def do_remap(self, dirs=None): """ From the two sets of .pyb's produced by gen_r2x and gen_o2x do the compares to work out the new opcode map. From this new opcode map create new files opcode.py (for the running stdlib) and opcodes.py (for UnPYC) Note: the .pyb's must already have been generated from the gen_xxx calls Usage: remap """ if not dirs: try: os.stat( os.path.join(self.pyretic.get_projectdir(), "pybs", "obf_pyb")) os.stat( os.path.join(self.pyretic.get_projectdir(), "pybs", "ref_pyb")) except OSError: print "[-] No .pyb directories could be found and non specified" return ##Try setting to where pyb's would reside if they had already been gen'd ref_dir = os.path.join(self.pyretic.get_projectdir(), "pybs", "ref_pyb") obf_dir = os.path.join(self.pyretic.get_projectdir(), "pybs", "obf_pyb") else: ##Split supplied sirs string to ref and obf try: ref_dir, obf_dir = dirs.split(" ") except: print "[-] Reference or obfuscated .pyb sets not produced or specified" return ##Make sure we have everything current if "OpcodeRemap" not in sys.modules.keys(): from OpcodeRemap import OpcodeRemap else: OpcodeRemap = reload(OpcodeRemap) ##Location where the opcode/opcodes.py will be dumped - with project output_dir = self.pyretic.get_project_mod_dir ##Call into OpcodeRemap try: OpcodeRemap.remap(ref_dir, obf_dir, self.pyretic.get_project_mod_dir()) except OpcodeRemap.OpcodeRemapError, err: print "[-] Problem with remap: %s" % (err)
def do_remap(self, dirs = None): """ From the two sets of .pyb's produced by gen_r2x and gen_o2x do the compares to work out the new opcode map. From this new opcode map create new files opcode.py (for the running stdlib) and opcodes.py (for UnPYC) Note: the .pyb's must already have been generated from the gen_xxx calls Usage: remap """ if not dirs: try: os.stat(os.path.join(self.pyretic.get_projectdir(), "pybs","obf_pyb")) os.stat(os.path.join(self.pyretic.get_projectdir(), "pybs","ref_pyb")) except OSError: print "[-] No .pyb directories could be found and non specified" return ##Try setting to where pyb's would reside if they had already been gen'd ref_dir = os.path.join(self.pyretic.get_projectdir(), "pybs","ref_pyb") obf_dir = os.path.join(self.pyretic.get_projectdir(), "pybs","obf_pyb") else: ##Split supplied sirs string to ref and obf try: ref_dir, obf_dir = dirs.split(" ") except: print "[-] Reference or obfuscated .pyb sets not produced or specified" return ##Make sure we have everything current if "OpcodeRemap" not in sys.modules.keys(): from OpcodeRemap import OpcodeRemap else: OpcodeRemap = reload(OpcodeRemap) ##Location where the opcode/opcodes.py will be dumped - with project output_dir= self.pyretic.get_project_mod_dir ##Call into OpcodeRemap try: OpcodeRemap.remap(ref_dir, obf_dir, self.pyretic.get_project_mod_dir()) except OpcodeRemap.OpcodeRemapError, err: print "[-] Problem with remap: %s"%(err)
def do_gen_obf(self, obfuscated_modules=None): """ Generate obfuscated Python bytecode for the modules at the path specified using the current runtime we are running from. The generated bytecode will be used to diff against the reference bytecode to deduce a modified opcode map. In general you should point this at the directory containing the obfuscated stdlib .pyc's for the obfuscated runtime The more commonality between the reference and obfuscated bytecode there the higher the number of opcodes that will be able to be remapped. Usage: gen_obf <path to directory of obfusctaed python .pyc's> Example: gen_obf /tmp/foo.app/Contents/Resources/runtime/site_packages/ """ if not obfuscated_modules: print "[-] No path given from which to generate obfuscated bytecode" return ##Make sure we have everything current if "OpcodeRemap" not in sys.modules.keys(): from OpcodeRemap import OpcodeRemap else: OpcodeRemap = reload(OpcodeRemap) self.obf_pyb = os.path.join(self.pyretic.get_projectdir(), "pybs") obfuscated_modules = self.pyretic.normalise_path(obfuscated_modules) print "[=] Generating bytecode from .py's at: %s" % ( obfuscated_modules) ##Call into OpcodeRemap if self.runtime_version == "default": version_to_gen = "2.5" else: version_to_gen = self.runtime_version OpcodeRemap.gen_obf(self.obf_pyb, obfuscated_modules, version_to_gen) print "[+] Obfuscated bytecode generated"
def do_gen_obf(self, obfuscated_modules = None): """ Generate obfuscated Python bytecode for the modules at the path specified using the current runtime we are running from. The generated bytecode will be used to diff against the reference bytecode to deduce a modified opcode map. In general you should point this at the directory containing the obfuscated stdlib .pyc's for the obfuscated runtime The more commonality between the reference and obfuscated bytecode there the higher the number of opcodes that will be able to be remapped. Usage: gen_obf <path to directory of obfusctaed python .pyc's> Example: gen_obf /tmp/foo.app/Contents/Resources/runtime/site_packages/ """ if not obfuscated_modules: print "[-] No path given from which to generate obfuscated bytecode" return ##Make sure we have everything current if "OpcodeRemap" not in sys.modules.keys(): from OpcodeRemap import OpcodeRemap else: OpcodeRemap = reload(OpcodeRemap) self.obf_pyb = os.path.join(self.pyretic.get_projectdir(), "pybs") obfuscated_modules = self.pyretic.normalise_path(obfuscated_modules) print "[=] Generating bytecode from .py's at: %s"%(obfuscated_modules) ##Call into OpcodeRemap if self.runtime_version == "default": version_to_gen = "2.5" else: version_to_gen = self.runtime_version OpcodeRemap.gen_obf(self.obf_pyb, obfuscated_modules, version_to_gen) print "[+] Obfuscated bytecode generated"