[question] Obfuscating Python

[$Clone]

Okay i know python was not designed with obfuscation in mind but it doesn't hurt to try.
i found really neat obfuscated python codes online like this two below:

Code: (Python) [Select]

[#[#[#[#[#[#[#[#[# By TaroOgawa #]#]#]#]#]#]#]#]#]


                      globals()
                .update({   "______":
             lambda x:         globals()
             .update((         dict([[x]
                *2])))}),   ______(((
                      "Just")))
                ,______((   "another"
             )),______         ("Python"
          ),______(               "Hacker")
          ];print (               " ".join(
             [(Just),(         (another)
                ),(Python   ),Hacker]
                      ));______
                     


Code: (Python) [Select]

print ''.join('%(pre)s%(num)s %(bot)s on the wall, %(nul)s %(bot)s,\n%(tak)s\n' % (lambda c,b:
  {'pre':['','%s %s on the wall.\n\n' % (c,b)][abs(cmp(c,'Ninety-nine'))],
 'num':c, 'nul':c.lower(), 'bot':b,
 'tak':['Go to the store and buy some more... Ninety-nine %s.' % b,'Take one down, pass it around,'][abs(cmp(x,0))]
  })((lambda x,o: [(['Twenty','Thirty','Forty','Fifty',
  'Sixty','Seventy','Eighty','Ninety'][x/10-2]+'-'+o.lower()).replace('-no more',''), o][int(x<20)])(x, ['No more','One','Two',
  'Three','Four','Five','Six','Seven','Eight',
  'Nine','Ten','Eleven','Twelve','Thirteen','Fourteen',
  'Fifteen','Sixteen','Seventeen','Eighteen','Nineteen'][[x,x%10][int(x>=20)]]),'bottle%s of beer' % ['','s'][abs(cmp(x,1))])
  for x in xrange(99,-1,-1))

So i thought of try to get a reverse shell using python eval() function and base64 module for encrypting and decrypting.....so first test,print directory contents:

Code: (Python) [Select]



#test script to print current directory contents
[code=Python]

eval('''cmd="ls -l"; p=__import__("subprocess",globals(),locals(),['*'],-1);proc = p.Popen(cmd, shell=True, tdout=p.PIPE,stderr=p.PIPE, stdin=p.PIPE);out,err=proc.communicate(); out+err'''
);


using base64

Code: (Python) [Select]

eval("__import__('base64').b64decode("Y21kPSJscyAtbCI7cD1fX2ltcG9ydF9fKCJzdWJwcm9jZXNzIixnbG9iYWxzKCksbG9jYWxzKCksWycqJ10sLTEpO3Byb2MgPSBwLlBvcGVuKGNtZCwgc2hlbGw9VHJ1ZSwgc3Rkb3V0PXAuUElQRSxzdGRlcnI9cC5QSVBFLCBzdGRpbj1wLlBJUEUpO291dCxlcnI9cHJvYy5jb21tdW5pY2F0ZSgpO291dCtlcnI=\")")

i only get the output as the base64 decoded string nothing is executed by eval.
So my question is how can i get to execute python code using eval while its still encoded say base64 encoded.....an example is how php shells are encoded.
with os .system this worked well

shell

Code: (Python) [Select]

#python shell with system() call function
eval("__import__('os').system('/bin/sh -i')")

#also
eval("__import__('subprocess').call('/bin/sh -i')")




Code: (Python) [Select]


#python reverse shell
eval("p=__import__('subprocess',globals(),locals(),['*']),-1);p.call('/bin/sh -i');")

This is where things don't work out,once i have included the base64 eval just prints the decoded string.

base64 encoded to get shell running

Code: (Python) [Select]

#encode python code
eval("__import__('base64').b64decode('cD1fX2ltcG9ydF9fKCdzdWJwcm9jZXNzJyxnbG9iYWxzKCksbG9jYWxzKCksWycqJ10pLC0xKTtwLmN
hbGwoJy9iaW4vc2ggLWknKTs=')")

basically the code is not giving me results i wanted.....a shell with obfuscated code .help if you can......

[$Clone]

Hi, I think I can help you out with this problem.
You have to import all modules outside the exec()

[gist]d4rkcat/1fdcf95b2336a0f0e92e[/gist]

I see....python is not like php where you could upload a shell but its fun to play around with it......Cryptography[https://pypi.python.org/pypi/cryptography/0.2.1] api is better than pycrypto but it takes a while to get around it.

[d4rkcat]

I see....python is not like php where you could upload a shell but its fun to play around with it......Cryptography[https://pypi.python.org/pypi/cryptography/0.2.1] api is better than pycrypto but it takes a while to get around it.

Thats a very interesting statement.
Why is Cryptography library better than the pyCrypto library?
I'm genuinely interested as there is only one way to implement a cipher you don't have different 'qualities' of AES unless you talk key sizes or block cipher mode of operation. If you have the same key sizes and block cipher mode of operation then the 'quality' of the encryption should be identical.
Also I found using pyCrypto to be easier than picking up a can of beer.

Anyway you are welcome.

[Kulverstukas]

I've dealt with obfuscated Python code few years ago myself when I was reversing something. Specifically with this: https://evilzone.org/security-tools/pyobfuscate-python-source-code-obfuscator/

[d4rkcat]

I've dealt with obfuscated Python code few years ago myself when I was reversing something. Specifically with this: https://evilzone.org/security-tools/pyobfuscate-python-source-code-obfuscator/

Awesome, thanks for that!
I noticed z3ro in that thread saying that he would just freeze his scripts to prevent people reading the source. That doesn't work:
http://sourceforge.net/projects/pyinstallerextractor/
http://sourceforge.net/projects/py2exedumper/

EDIT: Just found a newer python obfuscator as it looks like pyobfuscate hasn't been updated in 11 years!:

https://github.com/liftoff/pyminifier

EDIT2: I take it back, that pyminifier shit is impossible to run on Kali, anyone been able to make it work on anything else?

[$Clone]

thnx for the python obfuscator links

d4rkcat code koala has this to say:

Code: [Select]



Warning
Please do not mistake this article for anything more than what it is: my feeble attempt at learning how to use PyCrypto. If you need to use encryption in your project, do not rely on this code. It is bad. It will haunt you. And some cute creature somewhere will surely die a painful death. Don't let that happen.
If you want encryption in Python, you may be interested in these libraries:
FernetPyNaCL


http://www.codekoala.com/posts/aes-encryption-python-using-pycrypto/