Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Anyway to stop full decryption and decompiling? #26

Open
VeNoMouS opened this issue Sep 24, 2019 · 2 comments
Open

Anyway to stop full decryption and decompiling? #26

VeNoMouS opened this issue Sep 24, 2019 · 2 comments
Assignees
@theonewolf
Labels
question Further information is requested

Comments

@VeNoMouS
Copy link

ie you can simply

#!/usr/bin/python3
from pyce._crypto import decryptf

with open('output.pyc', 'wb') as output:
    output.write(decryptf('./__init__.pyce', '3e8a6f52eb5b41e0883c594dc026c70aa04258790ca71259d9d1c1bf47cfc0aa'))

Then use uncompyle6 output.pyc to get full source..

if you have to use 3rd party to encrypt the source, what is the point in this module?
@theonewolf
Copy link
Member

@VeNoMouS could you describe your attack model in more detail? Would the attacker have full root access to a system when you execute? Would they be able to do code injection? Would they start with only access to your .pyce files?

Typically, what you're talking about is restricted by key distribution techniques which is not within the scope of this module.

This module handles the low-level encrypt/decrypt operations, but where the keys come from is up to you or your organization. For example, you could run a key server on the Internet and only provide them to licensed users.

Obviously, your code has to decrypt somewhere before hitting the CPU. Attackers could get the code at any point during that window of execution.

For example, a cloud provider could read the RAM of your VM and take the decrypted code from pages in your memory.

What matters here is:

  1. Your attack model
  2. Your key distribution technique

@theonewolf theonewolf self-assigned this Sep 25, 2019
@theonewolf theonewolf added the question Further information is requested label Sep 25, 2019
@VeNoMouS
Copy link
Author

To recap this, if you had the pyce and you had the key, you can simply decode the whole thing without execution... with what i outlined in the original post.

The whole "key distribution technique" argument is head in a paper bag response, your simply pushing the issue/problem of this flaw back onto the user.

I originally looked at this project to distribute private code to users without them reverse engineering my work...

But once ANYONE has a key you can simply reverse engineer all the way back to source,

pyarmor is a better approach in the fact decryption is closed source and only distributed in binary form

While yes, you can place traces around the stack and still reverse engineer but that will take far more time / effort than the ~3 lines of code I provided to convert back to source that it takes with this project.

I'm sorry but I fail to see how this project is designed for distributed code encryption, when it can be reversed to full source so easily.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@theonewolf theonewolf

Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@theonewolf @VeNoMouS