Post on 16-Jun-2015
description
binary packaging
and distribution of your client apps
Multiplatform
WHO AM I?
AGENDA
Motivation
Process
Security
Efficiency
wHO AM I?Julia S.Simon!Software Engineer (in Test)! @hithwen! juliassimon
! ! Love:!! ! ! - skiing - diving!! ! ! - LARPS!! ! ! - making ice cream!! ! ! - baking bread!! ! !
Motivation
Let’s move to Python
but They’ll copy our
code
Let me do Some
research…
Motivation
• Python was not designedto be obfuscated!
• That's against the language's philosophy!
• Everything in Python is open
Python is not the tool
you need
Even compiled programs can be reverse-engineered
Obfuscation is really
hard
Code protection is
overrated
Having a legal
requirement is a good way
to go
They hack windows all
the time
Quit your job
Crazy, Over the rainbow, I am crazy,
Bars in the window. There must have been a door there in the wall
When I came in. Crazy, over the rainbow, he is crazy.
ONE DOES NOT SIMPLY
OBFUSCATE PYTHON
Motivation
ProcessHow to
CYTHONIZEConvert to .c Compile native
extensionsCreate executable For different
platforms
1. 2. 3. 4.
SETUP PyInstall PAckage
9
ProcessCythonize
c_files = [] for dir_ in included_dirs: for dirname, dirnames, filenames in os.walk(dir_): if 'test' in dirnames: dirnames.remove('test') for filename in filenames: file_ = os.path.join(dirname, filename) stripped_name = os.path.relpath(file_, biicode_python_path) file_name, extension = os.path.splitext(stripped_name) if extension == '.py': target_file = os.path.join(src_dir, file_name + '.c') if filename not in ignored_files: c_files.append(stripped_name.replace('.py', '.c')) file_dir = os.path.dirname(target_file) if not os.path.exists(file_dir): os.makedirs(file_dir) extension = cythonize(stripped_name, force=force_compile, build_dir=src_dir) return c_files
10
Processsetup
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
modules = [] for c_file in abs_path_c_files: relfile = os.path.relpath(c_file, src_dir) filename = os.path.splitext(relfile)[0] extName = filename.replace(os.path.sep, ".") extension = Extension(extName,sources=[c_file], define_macros=[('PYREX_WITHOUT_ASSERTIONS',None)]) modules.append(extension) if platform.system() != 'Windows': cflags = sysconfig.get_config_var('CFLAGS') opt = sysconfig.get_config_var('OPT') sysconfig._config_vars['CFLAGS'] = cflags.replace(' -g ', ' ') sysconfig._config_vars['OPT'] = opt.replace(' -g ', ' ') if platform.system() == 'Linux': ldshared = sysconfig.get_config_var('LDSHARED') sysconfig._config_vars['LDSHARED'] = ldshared.replace(' -g ', ' ') elif platform.system() == 'Darwin': for key in ['CONFIG_ARGS', 'LIBTOOL', 'PY_CFLAGS', 'CFLAGS']: value = sysconfig.get_config_var(key) if value: sysconfig._config_vars[key] = value.replace('-mno-fused-madd', '') sysconfig._config_vars[key] = value.replace('-DENABLE_DTRACE', '')
Processsetup
abs_path_c_files = [os.path.join(src_dir, c) for c in c_files] setup(name="bii", version=VERSION, script_name='setup.py', script_args=['build_ext'], packages=['biicode'], ext_modules=modules)
ProcessPyInstall: Fake main
import biicode.client.shell.bii import biicode.client if False: # Third party imports biicode.client.shell.bii.main(sys.argv[1:])
ProcessPyInstall: spec
a.datas += Tree('BII_SRC_PATH/biicode/client/setups/images', prefix = 'images') dict_tree = Tree('MIMER_PATH', prefix = 'mimer', excludes=["*.pyc"]) # This package is a gittler non pypip dependency # It contains dynamically loadable resources that are not # automatically included by pyinstaller a.datas += dict_tree a.datas += Tree('CRYPTO_PATH', prefix='Crypto', excludes=["*.pyc"]) a.binaries += Tree('BII_COMPILED_PATH/biicode', prefix='biicode')
SecurityCan they know it is python?
Yes as is not packaged as a simple executable and you can see the all the files in there. !
But even if it was (much slower) widely available tools will tell you
SecurityWhat can they see?
They can import your native extensions (even if you packaged as single file), so they can reverse engineer them. !
They can see all method names and, if you din’t tell Cython not to include them, your docstrings.
Tim
e (s
)
0s
3,333s
6,667s
10s
Number of processed files
54 422 459 2130
Native Python
EfficiencyPython vs native extensions
+32%
16
+7%
Read More
• Compiling your python application with Cython!• Packaging a compiled app with PyInstaller!• Automating DEB pkg generation!• Automating MacOS pkg generation!• How to do your own Windows Installer!• C vs Python
Blog posts
Questions ?
Thanks