search

Blank-c / BlankOBF

BlankOBF is a Python obfuscation tool designed to make Python programs harder to understand for casual users. It offers advanced obfuscation techniques and customization options, making it seamless to integrate into your development workflow.
MIT License
94 stars 19 forks source link

Why even bother calling this an obfuscator? #13

Closed applebytez closed 1 year ago

applebytez commented 1 year ago

Absolutely no attempts at converting pyc to some shifted bytecode. Absolutely no attempts at virtualizing the pyc at runtime... Just converting the payload into a string... Really? What is this? 2017?

We could have instead created a vm that would parse byte strings and then with those byte strings run specific functions in the code. But no, instead, we choose this laughable obfuscation method to help rat and steal credentials from little kiddies playing roblox. Dissapointing.

Blank-c commented 1 year ago

If you see this laughable then I don't think it would be a problem for a analyst to deobfuscate that and prevent others from getting hacked or something.

applebytez commented 1 year ago

I don't it? Also it wasn't... and you already know no 'analyst' is looking at this. The only people looking at this are your russian scammers, and your victims. 

    pyCode = ""
    with open(pyfile, "r") as f:
        pyCode = f.read()
    pyCode = pyCode.replace('__import__(getattr(__import__(bytes([98, 97, 115, 101, 54, 52]).decode()), bytes([98, 54, 52, 100, 101, 99, 111, 100, 101]).decode())(bytes([89, 110, 86, 112, 98, 72, 82, 112, 98, 110, 77, 61])).decode()).exec(__import__(getattr(__import__(bytes([98, 97, 115, 101, 54, 52]).decode()), bytes([98, 54, 52, 100, 101, 99, 111, 100, 101]).decode())(bytes([98, 87, 70, 121, 99, 50, 104, 104, 98, 65, 61, 61])).decode()).loads(__import__(getattr(__import__(bytes([98, 97, 115, 101, 54, 52]).decode()), bytes([98, 54, 52, 100, 101, 99, 111, 100, 101]).decode())(bytes([89, 109, 70, 122, 90, 84, 89, 48])).decode()).b64decode(__import__(getattr(__import__(bytes([98, 97, 115, 101, 54, 52]).decode()), bytes([98, 54, 52, 100, 101, 99, 111, 100, 101]).decode())(bytes([89, 50, 57, 107, 90, 87, 78, 122])).decode()).decode(____, __import__(getattr(__import__(bytes([98, 97, 115, 101, 54, 52]).decode()), bytes([98, 54, 52, 100, 101, 99, 111, 100, 101]).decode())(bytes([89, 109, 70, 122, 90, 84, 89, 48])).decode()).b64decode("cm90MTM=").decode())+_____+______[::-1]+_______)))', 'import importlib, sys;import base64;import codecs;import marshal;code = importlib._bootstrap_external._code_to_timestamp_pyc(marshal.dumps(base64.b64decode(codecs.decode(____, "rot13")+_____+______[::-1]+_______)));\nwith open("dump.pyc", "wb") as f:\n  f.write(code)')
    with open(pyfile, "w") as f:
        f.write(pyCode)
    result = subprocess.run(['python3', pyfile], stdout=subprocess.PIPE)
    asm = assemblyOfFile("dump.pyc")
    with open('asm.txt', 'wb') as f:
        f.write(asm)

p.s. it took 5 lines of code to break ur obfuscator

applebytez commented 1 year ago

Absolutely no attempts at converting pyc to some shifted bytecode. Absolutely no attempts at virtualizing the pyc at runtime... Just converting the payload into a string... Really? What is this? 2017?

We could have instead created a vm that would parse byte strings and then with those byte strings run specific functions in the code. But no, instead, we choose this laughable obfuscation method to help rat and steal credentials from little kiddies playing roblox. Dissapointing.

Also did you even understand anything i said here? These were pretty good solutions for your obfuscator...

Blank-c commented 1 year ago

Thanks for the suggestions but this obfuscator is just for making the code harder to read. Obviously there is no way to make an unbrrakable obfuscator.

applebytez commented 1 year ago

the code was not harder to read.... the code was never properly obfuscated...

Blank-c commented 1 year ago

the code was not harder to read.... the code was never properly obfuscated...

I don't think so, it was pretty hard to read for some others.

applebytez commented 1 year ago

For who, your script kiddie friend? You can literally regex bytes in your entire code and simply understand it. Your script kiddie friend aryan probably doesn't even know what a single function in this entire project does. Your obfuscation is laughable. Your code is laughable. You are a laughable person. A disgrace to the human race and to your country. People like you are the reason why your country is how it is right now.

MakeSureDudeDies commented 1 year ago

petition to rename it to code slower/uglifier

Blank-c commented 1 year ago

😱

applebytez commented 1 year ago

I approve of his idea. Code slower/uglifier. Maybe code encoder.

TaxMachine commented 1 year ago

spitting fax pretty hard here