Question about prevention

Question

Question about prevention

Closed this issue 6 months ago · 6 comments

Is there any way to stop someone from using something like this or "Hypno" on my python apps? (Very good project though).

Answer 1 · 2024-06-01T06:52:12.000Z

Depends on how your application is deployed and used, but for example, tools like PyOxidizer can compile your project into a standalone, statically-linked executable, from which you can strip any symbols. Pyinjector and hypno rely on dynamically loading libpython, so doing this will disable them. It could also interfere with similar tools like profilers and debuggers.

Answer 2 · 2024-06-01T07:42:33.000Z

Depends on how your application is deployed and used, but for example, tools like PyOxidizer can compile your project into a standalone, statically-linked executable, from which you can strip any symbols. Pyinjector and hypno rely on dynamically loading libpython, so doing this will disable them. It could also interfere with similar tools like profilers and debuggers.

Right now I'm using nuitka + pyarmor and it's just funny to see it rip through everything. I've tried PyOxidizer in the past but never really got it to work but I will try again. If you have any suggestions for nuitka or pyinstaller though please let me know I would be very interested.

Answer 3 · 2024-06-01T07:56:28.000Z

Haha maybe nuitka also has an option to compile statically, or maybe it already does and you just need to strip the symbols :)

Answer 4 · 2024-06-01T08:10:28.000Z

Haha maybe nuitka also has an option to compile statically, or maybe it already does and you just need to strip the symbols :)

I thought I had already tried removing the symbols with strip -s test.exe but I believe it still worked. Currently it is 3 am and I need sleep but tomorrow I will look into it more.

Answer 5 · 2024-06-01T08:20:08.000Z

In the end I have the code

pyarmor cfg restrict_module=0
pyarmor gen --enable-jit --enable-bcc --mix-str --no-wrap --obf-code 2 --enable-themida test.py
pause
nuitka --standalone --lto=yes --mingw64 --onefile --include-package-data=nicegui dist\test.py
strip -s test.exe

I built nuitka as onefile with standalone compilation (static) and strip it of everything but I can still inject into it's subprocesses if I find it's PID. But the parent process has no effect.

Answer 6 · 2024-06-06T13:54:24.000Z

Mmmm I'm just now realizing maybe you are testing only pyinjector and not hypno? Hypno should definitely not work after that. If it does, please upload an example binary.
And regarding pyinjector... It writes the payload to the libc entrypoint because it's a piece of memory in an executable page that exists basically everywhere and is not used, and it's possible to determine its position from /proc/pid/maps. My first thought is to try and mess with that. Two ideas that come to mind are to make this page non-executable, or to compile statically with libc.