Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent parameter keyword obfuscation #29

Open
fgarit opened this issue Feb 26, 2018 · 4 comments
Open

Prevent parameter keyword obfuscation #29

fgarit opened this issue Feb 26, 2018 · 4 comments

Comments

@fgarit
Copy link

fgarit commented Feb 26, 2018

I have another issue with the tool that may again come from a certain misunderstanding.
This time, it requires flash to me installed on the computer.

I've a test.py script:

from flask import Flask

proxy = Flask(__name__)

proxy.run(host='0.0.0.0', port=5000, debug=True, threaded=True)

And my opy_config.txt file

obfuscate_strings = True
obfuscated_name_tail = '_opy_'
plain_marker = '_opy_'
pep8_comments = True

source_extensions = '''
py
pyx
'''

skip_extensions = '''
pyc
'''

skip_path_fragments = '''
opy.py
'''

external_modules = '''
flask
'''

plain_files = '''
opy_config.txt
'''

plain_names = '''
opy
test
'''

The result is the following:

# coding: UTF-8
import sys
l1l1_opy_ = sys.version_info [0] == 2
l11ll_opy_ = 2048
l1l_opy_ = 7
def l1l11_opy_ (l111_opy_):
    global l111l_opy_
    l1lll_opy_ = ord (l111_opy_ [-1])
    l1ll_opy_ = l111_opy_ [:-1]
    l11l_opy_ = l1lll_opy_ % len (l1ll_opy_)
    l11_opy_ = l1ll_opy_ [:l11l_opy_] + l1ll_opy_ [l11l_opy_:]
    if l1l1_opy_:
        l1l1l_opy_ = l11l1_opy_ () .join ([l1_opy_ (ord (char) - l11ll_opy_ - (l1ll1_opy_ + l1lll_opy_) % l1l_opy_) for l1ll1_opy_, char in enumerate (l11_opy_)])
    else:
        l1l1l_opy_ = str () .join ([chr (ord (char) - l11ll_opy_ - (l1ll1_opy_ + l1lll_opy_) % l1l_opy_) for l1ll1_opy_, char in enumerate (l11_opy_)])
    return eval (l1l1l_opy_)
from flask import Flask
proxy = Flask(__name__)
proxy.run(host=l1l11_opy_ (u"ࠫ࠵࠴࠰࠯࠲࠱࠴ࠬࠀ"), port=5000, debug=True, ll_opy_=True)

The interesting part is the change from:

proxy.run(host='0.0.0.0', port=5000, debug=True, threaded=True)

to:

proxy.run(host=l1l11_opy_ (u"ࠫ࠵࠴࠰࠯࠲࠱࠴ࠬࠀ"), port=5000, debug=True, ll_opy_=True)

Checkout https://github.com/pallets/flask/blob/master/flask/app.py def run line 840. It looks like opy knows not to rename the host, port and debug keywords before of the fonction declaration def run(self, host=None, port=None, debug=None, load_dotenv=True, **options):. But to me it's an issue that the threaded keyword is renamed.

I am again wondering if this is the intended behavior and if I'm missing something here.

Thank you
@HumanAgainstMachine
Copy link

Hello, here similar dilemma: instructions misunderstandig or bug?

test.py

import tkinter

root = tkinter.Tk()

menu_bar = tkinter.Menu(root)
root.config(menu=menu_bar)

a_menu = tkinter.Menu(menu_bar, tearoff=0)
menu_bar.add_cascade(label="Menu", menu=a_menu)		

root.mainloop()

opy_config.txt

obfuscate_strings = True
obfuscated_name_tail = '_opy_'  
plain_marker = '_opy_'          
pep8_comments = True            
                                
source_extensions = '''
py
pyx
'''

skip_extensions = '''
pyc
'''

skip_path_fragments = '''
test_dummy
'''

external_modules = '''
re
os
sys
errno
keyword
importlib
random
codecs
shutil
tkinter
'''

plain_files = '''
opy_config.txt
'''

plain_names = '''
opy
poly_walker_test
test
'''

obfuscation results in

import sys
l1lllll_opy_ = sys.version_info [0] == 2
l11111l_opy_ = 2048
l11llll_opy_ = 7
def l1_opy_ (l1111l1_opy_):
    global l11l_opy_
    l1l1ll1l_opy_ = ord (l1111l1_opy_ [-1])
    l1ll11l1_opy_ = l1111l1_opy_ [:-1]
    l1ll1l_opy_ = l1l1ll1l_opy_ % len (l1ll11l1_opy_)
    l1lll1ll_opy_ = l1ll11l1_opy_ [:l1ll1l_opy_] + l1ll11l1_opy_ [l1ll1l_opy_:]
    if l1lllll_opy_:
        l1ll11ll_opy_ = l1ll1_opy_ () .join ([l1ll1ll_opy_ (ord (char) - l11111l_opy_ - (l111l1_opy_ + l1l1ll1l_opy_) % l11llll_opy_) for l111l1_opy_, char in enumerate (l1lll1ll_opy_)])
    else:
        l1ll11ll_opy_ = str () .join ([chr (ord (char) - l11111l_opy_ - (l111l1_opy_ + l1l1ll1l_opy_) % l11llll_opy_) for l111l1_opy_, char in enumerate (l1lll1ll_opy_)])
    return eval (l1ll11ll_opy_)
import tkinter
root = tkinter.Tk()
l111lll1_opy_ = tkinter.Menu(root)
root.config(menu=l111lll1_opy_)
l111llll_opy_ = tkinter.Menu(l111lll1_opy_, l11l1111_opy_=0)
l111lll1_opy_.add_cascade(label=l1_opy_ (u"ࠥࡑࡪࡴࡵࠣࢋ"), menu=l111llll_opy_)
root.mainloop()

Running the obfuscated one I get

_tkinter.TclError: unknown option "-l11l1111_opy

because Tkinter module expects the parameter keyword tearoff

Any suggestions?

@tonysepia
Copy link

+1

@bbarn3y
Copy link

bbarn3y commented May 10, 2019

+1

Has there been any progress with this issue?

@BuvinJT
Copy link

BuvinJT commented May 10, 2019

Not yet. There is a very similar / overlapping request regarding dictionary keys. I'll try to work on these matters sometime in my Opy Fork, where development of Opy remains active.

https://pypi.org/project/opy-distbuilder/
https://github.com/QQuick/Opy/tree/opy_distbuilder

I recommend checking out my "DistBuilder" project. It's only in alpha, but it is a larger scale project that encompasses Opy and adds features over the top of it. Notably, an "OpyPatch" provides a stop gap means for dealing with glitches of this nature.

https://distribution-builder.readthedocs.io/en/latest/
https://distribution-builder.readthedocs.io/en/latest/ConfigClasses/#opypatch
https://github.com/BuvinJT/distbuilder
https://pypi.org/project/distbuilder/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@tonysepia @HumanAgainstMachine @bbarn3y @fgarit @BuvinJT