Python3代码工程化加密
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Python3代码工程化加密相关的知识,希望对你有一定的参考价值。
这几天公司的Python3需要加密,网上的文章要么提供思路不提供代码,要么加密之后自己都没法用了。。没办法只能自己写了
文章整体思路
1、修改python源码opcode为随机值
修改下载后的Python源码包中opcode值(opcode可以理解为python读取代码的坐标,比如一个变量的opcode是5,则cpython读取这个变量时是从第5个字符串开始读的),修改后会导致关键变量的opcode混乱,除了自己的环境外,其他人都执行和解密不了了
2、在修改好opcode的python环境,把所有py文件编译成pyc,然后删除原始py文件
修改opcode的脚本:
#!/usr/bin/env python2.7 # encoding:utf-8 #FileName scramble-opcodes.py __author__ = ‘mafei‘ import argparse import re import random import os python_version = ‘Python-3.5.3‘ regex_for_opcode_h = r‘^#define\s+(?P<name>[A-Z_]+)\s+(?P<code>\d+)(?P<extra>.*)‘ regex_for_opcode_py = r‘^(?P<key>[a-z_]+)+\(\‘+(?P<name>[A-Z_]+)+\‘+\,\s+(?P<code>\d+)(?P<extra>.*)‘ try: from importlib.machinery import SourceFileLoader except ImportError: import imp class replace_opcode(object): def __init__(self): self.replace_dict = {} self.not_have_argument_code_list = [] self.have_argument_code_list = [] def set_list(self, reg, file): f1 = open(file, ‘r+‘) infos = f1.readlines() f1.seek(0, 0) for line in infos: rex = re.compile(reg).match(line) if rex: if rex.group(‘name‘) in [‘CALL_FUNCTION‘, ‘CALL_FUNCTION_KW‘, ‘CALL_FUNCTION_EX‘, ‘CALL_FUNCTION_VAR‘, ‘CALL_FUNCTION_VAR_KW‘]: continue elif int(rex.group(‘code‘)) < 90: self.not_have_argument_code_list.append(int(rex.group(‘code‘))) else: self.have_argument_code_list.append(int(rex.group(‘code‘))) def replace_file(self, reg, file, is_update=False): if not is_update: self.set_list(reg, file) f1 = open(file, ‘r+‘) infos = f1.readlines() f1.seek(0, 0) for line in infos: rex = re.compile(reg).match(line) if rex: n = self.replace_code(rex, is_update) line = line.replace(rex.group(‘code‘), str(n)) f1.write(line) f1.close() def replace_code(self, rex, is_update): if is_update: try: n = self.replace_dict[rex.group(‘name‘)] except: n = rex.group(‘code‘) return n if rex.group(‘name‘) == "CALL_FUNCTION": n = int(rex.group(‘code‘)) elif rex.group(‘name‘) in [‘CALL_FUNCTION_KW‘, ‘CALL_FUNCTION_EX‘, ‘CALL_FUNCTION_VAR‘, ‘CALL_FUNCTION_VAR_KW‘]: n = int(rex.group(‘code‘)) else: if int(rex.group(‘code‘)) < 90: n = random.choice(self.not_have_argument_code_list) self.not_have_argument_code_list.remove(n) else: n = random.choice(self.have_argument_code_list) self.have_argument_code_list.remove(n) self.replace_dict[rex.group(‘name‘)] = n return n def run(self, source_directory): OPCODE_PY = ‘Lib/opcode.py‘ OPTARGETS_H = "Include/opcode.h" print source_directory print(‘start run......‘, os.path.join(source_directory, OPCODE_PY)) self.replace_file(reg=regex_for_opcode_py, file=os.path.join(source_directory, OPCODE_PY)) print(‘run {} end‘.format(os.path.join(source_directory, OPCODE_PY))) print(‘start run......‘, os.path.join(source_directory, OPCODE_PY)) self.replace_file(reg=regex_for_opcode_h, file=os.path.join(source_directory, OPTARGETS_H), is_update=True) print(‘run {} end‘.format(os.path.join(source_directory, OPTARGETS_H))) self.write_opcode_targets_contents() print(‘run {} end‘.format(os.path.join(source_directory, OPTARGETS_H))) def write_opcode_targets_contents(self, file=‘Python/opcode_targets.h‘): """Write C code contents to the target file object. """ targets = [‘_unknown_opcode‘] * 256 for opname, op in sorted(self.replace_dict.items(), key=lambda nc: nc[1]): targets[op] = "TARGET_%s" % opname with open(os.path.join(source_directory, file), ‘w‘) as f: f.write("static void *opcode_targets[256] = {\n") sep = ‘,%s‘ % os.linesep f.write(sep.join([" &&%s" % s for s in targets])) f.write("\n};\n") if __name__ == ‘__main__‘: parser = argparse.ArgumentParser(description=‘Scramble python opcodes table‘) parser.add_argument(‘--python-source‘, dest=‘src‘, type=str, help=‘Python source code‘, required=True) args = parser.parse_args() source_directory = os.path.abspath(args.src) # main(source_directory) replace_opcode_class = replace_opcode() replace_opcode_class.run(source_directory)
cd /opt/ 下载源码包 wget 解压 tar xJf Python-3.5.3.tar.xz
执行修改opcode操作
python scramble-opcodes.py --python-source=/opt/Python-3.5.3
#后面几步就是标准的python安装步骤啦
cd /opt/Python-3.5.3
./configure --prefix=/opt/python-3.5.3 && make && make install
加入系统路径
export PATH=/opt/python-3.5.3/bin/:$PATH 这时候执行python3就可以进入python3.5.3的修改opcode后的环境了
加密Python代码(一定要在修改过opcode的Python环境执行,否则不生效的)
#!/usr/bin/env python2.7 # encoding:utf-8 __author__ = ‘mafei‘ import os import subprocess import argparse import sys def compile_py3(source_dir): g = os.walk(source_dir) # compileall.compile_dir(source_dir, maxlevels=100) subprocess.check_output(‘{} -m compileall -b {}‘.format(sys.executable,source_dir)) for path,d,filelist in g: for filename in filelist: #对所有py文件进行加密并删除原始文件 if os.path.splitext(filename)[-1] ==‘.py‘: os.remove(os.path.join(path, filename)) print(‘compile {}‘.format(os.path.join(path, filename))) if __name__ == ‘__main__‘: parser = argparse.ArgumentParser(description=‘Scramble python opcodes table‘) parser.add_argument(‘--python-source‘, dest=‘src‘, type=str, help=‘Python source code‘, required=True) args = parser.parse_args() source_directory = os.path.abspath(args.src) compile_py3(source_directory)
本文出自 “马鹏飞” 博客,请务必保留此出处http://mapengfei.blog.51cto.com/1552412/1976189
以上是关于Python3代码工程化加密的主要内容,如果未能解决你的问题,请参考以下文章
对 python2 和 python3 使用相同的代码进行编码 + 加密 + 填充的问题
Express实战 - 应用案例- realworld-API - 路由设计 - mongoose - 数据验证 - 密码加密 - 登录接口 - 身份认证 - token - 增删改查API(代码片段