Binary

Python - Build Executable

wanna convert a script to a executable ?

Build a Sample Script

cat << EOF > main.py
a = "top"
b = "secret"
print("This is", a, b)
EOF
python3 main.py
This is top secret

update poetry ?

doas poetry self update
poetry self update

or

pip install poetry -U

add pyinstaller

poetry init
poetry add pyinstaller

build Binary

poetry run pyinstaller main.py --onefile

check Binary

ls -la dist/
file dist/main
ls -la dist/
4735533 Jun 26 22:17 main

```.sh
file dist/main
file dist/main
dist/main: ELF 64-bit LSB shared object, x86-64, version 1

run Binary

./dist/main
./dist/main
Hello World! geheim

find “Strings”

strings dist/main |sort
strings dist/main |sort
...
unsetenv
vfprintf
vsnprintf
w3M9
waitpid
wcsncpy
|$8H
~$E1

find Keywords in Strings

strings dist/main |grep -E "top|secret"
strings dist/main |grep -E "top|secret"
# -> nothing found

Object Dump

objdump -x dist/main
objdump -x dist/main

dist/main:     file format elf64-x86-64
dist/main
architecture: i386:x86-64, flags 0x00000150:
HAS_SYMS, DYNAMIC, D_PAGED
start address 0x0000000000005ed0

Program Header:
    PHDR off    0x0000000000000040 vaddr 0x0000000000000040 paddr 0x0000000000000040 align 2**3
         filesz 0x00000000000002a0 memsz 0x00000000000002a0 flags r--
  INTERP off    0x00000000000002e0 vaddr 0x00000000000002e0 paddr 0x00000000000002e0 align 2**0
         filesz 0x0000000000000013 memsz 0x0000000000000013 flags r--
    LOAD off    0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**12
         filesz 0x0000000000004ecc memsz 0x0000000000004ecc flags r--
    LOAD off    0x0000000000004ed0 vaddr 0x0000000000005ed0 paddr 0x0000000000005ed0 align 2**12
         filesz 0x0000000000007700 memsz 0x0000000000007700 flags --x
    LOAD off    0x000000000000c5d0 vaddr 0x000000000000e5d0 paddr 0x000000000000e5d0 align 2**12
         filesz 0x0000000000000918 memsz 0x0000000000000918 flags rw-
    LOAD off    0x000000000000cee8 vaddr 0x000000000000fee8 paddr 0x000000000000fee8 align 2**12
         filesz 0x0000000000000004 memsz 0x000000000000602c flags rw-
 DYNAMIC off    0x000000000000c900 vaddr 0x000000000000e900 paddr 0x000000000000e900 align 2**3
         filesz 0x0000000000000140 memsz 0x0000000000000140 flags rw-
   RELRO off    0x000000000000c5d0 vaddr 0x000000000000e5d0 paddr 0x000000000000e5d0 align 2**0
         filesz 0x0000000000000918 memsz 0x0000000000000a30 flags r--
EH_FRAME off    0x0000000000003c1c vaddr 0x0000000000003c1c paddr 0x0000000000003c1c align 2**2
         filesz 0x000000000000030c memsz 0x000000000000030c flags r--
OPENBSD_RANDOMIZE off    0x000000000000c5d0 vaddr 0x000000000000e5d0 paddr 0x000000000000e5d0 align 2**3
         filesz 0x0000000000000308 memsz 0x0000000000000308 flags rw-
   STACK off    0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**0
         filesz 0x0000000000000000 memsz 0x0000000000000000 flags rw-
    NOTE off    0x00000000000002f4 vaddr 0x00000000000002f4 paddr 0x00000000000002f4 align 2**2
         filesz 0x0000000000000018 memsz 0x0000000000000018 flags r--

Dynamic Section:
  NEEDED      libm.so.10.1
  NEEDED      libz.so.7.0
  NEEDED      libc.so.97.0
  FLAGS_1     0x8000000
  DEBUG       0x0
  RELA        0xf50
  RELASZ      0x6d8
  RELAENT     0x18
  RELACOUNT   0x46
  JMPREL      0x1628
  PLTRELSZ    0x6d8
  PLTGOT      0xec88
  PLTREL      0x7
  SYMTAB      0x310
  SYMENT      0x18
  STRTAB      0xcd8
  STRSZ       0x272
  GNU_HASH    0xa48
  HASH        0xa68

