开源最前线(ID:OpenSourceTop) 猿妹整编
链接:https://github.com/huntzhan/pywhlobf
代码混淆是项目上线前必不可少的一部分操作,比如一个Android程序,下载安装包的APK文件后,使用一些反编译工具,就可以将整个应用的Java源代码反编译出来,如果不想让这种情况发生,就需要代码混淆,这样一来可以隐藏代码逻辑,加大别人看出来的难度。
大多数的代码混淆工具是将代码中各种有意义的变量名、函数名都用简单的几个字母组合来表示,还有就是将一些等价的代码逻辑转换一下,比如将for循环改成while循环,将while循环改成for循环等。
今天,猿妹就和大家分享一个代码混淆工具——pywhlobf,这是一个Python代码替换工具,输入为wheel格式分发包(然后,你首先得执行如python -m build --wheel的命令将项目打成wheel包,然后才能使用本工具),输出为替换后的wheel包。所有的.pyPython文件将会被编译替换为目标平台的.so文件,从而达到替代/保护代码的目的。
下列镜像基于pypa / manylinux提供的基础镜像构建,镜像的标签格式为
-
。完整的镜像列表见pywhlobf /标签。如果您的运行环境不属于下列平台(如希望混淆后的包可以在MacOS的或的Windows上执行),你需要在目标运行环境手动从PyPI安装pywhlobf:
-
pywhlobf/pywhlobf:0.1.3-manylinux1_x86_64
-
pywhlobf/pywhlobf:0.1.3-manylinux1_i686
-
pywhlobf/pywhlobf:0.1.3-manylinux2010_x86_64
-
pywhlobf/pywhlobf:0.1.3-manylinux2010_i686
-
pywhlobf/pywhlobf:0.1.3-manylinux2014_x86_64
-
pywhlobf/pywhlobf:0.1.3-manylinux2014_i686
# 输出帮助文档。
docker run \
--rm -it \
--user "$(id -u):$(id -g)" \
-e PYTHON_ABI_TAG=cp36-cp36m \
pywhlobf/pywhlobf:0.1.2-manylinux2014_x86_64 \
--help
"/home/pywhlobf"
PYWHLOBF=/opt/python/cp36-cp36m/bin/pywhlobf
NAME
pywhlobf
SYNOPSIS
pywhlobf INPUT_WHL_OR_FOLDER OUTPUT_FOLDER
POSITIONAL ARGUMENTS
INPUT_WHL_OR_FOLDER
Path to the input wheel file, or the folder containing wheel file(s).
OUTPUT_FOLDER
Path to the output folder.
FLAGS
--temp_folder=TEMP_FOLDER
Type: Optional[]
Default: None
Path to the root of temporary folder.
--compiler_options=COMPILER_OPTIONS
Type: Optional[]
Default: None
If provided, should be a dict containing only the supported keys of `Cython.Compiler.Options`, as shown in `https://cython.readthedocs.io/en/latest/src/userguide/source_files_and_compilation.html#compiler-options`. Example: --compiler_options='{"docstrings": False}'
--cythonize_options=CYTHONIZE_OPTIONS
Type: Optional[]
Default: None
If provided, should be a dict containing only the supported parameters of `Cython.Build.cythonize, as shown in `https://cython.readthedocs.io/en/latest/src/userguide/source_files_and_compilation.html#Cython.Build.cythonize` and `https://github.com/cython/cython/blob/9a761a637fce6a7b70735ae2248963d63e569e14/Cython/Compiler/Options.py#L566` Example: --cythonize_options='{"compiler_directives": {"emit_code_comments": False}}'
--processes=PROCESSES
Type: Optional[]
Default: None
The number of worker processes to use. All CPUs are used by default.
--show_warning=SHOW_WARNING
Default: False
If set, show the build warnings.
--abi_tag=ABI_TAG
Type: Optional[]
Default: None
If set, hardcode the ABI tag within the output wheel filename to this one.
--platform_tag=PLATFORM_TAG
Default: 'manylinux2014_x86_64'
If set, hardcode the platform tag within the output wheel filename to this one.
NOTES
You can also use flags syntax for POSITIONAL ARGUMENTS
OUTPUT
# 下载 wheel-0.36.2-py2.py3-none-any.whl。
curl \
'https://files.pythonhosted.org/packages/65/63/39d04c74222770ed1589c0eaba06c05891801219272420b40311cd60c880/wheel-0.36.2-py2.py3-none-any.whl' \
--output 'wheel-0.36.2-py2.py3-none-any.whl'
# 混淆 wheel-0.36.2-py2.py3-none-any.whl
# 注意:`-v "$(pwd)":/data` 会挂载当前工作路径至容器中的 /data 路径。
docker run \
--rm -it \
--user "$(id -u):$(id -g)" \
-e PYTHON_ABI_TAG=cp36-cp36m \
-v "$(pwd)":/data \
pywhlobf/pywhlobf:0.1.2-manylinux2014_x86_64 \
'/data/wheel-0.36.2-py2.py3-none-any.whl' \
'/data/tmp'
"/home/pywhlobf"
PYWHLOBF=/opt/python/cp36-cp36m/bin/pywhlobf
[INFO] Processing /data/wheel-0.36.2-py2.py3-none-any.whl...
