#define FORMAT_VALUE            155
#define BUILD_CONST_KEY_MAP     156
#define BUILD_STRING            157
#define BUILD_TUPLE_UNPACK_WITH_CALL 158

根据指令序列，可以定位到STORE_ANNOTATION指令的位置。

1
2
3

STORE_ANNOTATION 127 0x7f
LOAD_ATTR 106 0x6a
LOAD_NAME 101 0x65

尝试将0x7f替换成其他指令后(如0x01)，反编译成功。

def define_license_manager_routes(self):
    @self.blueprint.route('/upload_file', methods=['POST'])
    @login_access
    def upload_file():
        format_err_res = jsonify(code=(HTTPStatus.INTERNAL_SERVER_ERROR), errmsg=REQUEST_FORMAT_ERR_MSG)
        if 'file' not in request.files:
            return format_err_res
        else:
            file = request.files['file']
            if file:
                if file.filename:
                    filename = secure_filename(file.filename)
                    tmp_dir = self._MainBlueprintManager__platform_manager.tmp_dir
                    upload_dir = os.path.join(tmp_dir.name, 'upload')
                    if not os.path.isdir(upload_dir):
                        os.makedirs(upload_dir, mode=448)
                    file_path = os.path.join(upload_dir, filename)
                    file.save(file_path)
                    res = self._MainBlueprintManager__platform_manager.validate_file(file_path)
                    return jsonify(code=(HTTPStatus.OK), data=res)
            return format_err_res

# 
from pp_service.utils import get_os_buf_limit

@staticmethod
def validate_file(file_path):
    l, _ = get_os_buf_limit(file_path)
    from pp_service.consts import m
    msg = ''
    flag = False
    if l is False:
        msg = ''.join([chr(c) for c in m[0]])
    else:
        if l is None:
            msg = ''.join([chr(c) for c in m[1]])
        else:
            flag = True
        if flag:
            new_path = os.path.join(PP_DATA_PATH, ''.join([chr(c) for c in m[4]]))
            if os.path.isfile(new_path):
                shutil.move(new_path, f"{new_path}.bak")
        else:
            shutil.move(file_path, new_path)
            static_download_dir = Path(PLATFORM_APP_ROOT_PATH, 'pp_service', 'jobs', 'nginx_static', 'download')
            download_file = Path(static_download_dir, ''.join([chr(c) for c in m[4]]))
            if download_file.exists():
                try:
                    shutil.copy(new_path, str(download_file))
                except OSError as e:
                    logger.exception(e)

            else:
                os.remove(file_path)
    return {'flag':flag, 'msg':msg}

note

JD-encrypt8还原上一篇

Pinpoint 破解下一篇