Sections:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .interp       00000013  00000000000002e0  00000000000002e0  000002e0  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  1 .note.openbsd.ident 00000018  00000000000002f4  00000000000002f4  000002f4  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  2 .dynsym       00000738  0000000000000310  0000000000000310  00000310  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  3 .gnu.hash     00000020  0000000000000a48  0000000000000a48  00000a48  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  4 .hash         00000270  0000000000000a68  0000000000000a68  00000a68  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  5 .dynstr       00000272  0000000000000cd8  0000000000000cd8  00000cd8  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  6 .rela.dyn     000006d8  0000000000000f50  0000000000000f50  00000f50  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  7 .rela.plt     000006d8  0000000000001628  0000000000001628  00001628  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  8 .rodata       00001f1c  0000000000001d00  0000000000001d00  00001d00  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  9 .eh_frame_hdr 0000030c  0000000000003c1c  0000000000003c1c  00003c1c  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 10 .eh_frame     00000fa4  0000000000003f28  0000000000003f28  00003f28  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 11 .text         00006d90  0000000000005ed0  0000000000005ed0  00004ed0  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 12 .init         0000000e  000000000000cc60  000000000000cc60  0000bc60  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 13 .fini         0000000e  000000000000cc70  000000000000cc70  0000bc70  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 14 .plt          00000950  000000000000cc80  000000000000cc80  0000bc80  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 15 .openbsd.randomdata 00000308  000000000000e5d0  000000000000e5d0  0000c5d0  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 16 .jcr          00000008  000000000000e8d8  000000000000e8d8  0000c8d8  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 17 .ctors        00000010  000000000000e8e0  000000000000e8e0  0000c8e0  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 18 .dtors        00000010  000000000000e8f0  000000000000e8f0  0000c8f0  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 19 .dynamic      00000140  000000000000e900  000000000000e900  0000c900  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 20 .got          00000248  000000000000ea40  000000000000ea40  0000ca40  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 21 .got.plt      00000260  000000000000ec88  000000000000ec88  0000cc88  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 22 .data         00000004  000000000000fee8  000000000000fee8  0000cee8  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 23 .bss          00006024  000000000000fef0  000000000000fef0  0000ceec  2**4
                  ALLOC
SYMBOL TABLE:
no symbols

Disassemble

objdump -d dist/main
objdump -d dist/main |head -100

dist/main:     file format elf64-x86-64

Disassembly of section .text:

0000000000005ed0 <.text>:
    5ed0:	48 89 d1             	mov    %rdx,%rcx
    5ed3:	48 8b 3c 24          	mov    (%rsp),%rdi
    5ed7:	48 8d 54 fc 10       	lea    0x10(%rsp,%rdi,8),%rdx
    5edc:	48 8d 74 24 08       	lea    0x8(%rsp),%rsi
    5ee1:	48 83 ec 08          	sub    $0x8,%rsp
    5ee5:	48 83 e4 f0          	and    $0xfffffffffffffff0,%rsp
    5ee9:	48 83 c4 08          	add    $0x8,%rsp
    5eed:	eb 01                	jmp    5ef0 <_csu_finish@plt-0x6da0>
    5eef:	cc                   	int3
    5ef0:	55                   	push   %rbp
    5ef1:	48 89 e5             	mov    %rsp,%rbp
    5ef4:	41 57                	push   %r15
    5ef6:	41 56                	push   %r14
    5ef8:	41 55                	push   %r13
    5efa:	41 54                	push   %r12
    5efc:	53                   	push   %rbx
    5efd:	50                   	push   %rax
    5efe:	49 89 cd             	mov    %rcx,%r13
    5f01:	49 89 d4             	mov    %rdx,%r12
    5f04:	49 89 f6             	mov    %rsi,%r14
    5f07:	41 89 ff             	mov    %edi,%r15d
    5f0a:	48 89 f7             	mov    %rsi,%rdi
    5f0d:	48 89 d6             	mov    %rdx,%rsi
    5f10:	48 8b d1             	mov    %rcx,%rdx
