pyREtic – Reversing obfuscated Python bytecode & live Python objects

Black Hat USA 2010

Presented by: Rich Smith
Date: Thursday July 29, 2010
Time: 10:00 - 11:00
Location: Neopolitan 1+2+3+4
Track: Reverse Engineering Redux

Increasing numbers of commercial and closed source applications are being developed in Python. The Developers of these applications are investing increasing amounts to stop people being able to see their source code through by a variety of bytecode obfuscation efforts.

At the same time Python is an increasingly present component of 'The Cloud' where traditional decompilation techniques fall down through lack of access to files on disk. This presentation outlines a methodology, and releases a toolkit, to be able to reverse obfuscated Python applications from live objects in memory as well as showing how to defeat the obfuscation techniques commonly employed today. This will allow people to find bugs in code that was previously opaque to them.

Rich Smith

Attack Research Val Smith has been involved in the computer security community and industry for over ten years. He currently works as a professional security researcher on a variety of problems in the security community. He specializes in penetration testing (over 40,000 machines assessed), reverse engineering and malware research. He works on the Metasploit Project development team as well as other vulnerability development efforts. Most recently Valsmith founded Attack Research which is devoted to deep understanding of the mechanics of computer attack. Previously Valsmith founded Offensive Computing, a public, open source malware research project.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats