Permalink
Browse files

adding initial project structure

  • Loading branch information...
0 parents commit bca11f9ae49dec917ed62d17a1d0fba6da644762 @rfk committed May 18, 2011
Showing with 273 additions and 0 deletions.
  1. +10 −0 .gitignore
  2. +5 −0 ChangeLog.txt
  3. +19 −0 LICENSE.txt
  4. +5 −0 MANIFEST.in
  5. +54 −0 README.rst
  6. +81 −0 mangler/__init__.py
  7. +29 −0 mangler/test.py
  8. +70 −0 setup.py
@@ -0,0 +1,10 @@
+*.pyc
+*.pyo
+*~
+*.swp
+build/
+dist/
+.coverage
+cover
+.tox
+*.egg-info
@@ -0,0 +1,5 @@
+
+v0.1.0:
+
+ * initial release; you might say *everything* has changed...
+
@@ -0,0 +1,19 @@
+Copyright (c) 2011 Ryan Kelly
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
@@ -0,0 +1,5 @@
+
+include README.rst
+include LICENSE.txt
+include ChangeLog.txt
+
@@ -0,0 +1,54 @@
+
+
+mangler: bytecode mangler for frozen python apps
+=================================================
+
+Mangler is a tool to obfuscate the bytecode of your frozen python applications.
+It makes it (slightly) harder for someone to take code from your app and use
+it for their own evil ends.
+
+Mangler works with the output of py2exe, py2app and cxfreeze. Support for
+bbfreeze and pyinstaller will be added eventually; if you desparately need
+such support you can slip me a fifty and I'll get right on it...
+
+
+Is it secure?
+-------------
+
+It's as secure as possible. Which is to say: no, it's not. A determined
+attacker will be able to obtain the unobfuscated bytecode of your program,
+decompile it to an approximation of your source code, and have his/her wicked
+way with the result.
+
+But remember: such reverse engineering is possible to some degree with *any*
+application, written in any language. Anyone who says differently is selling
+you snake oil.
+
+What mangler can do is make it harder. A standard frozen python application
+basically ships with a big zipfile of all your code in an easily decompiled
+form. Mangler applies some simple byte-level mangling to the contents of this
+zipfile, meaning extra work for someone who wants to get at its contents.
+
+There is plenty more that could be done to make the attacker's work even
+harder. But it would require compiling a C extension or, even better,
+compiling a custom python interpreter. If you think you'd like to go down that
+road, I provide distributing-pyton-apps consulting and for a modest fee
+I'll be happy to (a) talk you out of it, or (b) implement something for you.
+
+
+Sounds awesome, how do I use it?
+--------------------------------
+
+If you're just using py2exe, py2app or cxfreeze in their basic form, you
+can just call the "mangler" script with the path to your frozen app:
+
+ mangler /path/to/frozen/application
+
+
+This will generate a new mangling key, mangle the frozen bytecode using it,
+and patch the executables to correctly load the mangled bytecode. Easy.
+
+For more complicated scenarios, well, I haven't for around to fixing the API
+yet. Bear with me.
+
+
@@ -0,0 +1,81 @@
+"""
+
+mangler: bytecode mangler for frozen python apps
+=================================================
+
+Mangler is a tool to obfuscate the bytecode of your frozen python applications.
+It makes it (slightly) harder for someone to take code from your app and use
+it for their own evil ends.
+
+Mangler works with the output of py2exe, py2app and cxfreeze. Support for
+bbfreeze and pyinstaller will be added eventually; if you desparately need
+such support you can slip me a fifty and I'll get right on it...
+
+
+Is it secure?
+-------------
+
+It's as secure as possible. Which is to say: no, it's not. A determined
+attacker will be able to obtain the unobfuscated bytecode of your program,
+decompile it to an approximation of your source code, and have his/her wicked
+way with the result.
+
+But remember: such reverse engineering is possible to some degree with *any*
+application, written in any language. Anyone who says differently is selling
+you snake oil.
+
+What mangler can do is make it harder. A standard frozen python application
