Can you support direct full obfuscation of the entire project?
Closed this issue · 2 comments
I used a script to obfuscate all the .py files in the entire project. However, I encountered errors indicating that the modules cannot be properly linked. I would appreciate your assistance in resolving this issue. Thank you.
Here's script:
import os
import subprocess
def obfuscate_directory(path):
# 遍历目录中的所有文件和子目录
for root, dirs, files in os.walk(path):
for file in files:
if file.endswith('.py'): # 检查文件是否为 Python 文件
full_path = os.path.join(root, file)
print(f"Obfuscating {full_path}...")
# 执行混淆命令,将输出重定向到原文件,从而替换它
subprocess.run([
'python3', '-m', 'PyObfuscator',
'-o', full_path, # 输出文件替换原文件
full_path # 指定源文件
], check=True)
# 直接通过传入参数的方式,选择文件夹
import sys
obfuscate_directory(sys.argv[1])
Hi @JavanTang, i think is not possible to obfuscate a full project in python without configuration because relative imports will be obfuscated:
Problem
A non obfuscated code named test.py will be:
my_variable = "qwerty"
system = "linux"In the __main__.py file you have:
from test import my_variable
from os import system
system(f"echo {my_variable}") # this code is vulnerable, don't use it in production ! It's only for the demonstrationWith this configuration you have 2 solutions to obfuscate project:
- Obfuscate all variables, store obfuscated names for all files and obfuscate the imports:
- So
my_variablecan be obfuscated asa(for example) in all files, so you importafromtestand is working good systemcan be obfuscated asb(for example) in all file, so you importbfromosand here is not working
- So
- Obfuscate all variables, store obfuscated names for all files but don't obfuscate imports:
- So
my_variablecan be obfuscate asa(for example) in all files but you importmy_variablefromtestand here is not working (because intest.pythemy_variablewill be renamed for obfuscation) systemcan be obfuscated asb(for example) in all file but you importsystemfromosand here is working good
- So
So, it's very difficult to identify correctly what should be obfuscated in imports, i think the only good way to do this is to load the python project and use the python interpreter to know where are each file and which file are imported. But loading the python project will generate a python execution (if there is the if __name__ == "__main__" it's probably safe), you probably don't want an execution on your system for each obfuscation.
Fix
If you have any other idea to fix it i will be happy to implement the solution or merge a pull request !
Solution
The only solution you have today with PyObfuscator is to configure your project, you can control the obfuscated name for all file. To do this use python script or --names argument in the command line and for each imported element write the same name than imports, for example with the previous example:
- you should configure the
testobfuscation to don't change the variable namemy_variableat obfuscation or to change it with a static name you will use in your import
With the previous example you should use the following commands:
PyObfuscator -n "my_variable:my_variable" -l 12 test.py
PyObfuscator __main__.pyOr to obfuscate the my_variable variable name, change the __main__.py:
from test import qbd45_kj
from os import system
system(f"echo {qbd45_kj}") # this code is vulnerable, don't use it in production ! It's only for the demonstration
And use:
PyObfuscator -n "my_variable:qbd45_kj" -l 12 test.py
PyObfuscator __main__.pyYou can do it with command line or python script: usages.
These days, I have been thinking about whether there is a way to obfuscate an entire project. But I also haven’t found a good method to achieve this. I decided to use “-n” with your suggestion to set various names. I appreciate your response. Thank you.