Update python3 to 3.13

.github/ISSUE_TEMPLATE/new_pip_package.yml

@@ -21,7 +21,7 @@ body:
     attributes:
       label: Tool Name
       description: |
-        The name of the tool being installed with `py -3.10 -m pip install <tool_name><version>`, Example: `autoit-ripper`.
+        The name of the tool being installed with `py -3.13 -m pip install <tool_name><version>`, Example: `autoit-ripper`.
       placeholder: ex. autoit-ripper
     validations:
       required: true
@@ -32,7 +32,7 @@ body:
     attributes:
       label: Package type
       description: |
-        - **`PIP`** - A Python tool installed with `py -3.10 -m pip install <tool_name><version>`. Example: `py -3.10 -m pip install magika==0.5.0`
+        - **`PIP`** - A Python tool installed with `py -3.13 -m pip install <tool_name><version>`. Example: `py -3.13 -m pip install magika==0.5.0`
 
         For other types of tools, use a different issue template.
       options:

packages/common.vm/common.vm.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>common.vm</id>
-    <version>0.0.0.20251208</version>
+    <version>0.0.0.20251215</version>
     <description>Common libraries for VM-packages</description>
     <authors>Mandiant</authors>
   </metadata>

packages/common.vm/tools/vm.common/vm.common.psm1

@@ -1885,7 +1885,7 @@ function VM-Pip-Install {
 
     	ForEach ($library in $libraries.Split(",")) {
         	# Ignore warning with `-W ignore` to avoid warnings like deprecation to fail the installation
-        	Invoke-Expression "py -3.10 -W ignore -m pip install $library --disable-pip-version-check 2>&1 >> $outputFile"
+        	Invoke-Expression "py -3.13 -W ignore -m pip install $library --disable-pip-version-check 2>&1 >> $outputFile"
     	}
     } catch {
         VM-Write-Log-Exception $_
@@ -1922,7 +1922,7 @@ function VM-Pip-Uninstall {
     param (
         [string]$package
     )
-    Invoke-Expression "py -3.10 -m pip uninstall $package -y --disable-pip-version-check 2>&1"
+    Invoke-Expression "py -3.13 -m pip uninstall $package -y --disable-pip-version-check 2>&1"
 }
 
 # Uninstall tool using Pip and remove shortcut in the Tools directory

packages/libraries.python3.vm/libraries.python3.vm.nuspec

@@ -2,13 +2,13 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>libraries.python3.vm</id>
-    <version>0.0.0.20251004</version>
+    <version>0.0.0.20251215</version>
     <description>Python 3 libraries useful for common reverse engineering tasks.</description>
     <authors>Several, check in pypi.org for every of the libraries</authors>
     <dependencies>
-      <dependency id="common.vm" version="0.0.0.20250206" />
+      <dependency id="common.vm" version="0.0.0.20251215" />
       <dependency id="vcbuildtools.vm" version="0.0.0.20250729" />
-      <dependency id="python3.vm" />
+      <dependency id="python3.vm" version="0.0.0.20251215" />
     </dependencies>
     <tags>Python</tags>
   </metadata>

packages/libraries.python3.vm/tools/chocolateyinstall.ps1

@@ -21,21 +21,47 @@ try {
         VM-Pip-Install $installValue
 
         if ($LastExitCode -eq 0) {
-            Write-Host "`t[+] Installed Python 3.10 module: $($module.name)" -ForegroundColor Green
+            Write-Host "`t[+] Installed Python 3.13 module: $($module.name)" -ForegroundColor Green
         } else {
-            Write-Host "`t[!] Failed to install Python 3.10 module: $($module.name)" -ForegroundColor Red
+            Write-Host "`t[!] Failed to install Python 3.13 module: $($module.name)" -ForegroundColor Red
             $failures += $module.Name
         }
     }
 
     if ($failures.Count -gt 0) {
         foreach ($module in $failures) {
-            VM-Write-Log "ERROR" "Failed to install Python 3.10 module: $module"
+            VM-Write-Log "ERROR" "Failed to install Python 3.13 module: $module"
         }
         $outputFile = $outputFile.replace('lib\', 'lib-bad\')
         VM-Write-Log "ERROR" "Check $outputFile for more information"
         exit 1
     }
+
+    # Add Monkey Patch to `pyreadline3` for Python 3.13 compatibility
+    $sitePackages = python -c "import site; print(site.getsitepackages()[1])"
+    $potentialPath = Join-Path $sitePackages "readline.py"
+    if (Test-Path $potentialPath) {
+        $targetFile = $potentialPath
+    } else {
+        # Fallback, just in case.
+        try {
+            $targetFile = & $(Get-Command python).Source -c "import sys; sys.path.append(r'C:\Python313\Lib\site-packages'); import readline; print(readline.__file__)"
+        } catch {
+            $targetFile = $null
+        }
+    }
+    if ($targetFile -and (Test-Path $targetFile)) {
+        $content = Get-Content $targetFile -Raw
+        if ($content -match "backend = 'pyreadline'") {
+            Write-Host "Already patched!" -ForegroundColor Yellow
+        } else {
+            Add-Content -Path $targetFile -Value "`n# Patch for Python 3.13`nbackend = 'pyreadline'"
+            Write-Host "Patch applied to: $targetFile" -ForegroundColor Green
+        }
+    } else {
+        Write-Host "Could not locate readline file." -ForegroundColor Red
+    }
+
     # Avoid WARNINGs to fail the package install
     exit 0
 } catch {

