Menu
I'm trying to understand why PyInstaller documentation states that the --key argument to encrypt Python source code can be easily extracted:
Additionally, Python bytecode can be obfuscated with AES256 by specifying an encryption key on PyInstaller’s command line. Please note that it is still very easy to extract the key and get back the original byte code, but it should prevent most forms of “casual” tampering.
My basic understanding of AES-256 is that if no one has the encryption key you specify, they can't extract it "easily"
Does anyone have better understanding ?
765
This unique protection solution offered by PC Guard means that PyInstaller data which contains actual Python code of your application and is attached to PyInstaller loader stub (exe) will also be additionally encrypted.
In PyInstaller it is easy to create one exe, By default both create a bunch of exes & dlls. In py2exe its easier to embed manifest file in exe, useful for run as administrator mode in windows vista and beyond. Pyinstaller is modular and has a feature of hooks to include files in the build that you like.
A group of researchers from the University of Piraeus in Greece said that PyInstaller, a tool intended to convert Python code into standalone applications, is capable of creating malware payloads that are able to slip past many of the most widely used antivirus programs and get their malicious code up and running ...
Pyinstaller optionally encrypts the python sources with a very strong method.
Of course without the key it is nearly impossible to extract the files.
BUT the sources still need to be accessed at run time or the program couldn't work (or someone would have to provide the password each time, like protected excel files for instance).
It means that the key lies somewhere embedded in the installed software. And since all this stuff is open source, looking at the source code tells you where PyInstaller embeds the key. Of course, it's not trivial, but not an encryption-breaking problem, just reverse engineering with - added - the source available.
95
Jean-Francois' answer above is correct - the encryption key has to be distributed with the executable somewhere or it couldn't self-decrypt when running.
According to a reverse engineering blog, the key is distributed in one of the .pyc files which is generated when building the executable. De-compiling this file may allow access to the key, which could then be used to decrypt the code at rest. (Since that blog is from 2017, the location he talks about may have changed, but it remains the case that the key has to be in there somewhere)
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