+basically ships with a big zipfile of all your code in an easily decompiled
+form. Mangler applies some simple byte-level mangling to the contents of this
+zipfile, meaning extra work for someone who wants to get at its contents.
+
+There is plenty more that could be done to make the attacker's work even
+harder. But it would require compiling a C extension or, even better,
+compiling a custom python interpreter. If you think you'd like to go down that
+road, I provide distributing-pyton-apps consulting and for a modest fee
+I'll be happy to (a) talk you out of it, or (b) implement something for you.
+
+
+Sounds awesome, how do I use it?
+--------------------------------
+
+If you're just using py2exe, py2app or cxfreeze in their basic form, you
+can just call the "mangler" script with the path to your frozen app:
+
+ mangler /path/to/frozen/application
+
+
+This will generate a new mangling key, mangle the frozen bytecode using it,
+and patch the executables to correctly load the mangled bytecode. Easy.
+
+For more complicated scenarios, well, I haven't for around to fixing the API
+yet. Bear with me.
+
+
+"""
+
+__ver_major__ = 0
+__ver_minor__ = 1
+__ver_patch__ = 0
+__ver_sub__ = ""
+__version__ = "%d.%d.%d%s" % (__ver_major__,__ver_minor__,__ver_patch__,__ver_sub__)
+
+
+import sys
+import os
+
+
+def mangle(appdir):
+ """Mangle the bytecode for a frozen python application."""
+ pass
+
+
+def main(argv=None):
+ if argv is None:
+ argv = sys.argv
+
+
+if __name__ == "__main__":
+ main()
+
+
@@ -0,0 +1,29 @@
+
+import os
+import unittest
+
+import mangler
+
+
+class TestManglerDocstring(unittest.TestCase):
+
+ def test_readme_matches_docstring(self):
+ """Ensure that the README is in sync with the docstring.
+
+ This test should always pass; if the README is out of sync it just
+ updates it with the contents of mangler.__doc__.
+ """
+ dirname = os.path.dirname
+ readme = os.path.join(dirname(dirname(__file__)),"README.rst")
+ if not os.path.isfile(readme):
+ f = open(readme,"wb")
+ f.write(mangler.__doc__.encode())
+ f.close()
+ else:
+ f = open(readme,"rb")
+ if f.read() != mangler.__doc__:
+ f.close()
+ f = open(readme,"wb")
+ f.write(mangler.__doc__.encode())
+ f.close()
+
@@ -0,0 +1,70 @@
+
+import sys
+setup_kwds = {}
+
+
+# Use setuptools if available.
+# We need it for 2to3 integration on python3.
+# Otherwise, fall back to plain old distutils.
+try:
+ from setuptools import setup
+except ImportError:
+ if sys.version_info > (3,):
+ raise RuntimeError("python3 support requires setuptools")
+ from distutils.core import setup
+else:
+ if sys.version_info > (3,):
+ setup_kwds["use_2to3"] = True
+
+
+# Extract the docstring and version declaration from the module.
+# To avoid errors due to missing dependencies or bad python versions,
+# we explicitly read the file contents up to the end of the version
+# delcaration, then exec it ourselves.
+info = {}
+src = open("mangler/__init__.py")
+lines = []
+for ln in src:
+ lines.append(ln)
+ if "__version__" in ln:
+ for ln in src:
+ if "__version__" not in ln:
+ break
+ lines.append(ln)
+ break
+exec("".join(lines),info)
+
+
+NAME = "mangler"
+VERSION = info["__version__"]
+DESCRIPTION = "bytecode mangler for frozen python apps"
+LONG_DESC = info["__doc__"]
+AUTHOR = "Ryan Kelly"
+AUTHOR_EMAIL = "ryan@rfk.id.au"
+URL="http://github.com/rfk/mangler"
+LICENSE = "MIT"
+KEYWORDS = "freeze frozen py2exe bytecode obfuscate"
+CLASSIFIERS = [
+ "Programming Language :: Python",
+ "Programming Language :: Python :: 2",
+ "Programming Language :: Python :: 3",
+ "License :: OSI Approved",
+ "License :: OSI Approved :: MIT License",
+ "Development Status :: 4 - Beta",
+ "Intended Audience :: Developers",
+]
+
+setup(name=NAME,
+ version=VERSION,
+ author=AUTHOR,
+ author_email=AUTHOR_EMAIL,
+ url=URL,
+ description=DESCRIPTION,
+ long_description=LONG_DESC,
+ license=LICENSE,
+ keywords=KEYWORDS,
+ packages=["mangler"],
+ classifiers=CLASSIFIERS,
+ **setup_kwds
+ )
+

0 comments on commit bca11f9

Please sign in to comment.