[INFO] input_whl=/data/wheel-0.36.2-py2.py3-none-any.whl
[INFO] distribution=wheel, version=0.36.2, build_tag=None
[INFO] extract_folder=/tmp/tmpt_epivyo
[INFO] Build options: compiler_options=None, cythonize_options=None, processes=None
[INFO] Building 16 python files...
[INFO] The following source files are removed:
[INFO] wheel/__main__.py
[INFO] wheel/macosx_libfile.py
[INFO] wheel/__init__.py
[INFO] wheel/pkginfo.py
[INFO] wheel/metadata.py
[INFO] wheel/wheelfile.py
[INFO] wheel/util.py
[INFO] wheel/bdist_wheel.py
[INFO] wheel/vendored/__init__.py
[INFO] wheel/vendored/packaging/__init__.py
[INFO] wheel/vendored/packaging/_typing.py
[INFO] wheel/vendored/packaging/tags.py
[INFO] wheel/cli/pack.py
[INFO] wheel/cli/__init__.py
[INFO] wheel/cli/convert.py
[INFO] wheel/cli/unpack.py
[INFO] Repacking...
[INFO] output_whl_name=wheel-0.36.2-cp36-cp36m-manylinux2014_x86_64.whl
[INFO] output_whl=/data/tmp/wheel-0.36.2-cp36-cp36m-manylinux2014_x86_64.whl
[INFO] Done.
[INFO]
OUTPUT
cd tmp && ls -alh
6416
drwxr-xr-x 3
huntzhan staff 96B Feb 23 14:33 .
drwxr-xr-x 4 huntzhan staff 128B Feb 23 14:33 ..
-rw-r--r-- 1 huntzhan staff 3.1M Feb 23 14:33 wheel-0.36.2-cp36-cp36m-manylinux2014_x86_64.whl
OUTPUT
unzip wheel-0.36.2-cp36-cp36m-manylinux2014_x86_64.whl
-0.36.2-cp36-cp36m-manylinux2014_x86_64.whl
inflating: wheel/__init__.cpython-36m-x86_64-linux-gnu.so
inflating: wheel/__main__.cpython-36m-x86_64-linux-gnu.so
inflating: wheel/bdist_wheel.cpython-36m-x86_64-linux-gnu.so
inflating: wheel/macosx_libfile.cpython-36m-x86_64-linux-gnu.so
inflating: wheel/metadata.cpython-36m-x86_64-linux-gnu.so
inflating: wheel/pkginfo.cpython-36m-x86_64-linux-gnu.so
inflating: wheel/util.cpython-36m-x86_64-linux-gnu.so
inflating: wheel/wheelfile.cpython-36m-x86_64-linux-gnu.so
inflating: wheel/cli/__init__.cpython-36m-x86_64-linux-gnu.so
inflating: wheel/cli/convert.cpython-36m-x86_64-linux-gnu.so
inflating: wheel/cli/pack.cpython-36m-x86_64-linux-gnu.so
inflating: wheel/cli/unpack.cpython-36m-x86_64-linux-gnu.so
inflating: wheel/vendored/__init__.cpython-36m-x86_64-linux-gnu.so
inflating: wheel/vendored/packaging/__init__.cpython-36m-x86_64-linux-gnu.so
inflating: wheel/vendored/packaging/_typing.cpython-36m-x86_64-linux-gnu.so
inflating: wheel/vendored/packaging/tags.cpython-36m-x86_64-linux-gnu.so
inflating: wheel-0.36.2.dist-info/LICENSE.txt
inflating: wheel-0.36.2.dist-info/METADATA
inflating: wheel-0.36.2.dist-info/WHEEL
inflating: wheel-0.36.2.dist-info/entry_points.txt
inflating: wheel-0.36.2.dist-info/top_level.txt
inflating: wheel-0.36.2.dist-info/RECORD
OUTPUT
从 PyPI 安装
pip install pywhlobf
pywhlobf -- --help
示例:
pywhlobf wheel-0.36.2-py2.py3-none-any.whl ./tmp
<[INFO] input_whl=wheel-0.36.2-py2.py3-none-any.whl
[INFO] distribution=wheel, version=0.36.2, build_tag=None
[INFO] extract_folder=/var/folders/ts/x73fvp7d4g390cw9rx8cwkn80000gn/T/tmp7pb3euza
[INFO] Build options: compiler_options=None, cythonize_options=None, processes=None
[INFO] Building 16 python files...
[INFO] The following source files are removed:
[INFO] wheel/metadata.py
[INFO
