Obfuscate Python Code With PyArmor

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

what is going on guys welcome back in today's video we're going to learn how to obfuscate python code so let's get right into [Music] it right so i do have a video on this channel already where i show you how to take a python script and compile it to bytecode which is also a kind of obfuscation so maybe you want to look at that video as well uh in today's video we're just going to take the code and make it less readable using a python library called pi armor which is a different kind of way to obfuscate the code keep in mind though when we're talking about python python is an interpreted language and usually you just use the python script the way they are yes you can obfuscate the code yes you can make it harder to read yes you can try to compile it but at the end of the day it's very easy to just read your python code to de-obfuscate it to decompile it so it's not the same as when you're working with c c plus plus where you're actually compiling a binary file python is running on the interpreter so essentially uh you will never really obfuscate your code the way you would do it with c c plus plus just keep that in mind however we're still going to look at this approach here and for that as i mentioned we're going to need an external python library and this python library is called pi armor so we say pip or pip 3 depending on your operating system install pi armor like that and uh in this case you can see the requirement already satisfied and all we need to do now is we need to create some basic python file and then we can obfuscate it with that tool so we can start with a very simple hello world example i'm just going to call this main py i'm going to say print hello world then i'm going to save this and i'm going to say now pi armor which is now a command line tool that we installed and we're going to say obfuscate main.py and you can see here a bunch of messages and then we see that we have this dist folder here so we can go into that and here we have also a main.py file so i can open it main.py and you can see now we have this uh code here again it's probably not too difficult to just reverse this to see what it uh what it's doing but it's at least not that you open the file and immediately see what it's doing so again i cannot mention this enough when you're obfuscating your code or compiling your code in python don't think that now all of a sudden if you publish this people will not understand what your code is doing it is not the same thing as compiling a complex c project or a c plus project but still you can see you open that file you don't really understand what it's doing even though it's just a hello world file it looks way too complicated for you to understand uh so this is how you can do that with a simple file you can also do that with a more complicated file so for example let's uh use the stocks py example here and for that you need panda's data reader uh which you can install with pip 3 install pandas dash data reader and then once you have that you can just say import pandas underscore data reader as web and then we can also import date time as dt and we can define a start date which is dt date time 20 20 first of january and then the end is dt date time now and then we can say the data frame is web dot data reader let's go with uh facebook stock from yahoo from start to end and then we just print that data frame and of course you can do visualizations you can do whatever you want uh but now if i just say python 3 stocks py uh you can see this is what the script does i can now um actually i'm in the wrong directory now so let me just move move the stocks file one directory up because we don't want to have it in the disk folder here uh but again if i say now python 3 stocks py this is what it does now i can go ahead and say pi armor obfuscate stocks py now one thing that you will notice is that when you say pi armor obfuscate and one file it usually obfuscates all the files in the directory if you don't want to do this you can also say just uh pi amma obfuscate and i think the command was dash dash exact and then stocks at py now you can see it only obfuscates the one script uh as opposed to here the two scripts and now we can go into this and you can see here um you can see here if i go stocks py this is the code and we can also see that it still works so i can say python 3 stocks py which is the obfuscated version and i still get the same functionality so again that's not the same thing as compiling we still have a simple python script but at least we cannot um immediately see what it's doing and one more thing um probably all of you know uh already that you should not have clear strings clear string passwords in your um in your code but still if you have them you will not be able to see them right away if you use that obfuscation method so if we go ahead now and say uh password dot py for example and then we have a simple i don't know i have a string here my password and this is super secret password one two three or something and then i have a simple um something that the user enters entry is equal to input enter password like this and then i want to say okay if entry is equal to my password print correct else print incorrect again never do that never have your password stored in a clear in a in a constant or in a string in your code this is a very very bad practice you should never do that however if you do that for some reason um first of all if i use a simple strings command i'm going to see the whole python code obviously because this is clear text but you can see i can just go ahead and see okay here's a super secret password i can just read the code if i now go ahead and say pi ama obfuscate pwpy and then i go to the dist folder and i look at this file you can not see any of the clear strings here again probably very easy to reverse the process and read it but this is at least something that you don't see right away but again no matter how much you obfuscate it never use clear string clear text passwords in your code so let me show you one thing this is also something um that is a problem maybe not the topic of this video necessarily but if i go ahead now and i create a c plus script very simple one i just say include i o stream and then int main i just want to show you why you should not use clear uh clear text passwords as strings in your code so if i say now here return 0 and i have a simple constant i think i need to use i'm not sure if i have to use it but i'm just going to use string h here constant std string it's going to be my password and it's going to be again super secret password one two three and then i'm gonna say okay i wanna have some input std string entry and then um i just wanna have this and i wanna say std c in so that i can enter something here and before that maybe you want to have a simple std c out enter pass or enter d password then i can enter it and then i can say if entry is equal to my underscore password then i can say std ah i think end line should should i do it like that std c out what was it std end line and then correct and then maybe std end line again and then i have the else branch where essentially i have the incorrect message here and that's basically it then maybe a get char at the end i just want to show you here that even if you compile it properly even if you have c plus plus and i say now g plus plus main cpp dash o main dot out and if i now say main dot out this is uh the thing so i can enter something i can then say super secret password one two three and now it's correct maybe i did use one uh end line too many so one too many end lines but still you can see that works and if i now go ahead and try to read main dot out it's just completely uh yeah completely full of bytes but if i go ahead now and i say strings main dot out i can still see all the strings that are used here and somewhere in here i should be able to find there you go the super secret password so even if you have an actual compilation with c or c plus plus you should never use clear string passwords uh you should uh load them from a file or load them from the environment variables never load them never have them stored in your code this is very important and in python obviously you don't want to do anything like that because you just the whole code is a string so you can read exactly what's happening with the obfuscation as i showed you here you can at least obfuscate the code a little bit so you can make it harder for noobs at least to read the code so this here can probably be reversed quite easily but at least you don't open it and see right away what's happening so uh yeah this is how you do that pi armor obfuscate python script and then you have an obfuscated version of your python script but as always as i mentioned already three times don't rely on that uh it's probably quite easy to reverse so that's it for today's video i hope you enjoyed it and hope you learned something if so let me know by hitting the like button and leaving a comment in the comment section down below and of course don't forget to subscribe to this channel and hit the notification bell to not miss a single future video for free other than that thank you much for watching see you next video and bye [Music] you

Info

Channel: NeuralNine

Views: 43,853

Rating: undefined out of 5

Keywords: python, python obfuscate, obfuscate python code, obfuscate python, python code compile

Id: irUtnNtknf8

Channel Id: undefined

Length: 11min 22sec (682 seconds)

Published: Sat Aug 13 2022