packages/libraries.python3.vm/tools/modules.xml

@@ -3,11 +3,12 @@
     <module name="acefile"/>
     <module name="rpyc"/>
     <module name="art"/>
-    <module name="binwalk" url="https://github.com/ReFirmLabs/binwalk/archive/refs/tags/v2.3.3.zip"/>
     <module name="capstone"/>
     <module name="dissect"/>
     <module name="dncil"/>
     <module name="dnfile"/>
+    <module name="frida"/>
+    <module name="frida-tools"/>
     <module name="hexdump"/>
     <module name="jupyterlab==4.4.8"/>
     <module name="ldapdomaindump"/>
@@ -26,15 +27,10 @@
     <module name="pyreadline3"/>
     <module name="pythonnet"/>
     <module name="requests"/>
-    <module name="stringsifter"/>
-    <module name="uncompyle6"/>
     <module name="unicorn"/>
-    <module name="unpy2exe"/>
     <module name="vivisect"/>
     <module name="XLMMacroDeobfuscator"/>
     <module name="yara-python"/>
-    <module name="frida"/>
-    <module name="frida-tools"/>
     <!-- Dependencies of the internet detector tool that are also useful for malware analysis
       The internet detector needs to build the Python executable with a version of pyinstaller capable of executing in admin cmd.
       Fix also the version of pywin32 and icmplib to avoid issues

packages/python3.vm/python3.vm.nuspec

@@ -2,14 +2,14 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>python3.vm</id>
-    <version>0.0.0.20250801</version>
+    <version>0.0.0.20251215</version>
     <!-- Metapackage for Python 3 to ensure all packages use the same Python version -->
     <description>Python 3.</description>
     <authors>Mandiant</authors>
     <dependencies>
-      <dependency id="common.vm" version="0.0.0.20250206" />
+      <dependency id="common.vm" version="0.0.0.20251215" />
       <dependency id="vcredist140.vm"/>
-      <dependency id="python3" version="[3.10.0, 3.11.0)" />
+      <dependency id="python3" version="[3.13.0, 3.14.0)" />
     </dependencies>
     <tags>Python</tags>
   </metadata>

packages/stringsifter.vm/stringsifter.vm.nuspec

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>stringsifter.vm</id>
+    <version>3.0.0.20230711</version>
+    <authors>Philip Tully (FDS), Matthew Haigh (FLARE), Jay Gibble (FLARE), and Michael Sikorski (FLARE)</authors>
+    <description>StringSifter is a machine learning tool that automatically ranks strings based on their relevance for malware analysis.</description>
+    <dependencies>
+      <dependency id="common.vm" version="0.0.0.20250206" />
+      <!-- stringsifter.vm only verified to work up to python 3.11 -->
+      <dependency id="python311" />
+    </dependencies>
+    <tags>File Information</tags>
+    <projectUrl>https://github.com/mandiant/stringsifter</projectUrl>
+  </metadata>
+</package>

packages/stringsifter.vm/tools/chocolateyinstall.ps1

@@ -0,0 +1,12 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'stringsifter'
+$category = VM-Get-Category($MyInvocation.MyCommand.Definition)
+
+# Create output file to log python module installation details
+$outputFile = VM-New-Install-Log ${Env:VM_COMMON_DIR}
+Invoke-Expression "py -3.11 -W ignore -m pip install $toolName --disable-pip-version-check 2>&1 >> $outputFile"
+
+$cmdPath = (Get-Command cmd.exe).Source
+VM-Install-Shortcut -toolName $toolName -category $category -executablePath "flarestrings" -consoleApp $true -iconLocation $cmdPath

packages/stringsifter.vm/tools/chocolateyuninstall.ps1

@@ -0,0 +1,8 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'stringsifter'
+$category = VM-Get-Category($MyInvocation.MyCommand.Definition)
+
+Invoke-Expression "py -3.11 -m pip uninstall $toolName -y --disable-pip-version-check 2>&1"
+VM-Remove-Tool-Shortcut $toolName $category

packages/uncompyle6.vm/tools/chocolateyuninstall.ps1

@@ -4,4 +4,5 @@ Import-Module vm.common -Force -DisableNameChecking
 $toolName = 'uncompyle6'
 $category = VM-Get-Category($MyInvocation.MyCommand.Definition)
 