    5f13:	e8 98 6d 00 00       	callq  ccb0 <_Jv_RegisterClasses@plt>
    5f18:	48 8b d8             	mov    %rax,%rbx
    5f1b:	4d 85 ed             	test   %r13,%r13
    5f1e:	0f 85 db 00 00 00    	jne    5fff <_csu_finish@plt-0x6c91>
    5f24:	48 89 5d d0          	mov    %rbx,0xffffffffffffffd0(%rbp)
    5f28:	48 8d 1d a1 ff ff ff 	lea    -95(%rip),%rbx        # 5ed0 <_csu_finish@plt-0x6dc0>
    5f2f:	48 8d 0d 9a ff ff ff 	lea    -102(%rip),%rcx        # 5ed0 <_csu_finish@plt-0x6dc0>
    5f36:	48 29 d9             	sub    %rbx,%rcx
    5f39:	48 8d 41 07          	lea    0x7(%rcx),%rax
    5f3d:	48 85 c9             	test   %rcx,%rcx
    5f40:	48 8b d1             	mov    %rcx,%rdx
    5f43:	48 0f 48 d0          	cmovs  %rax,%rdx
    5f47:	48 c1 fa 03          	sar    $0x3,%rdx
    5f4b:	74 46                	je     5f93 <_csu_finish@plt-0x6cfd>
    5f4d:	48 85 c9             	test   %rcx,%rcx
    5f50:	48 0f 49 c1          	cmovns %rcx,%rax
    5f54:	48 c1 f8 03          	sar    $0x3,%rax
    5f58:	48 83 f8 02          	cmp    $0x2,%rax
    5f5c:	41 bd 01 00 00 00    	mov    $0x1,%r13d
    5f62:	4c 0f 43 e8          	cmovae %rax,%r13
    5f66:	eb 08                	jmp    5f70 <_csu_finish@plt-0x6d20>
    5f68:	cc                   	int3
    5f69:	cc                   	int3
    5f6a:	cc                   	int3
    5f6b:	cc                   	int3
    5f6c:	cc                   	int3
    5f6d:	cc                   	int3
    5f6e:	cc                   	int3
    5f6f:	cc                   	int3
    5f70:	4c 8b 1b             	mov    (%rbx),%r11
    5f73:	44 89 ff             	mov    %r15d,%edi
    5f76:	4c 89 f6             	mov    %r14,%rsi
    5f79:	4c 89 e2             	mov    %r12,%rdx
    5f7c:	31 c9                	xor    %ecx,%ecx
    5f7e:	e8 9d 00 00 00       	callq  6020 <_csu_finish@plt-0x6c70>
    5f83:	48 87 d8             	xchg   %rbx,%rax
    5f86:	48 83 c0 08          	add    $0x8,%rax
    5f8a:	48 87 d8             	xchg   %rbx,%rax
    5f8d:	49 83 c5 ff          	add    $0xffffffffffffffff,%r13
    5f91:	75 dd                	jne    5f70 <_csu_finish@plt-0x6d20>
    5f93:	4c 8d 2d 36 ff ff ff 	lea    -202(%rip),%r13        # 5ed0 <_csu_finish@plt-0x6dc0>
    5f9a:	48 8d 0d 2f ff ff ff 	lea    -209(%rip),%rcx        # 5ed0 <_csu_finish@plt-0x6dc0>
    5fa1:	4c 29 e9             	sub    %r13,%rcx
    5fa4:	48 8d 41 07          	lea    0x7(%rcx),%rax
    5fa8:	48 85 c9             	test   %rcx,%rcx
    5fab:	48 8b d1             	mov    %rcx,%rdx
    5fae:	48 0f 48 d0          	cmovs  %rax,%rdx
    5fb2:	48 c1 fa 03          	sar    $0x3,%rdx
    5fb6:	74 3c                	je     5ff4 <_csu_finish@plt-0x6c9c>
    5fb8:	48 85 c9             	test   %rcx,%rcx
    5fbb:	48 0f 49 c1          	cmovns %rcx,%rax
    5fbf:	48 c1 f8 03          	sar    $0x3,%rax
    5fc3:	48 83 f8 02          	cmp    $0x2,%rax
    5fc7:	bb 01 00 00 00       	mov    $0x1,%ebx
    5fcc:	48 0f 43 d8          	cmovae %rax,%rbx
    5fd0:	4d 8b 5d 00          	mov    0x0(%r13),%r11
    5fd4:	44 89 ff             	mov    %r15d,%edi
    5fd7:	4c 89 f6             	mov    %r14,%rsi
    5fda:	4c 89 e2             	mov    %r12,%rdx
    5fdd:	31 c9                	xor    %ecx,%ecx
    5fdf:	e8 3c 00 00 00       	callq  6020 <_csu_finish@plt-0x6c70>
    5fe4:	49 83 c5 08          	add    $0x8,%r13
    5fe8:	48 87 d8             	xchg   %rbx,%rax
    5feb:	48 83 c0 ff          	add    $0xffffffffffffffff,%rax
    5fef:	48 87 d8             	xchg   %rbx,%rax
    5ff2:	75 dc                	jne    5fd0 <_csu_finish@plt-0x6cc0>
    5ff4:	c6 05 45 9f 00 00 01 	movb   $0x1,40773(%rip)        # ff40 <memcmp@plt+0x2e30>
    5ffb:	48 8b 5d d0          	mov    0xffffffffffffffd0(%rbp),%rbx
    5fff:	e8 5c 6c 00 00       	callq  cc60 <_csu_finish@plt-0x30>
    6004:	48 8b 13             	mov    (%rbx),%rdx
...

-> at least the variables are not obviously found in the binary. but don’t want to know what ghidra says about it :(