def do_remap(self, dirs=None):
"""
From the two sets of .pyb's produced by gen_r2x and gen_o2x do the compares
to work out the new opcode map. From this new opcode map create new files
opcode.py (for the running stdlib) and opcodes.py (for UnPYC)
Note: the .pyb's must already have been generated from the gen_xxx calls
Usage: remap
"""
if not dirs:
try:
os.stat(
os.path.join(self.pyretic.get_projectdir(), "pybs",
"obf_pyb"))
os.stat(
os.path.join(self.pyretic.get_projectdir(), "pybs",
"ref_pyb"))
except OSError:
print "[-] No .pyb directories could be found and non specified"
return
##Try setting to where pyb's would reside if they had already been gen'd
ref_dir = os.path.join(self.pyretic.get_projectdir(), "pybs",
"ref_pyb")
obf_dir = os.path.join(self.pyretic.get_projectdir(), "pybs",
"obf_pyb")
else:
##Split supplied sirs string to ref and obf
try:
ref_dir, obf_dir = dirs.split(" ")
except:
print "[-] Reference or obfuscated .pyb sets not produced or specified"
return
##Make sure we have everything current
if "OpcodeRemap" not in sys.modules.keys():
from OpcodeRemap import OpcodeRemap
else:
OpcodeRemap = reload(OpcodeRemap)
##Location where the opcode/opcodes.py will be dumped - with project
output_dir = self.pyretic.get_project_mod_dir
##Call into OpcodeRemap
try:
OpcodeRemap.remap(ref_dir, obf_dir,
self.pyretic.get_project_mod_dir())
except OpcodeRemap.OpcodeRemapError, err:
print "[-] Problem with remap: %s" % (err)
def do_remap(self, dirs = None):
"""
From the two sets of .pyb's produced by gen_r2x and gen_o2x do the compares
to work out the new opcode map. From this new opcode map create new files
opcode.py (for the running stdlib) and opcodes.py (for UnPYC)
Note: the .pyb's must already have been generated from the gen_xxx calls
Usage: remap
"""
if not dirs:
try:
os.stat(os.path.join(self.pyretic.get_projectdir(), "pybs","obf_pyb"))
os.stat(os.path.join(self.pyretic.get_projectdir(), "pybs","ref_pyb"))
except OSError:
print "[-] No .pyb directories could be found and non specified"
return
##Try setting to where pyb's would reside if they had already been gen'd
ref_dir = os.path.join(self.pyretic.get_projectdir(), "pybs","ref_pyb")
obf_dir = os.path.join(self.pyretic.get_projectdir(), "pybs","obf_pyb")
else:
##Split supplied sirs string to ref and obf
try:
ref_dir, obf_dir = dirs.split(" ")
except:
print "[-] Reference or obfuscated .pyb sets not produced or specified"
return
##Make sure we have everything current
if "OpcodeRemap" not in sys.modules.keys():
from OpcodeRemap import OpcodeRemap
else:
OpcodeRemap = reload(OpcodeRemap)
##Location where the opcode/opcodes.py will be dumped - with project
output_dir= self.pyretic.get_project_mod_dir
##Call into OpcodeRemap
try:
OpcodeRemap.remap(ref_dir, obf_dir, self.pyretic.get_project_mod_dir())
except OpcodeRemap.OpcodeRemapError, err:
print "[-] Problem with remap: %s"%(err)
def do_gen_obf(self, obfuscated_modules=None):
"""
Generate obfuscated Python bytecode for the modules at the path
specified using the current runtime we are running from.
The generated bytecode will be used to diff against the
reference bytecode to deduce a modified opcode map. In general you
should point this at the directory containing the obfuscated
stdlib .pyc's for the obfuscated runtime
The more commonality between the reference and obfuscated bytecode there
the higher the number of opcodes that will be able to be remapped.
Usage: gen_obf <path to directory of obfusctaed python .pyc's>
Example: gen_obf /tmp/foo.app/Contents/Resources/runtime/site_packages/
"""
if not obfuscated_modules:
print "[-] No path given from which to generate obfuscated bytecode"
return
##Make sure we have everything current
if "OpcodeRemap" not in sys.modules.keys():
from OpcodeRemap import OpcodeRemap
else:
OpcodeRemap = reload(OpcodeRemap)
self.obf_pyb = os.path.join(self.pyretic.get_projectdir(), "pybs")
obfuscated_modules = self.pyretic.normalise_path(obfuscated_modules)
print "[=] Generating bytecode from .py's at: %s" % (
obfuscated_modules)
##Call into OpcodeRemap
if self.runtime_version == "default":
version_to_gen = "2.5"
else:
version_to_gen = self.runtime_version
OpcodeRemap.gen_obf(self.obf_pyb, obfuscated_modules, version_to_gen)
print "[+] Obfuscated bytecode generated"
def do_gen_obf(self, obfuscated_modules = None):
"""
Generate obfuscated Python bytecode for the modules at the path
specified using the current runtime we are running from.
The generated bytecode will be used to diff against the
reference bytecode to deduce a modified opcode map. In general you
should point this at the directory containing the obfuscated
stdlib .pyc's for the obfuscated runtime
The more commonality between the reference and obfuscated bytecode there
the higher the number of opcodes that will be able to be remapped.
Usage: gen_obf <path to directory of obfusctaed python .pyc's>
Example: gen_obf /tmp/foo.app/Contents/Resources/runtime/site_packages/
"""
if not obfuscated_modules:
print "[-] No path given from which to generate obfuscated bytecode"
return
##Make sure we have everything current
if "OpcodeRemap" not in sys.modules.keys():
from OpcodeRemap import OpcodeRemap
else:
OpcodeRemap = reload(OpcodeRemap)
self.obf_pyb = os.path.join(self.pyretic.get_projectdir(), "pybs")
obfuscated_modules = self.pyretic.normalise_path(obfuscated_modules)
print "[=] Generating bytecode from .py's at: %s"%(obfuscated_modules)
##Call into OpcodeRemap
if self.runtime_version == "default":
version_to_gen = "2.5"
else:
version_to_gen = self.runtime_version
OpcodeRemap.gen_obf(self.obf_pyb, obfuscated_modules, version_to_gen)
print "[+] Obfuscated bytecode generated"
