Деобфускация Pyarmor

mak

Соломенные сандалии
Администратор
Сообщения
575
Реакции
314
Пробегала тут тема по Pyarmor ..

Pyarmor - A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.
https://github.com/dashingsoft/pyarmor
https://github.com/dashingsoft/pyarmor/archive/refs/heads/master.zip

pyarmor-core
The core of PyArmor is written by C, the prebuilt dynamic libraries include the common platforms and some embeded platforms.
https://github.com/dashingsoft/pyarmor-core

pyarmor-webui
pyarmor-webui is a web-ui for pyarmor. It's a tool to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.
https://github.com/dashingsoft/pyarmor-webui

Install by pip:
pip install pyarmor-webui

Start it in the default web browser:
pyarmor-webui

A light-weigh web server will run on default port 9096 to serve the request of web pages. If this port is used by others, start it with other port. For example:
pyarmor-webui -p 9088

Only run the web server, do not open web browser:
pyarmor-webui -n

For more options:
pyarmor-webui -h

If it's not installed by pip, run pyarmor-webui by this way:
python server.py

Before that make sure pyarmor has been installed:
pip install pyarmor

PyArmor
PyArmor is a command line tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts. It protects Python scripts by the following ways:
  • Obfuscate code object to protect constants and literal strings.
  • Obfuscate co_code of each function (code object) in runtime.
  • Clear f_locals of frame as soon as code object completed execution.
  • Verify the license file of obfuscated scripts while running it.
Also refer to The Security of PyArmor

Support Platforms
  • Python 2.7 and Python3
  • Prebuilt Platform: win32, win_amd64, linux_i386, linux_x86_64, macosx_x86_64
  • Embedded Platform: Raspberry Pi, Banana Pi, Orange Pi, TS-4600 / TS-7600 and more
Refer to support platforms

Quick Start
Installation
pip install pyarmor
Obfuscate scripts
pyarmor obfuscate foo.py
Run obfuscated scripts
python dist/foo.py

Pack obfuscated scripts into one bundle

pip install pyinstaller
pyarmor pack foo.py

Obfuscate scripts with an expired license

pyarmor licenses --expired 2018-12-31 r001
pyarmor obfuscate --with-license licenses/r001/license.lic foo.py

There is also a web-ui package pyarmor-webui
pip install pyarmor-webui
Start webui, open web page in browser (snapshots)
pyarmor-webui

More usage, refer to
License & Purchase
PyArmor is published as shareware, free trial version never expires, but there are some limitations:
  • The trial version could not obfuscate the big scripts
  • The trial version uses same public capsule other than private capsule
  • The trial version could not download the latest dynamic library of extra platforms
For details, refer to PyArmor License.


Деобфускация

PyArmor deobfuscator tool
- Proof of concept PyArmor deobfuscator programs
https://github.com/nlscc/unpyarmor
https://github.com/nlscc/unpyarmor/archive/refs/heads/master.zip

unpyarmor
Proof of concept PyArmor deobfuscator programs

Usage
  • Extract the encrypted code from the obfuscated file (it should be inside a bytes string as the third argument to __pyarmor__). Write this as raw data to a file, say 'enc.bin'.
  • Run unpyarmor unpack enc.bin pytransform.key out.pyc, where out.pyc is a pyc file where the decrypted code will be written.
  • Use a python decompiler to decompile the decrypted pyc file, e.g. decompyle3 out.pyc or uncompyle6 out.pyc.
Missing
  • Python versions other than 3
  • Advanced mode
  • Super mode
  • Possibly some other modes
Note
This code is provided as-is and for educational purposes only, without support. If it doesn't work on your specific program, then you can debug it yourself.

unpyarmor - PyArmor deobfuscator / unpacker.
https://github.com/Kechinator/unpyarmor
https://github.com/Kechinator/unpyarmor/archive/refs/heads/master.zip

Usage
  • Extract the encrypted code from the obfuscated file (it should be inside a bytes string as the third argument to __pyarmor__). Write this as raw data to a file, say 'enc.bin'.
  • Run unpyarmor unpack enc.bin pytransform.key out.pyc, where out.pyc is a pyc file where the decrypted code will be written.
  • Use a python decompiler to decompile the decrypted pyc file, e.g. decompyle3 out.pyc or uncompyle6 out.pyc.
Missing
  • Python versions other than 3
  • Advanced mode
  • Super mode
  • Possibly some other modes
 
Верх Низ