search

soroco / pyce

Encrypted Python Execution
Apache License 2.0
198 stars 26 forks source link

Anyway to stop full decryption and decompiling? #26

Open VeNoMouS opened 5 years ago

VeNoMouS commented 5 years ago

ie you can simply

#!/usr/bin/python3
from pyce._crypto import decryptf

with open('output.pyc', 'wb') as output:
    output.write(decryptf('./__init__.pyce', '3e8a6f52eb5b41e0883c594dc026c70aa04258790ca71259d9d1c1bf47cfc0aa'))

Then use uncompyle6 output.pyc to get full source..

if you have to use 3rd party to encrypt the source, what is the point in this module?

theonewolf commented 5 years ago

@VeNoMouS could you describe your attack model in more detail? Would the attacker have full root access to a system when you execute? Would they be able to do code injection? Would they start with only access to your .pyce files?

Typically, what you're talking about is restricted by key distribution techniques which is not within the scope of this module.

This module handles the low-level encrypt/decrypt operations, but where the keys come from is up to you or your organization. For example, you could run a key server on the Internet and only provide them to licensed users.

Obviously, your code has to decrypt somewhere before hitting the CPU. Attackers could get the code at any point during that window of execution.

For example, a cloud provider could read the RAM of your VM and take the decrypted code from pages in your memory.

What matters here is:

  1. Your attack model
  2. Your key distribution technique
VeNoMouS commented 4 years ago

To recap this, if you had the pyce and you had the key, you can simply decode the whole thing without execution... with what i outlined in the original post.

The whole "key distribution technique" argument is head in a paper bag response, your simply pushing the issue/problem of this flaw back onto the user.

I originally looked at this project to distribute private code to users without them reverse engineering my work...

But once ANYONE has a key you can simply reverse engineer all the way back to source,

pyarmor is a better approach in the fact decryption is closed source and only distributed in binary form

While yes, you can place traces around the stack and still reverse engineer but that will take far more time / effort than the ~3 lines of code I provided to convert back to source that it takes with this project.

I'm sorry but I fail to see how this project is designed for distributed code encryption, when it can be reversed to full source so easily.