问题描述
可以反编译 .pyc 文件:反编译 Python 2.7 .pyc
It is possible to decompile .pyc files: Decompile Python 2.7 .pyc
是否可以编译"python 文件,所以存在人类不可读的代码,例如 c++ ->exe 二进制文件?..不像纯文本 .py 和 很容易恢复 .pyc 文件?(我不介意它是否可以通过暴力破解)
Is it possible to `compile` python files so there is a human-unreadable code, like the c++ -> exe binary file? ..unlike the plaintext .py and very easily recoverable .pyc files? (I don't mind if it can be cracked by brute force)
推荐答案
Python 是一种高度动态的语言,并且支持许多不同级别的内省.因此,混淆 Python 字节码是一项艰巨的任务.
Python is a highly dynamic language, and supports many different levels of introspection. Because of that, obfuscating Python bytecode is a mountainous task.
此外,您的嵌入式 python 解释器仍需要能够执行您的产品随附的字节码.如果解释器需要能够访问字节码,那么其他人也可以.加密无济于事,因为您仍然需要自己解密字节码,然后其他人才能从内存中读取字节码.混淆只会使默认工具更难使用,而不是无法使用.
Moreover, your embedded python interpreter will still need to be able to execute the bytecode you ship with your product. And if the interpreter needs to be able to access the bytecode, then everyone else can too. Encryption won't help, because you still need to decrypt the bytecode yourself and then everyone else can read the bytecode from memory. Obfuscation only makes default tools harder, not impossible to use.
话虽如此,要让非常困难读取应用程序的 Python 字节码,您必须这样做:
With that said, here is what you'd have to do to make it really bloody hard to read your application's Python bytecode:
为所有 python 操作码值重新分配一个 新 值.重新连接整个解释器,为不同的操作码使用不同的字节值.
Re-assign all python opcode values a new value. Rewire the whole interpreter to use different byte values for different opcodes.
尽可能多地删除自省功能.你的函数需要有闭包,而代码对象仍然需要常量,但是例如代码对象中的局部变量列表会很糟糕.中性 sys._getframe() 函数,斜线回溯信息.
Remove all as many introspection features as you can get away with. Your functions need to have closures, and codeobjects need constants still, but to hell with the locals list in the code object, for example. Neuter the sys._getframe() function, slash traceback information.
这两个步骤都需要深入了解 Python 解释器的工作原理,以及 Python 对象模型如何组合在一起.您肯定会引入难以解决的错误.
Both these steps require in-depth knowledge of how the Python interpreter works, and how the Python object model fits together. You will most certainly introduce bugs that will be hard to solve.
最后,你必须问问自己这是否值得.一个坚定的黑客仍然可以分析您的字节码,进行一些频率分析以重建操作码表,和/或为您的程序提供不同的操作码以查看发生了什么,并破译所有的混淆.创建转换表后,反编译字节码是轻而易举的事,重构代码也不远了.
In the end, you have to ask yourself if this is worth it. A determined hacker can still analyze your bytecode, do a some frequency analysis to reconstruct the opcode table, and / or feed your program different opcodes to see what happens, and decipher all the obfuscation. Once a translation table is created, decompiling your bytecode is a snap, and reconstructing your code is not far away.
如果您只想防止字节码文件被更改,请为您的 .pyc 文件嵌入校验和,并在启动时检查这些校验和.如果它们不匹配,则拒绝加载.有人会修补您的二进制文件以删除校验和检查或替换校验和,但您不必付出几乎同样多的努力来提供至少一些令牌保护以防篡改.
If all you want to do is prevent bytecode files from being altered, embed checksums for your .pyc files, and check those on startup. Refuse to load if they don't match. Someone will patch your binary to remove the checksum check or replace the checksums, but you won't have to put in nearly as much effort to provide at least some token protection from tampering.
这篇关于无法反编译的 Python的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!