-VM-Uninstall-With-Pip $toolName $category
+VM-Remove-Tool-Shortcut $toolName $category
+Invoke-Expression "py.exe -3.13 -m pip uninstall $toolName -y --disable-pip-version-check 2>&1"

packages/uncompyle6.vm/uncompyle6.vm.nuspec

@@ -2,12 +2,12 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>uncompyle6.vm</id>
-    <version>3.9.2.20250716</version>
+    <version>3.9.2.20251215</version>
     <authors>rocky</authors>
     <description>uncompyle6 is a decompiler for Python 1.0-3.8.</description>
     <dependencies>
-      <dependency id="common.vm" version="0.0.0.20250206" />
-      <dependency id="python3.vm" />
+      <dependency id="common.vm" version="0.0.0.20251215" />
+      <dependency id="python3.vm" version="0.0.0.20251215" />
     </dependencies>
     <tags>Python</tags>
     <projectUrl>https://github.com/rocky/python-uncompyle6</projectUrl>

packages/unpy2exe.vm/tools/chocolateyinstall.ps1

@@ -0,0 +1,12 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'unpy2exe'
+$category = VM-Get-Category($MyInvocation.MyCommand.Definition)
+
+# Create output file to log python module installation details
+$outputFile = VM-New-Install-Log ${Env:VM_COMMON_DIR}
+Invoke-Expression "py -3.11 -W ignore -m pip install $toolName  --disable-pip-version-check 2>&1 >> $outputFile"
+
+$pyPath = (Get-Command py).Source
+VM-Install-Shortcut -toolName $toolName -category $category -executablePath $pyPath -consoleApp $true -arguments "-3.11 -m unpy2exe"

packages/unpy2exe.vm/tools/chocolateyuninstall.ps1

@@ -0,0 +1,8 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'unpy2exe'
+$category = VM-Get-Category($MyInvocation.MyCommand.Definition)
+
+Invoke-Expression "py -3.11 -m pip uninstall $toolName -y --disable-pip-version-check 2>&1"
+VM-Remove-Tool-Shortcut $toolName $category

packages/unpy2exe.vm/unpy2exe.vm.nuspec

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>unpy2exe.vm</id>
+    <version>0.0.0.20251215</version>
+    <authors>Matias Bordese</authors>
+    <description>unpy2exe extracts .pyc files from executables created with py2exe.</description>
+    <dependencies>
+      <dependency id="common.vm" version="0.0.0.20250206" />
+       <!-- unpy2exe.vm only verified to work up to python 3.11 -->
+      <dependency id="python311" />
+    </dependencies>
+    <tags>Python</tags>
+    <projectUrl>https://github.com/matiasb/unpy2exe</projectUrl>
+  </metadata>
+</package>

packages/unpyc3.vm/tools/chocolateyinstall.ps1

@@ -7,4 +7,4 @@ $category = VM-Get-Category($MyInvocation.MyCommand.Definition)
 VM-Pip-Install "https://github.com/greyblue9/unpyc37-3.10/archive/c1486ce3cf5b8fdfb5065e9c81a73a61481ed9ff.zip"
 
 $pyPath = (Get-Command py).Source
-VM-Install-Shortcut -toolName $toolName -category $category -executablePath $pyPath -consoleApp $true -arguments "-3.10 -m unpyc.unpyc3"
+VM-Install-Shortcut $toolName $category $pyPath -consoleApp $true -arguments "-3.13 -m unpyc.unpyc3"

packages/unpyc3.vm/tools/chocolateyuninstall.ps1

@@ -5,3 +5,4 @@ $toolName = 'unpyc3'
 $category = VM-Get-Category($MyInvocation.MyCommand.Definition)
 
 VM-Remove-Tool-Shortcut $toolName $category
+Invoke-Expression "py.exe -3.13 -m pip uninstall $toolName -y --disable-pip-version-check 2>&1"

packages/unpyc3.vm/unpyc3.vm.nuspec

@@ -2,12 +2,12 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>unpyc3.vm</id>
-    <version>0.0.0.20250716</version>
+    <version>0.0.0.20251215</version>
     <authors>David Reilly</authors>
     <description>unpyc3 is a decompiler for Python 3.7+.</description>
     <dependencies>
-      <dependency id="common.vm" version="0.0.0.20250206" />
-      <dependency id="libraries.python3.vm" />
+      <dependency id="common.vm" version="0.0.0.20251215" />
+      <dependency id="python3.vm" version="0.0.0.20251215" />
     </dependencies>
     <tags>Python</tags>
     <projectUrl>https://github.com/greyblue9/unpyc37-3.10</projectUrl>