这几天公司的Python3需要加密,网上的文章要么提供思路不提供代码,要么加密之后自己都没法用了。。没办法只能自己写了

文章整体思路

   1、修改python源码opcode为随机值

   修改下载后的Python源码包中opcode值(opcode可以理解为python读取代码的坐标,比如一个变量的opcode是5,则cpython读取这个变量时是从第5个字符串开始读的),修改后会导致关键变量的opcode混乱,除了自己的环境外,其他人都执行和解密不了了

   2、在修改好opcode的python环境,把所有py文件编译成pyc,然后删除原始py文件


修改opcode的脚本:
#!/usr/bin/env python2.7
# encoding:utf-8
#FileName scramble-opcodes.py
__author__ = 'mafei'
import argparse
import re
import random
import os
python_version = 'Python-3.5.3'
regex_for_opcode_h = r'^#define\s+(?P<name>[A-Z_]+)\s+(?P<code>\d+)(?P<extra>.*)'
regex_for_opcode_py = r'^(?P<key>[a-z_]+)+\(\'+(?P<name>[A-Z_]+)+\'+\,\s+(?P<code>\d+)(?P<extra>.*)'


try:
    from importlib.machinery import SourceFileLoader
except ImportError:
    import imp
    
    
class replace_opcode(object):
    
    def __init__(self):
        self.replace_dict = {}
        self.not_have_argument_code_list = []
        self.have_argument_code_list = []
    
    def set_list(self, reg, file):
        f1 = open(file, 'r+')
        infos = f1.readlines()
        f1.seek(0, 0)
        for line in infos:
            rex = re.compile(reg).match(line)
            if rex:
                if rex.group('name') in ['CALL_FUNCTION', 'CALL_FUNCTION_KW', 'CALL_FUNCTION_EX', 'CALL_FUNCTION_VAR',
                                         'CALL_FUNCTION_VAR_KW']:
                    continue
                elif int(rex.group('code')) < 90:
                    self.not_have_argument_code_list.append(int(rex.group('code')))
                else:
                    self.have_argument_code_list.append(int(rex.group('code')))
    
    def replace_file(self, reg, file, is_update=False):
        if not is_update:
            self.set_list(reg, file)
        f1 = open(file, 'r+')
        infos = f1.readlines()
        f1.seek(0, 0)
        for line in infos:
            rex = re.compile(reg).match(line)
            if rex:
                n = self.replace_code(rex, is_update)
                line = line.replace(rex.group('code'), str(n))
            f1.write(line)
        f1.close()
        
    def replace_code(self, rex, is_update):
        if is_update:
            try:
                n = self.replace_dict[rex.group('name')]
            except:
                n = rex.group('code')
            return n
        if rex.group('name') == "CALL_FUNCTION":
            n = int(rex.group('code'))
        elif rex.group('name') in ['CALL_FUNCTION_KW', 'CALL_FUNCTION_EX', 'CALL_FUNCTION_VAR',
                                   'CALL_FUNCTION_VAR_KW']:
            n = int(rex.group('code'))
        else:
            if int(rex.group('code')) < 90:
                n = random.choice(self.not_have_argument_code_list)
                self.not_have_argument_code_list.remove(n)
            else:
                n = random.choice(self.have_argument_code_list)
                self.have_argument_code_list.remove(n)
        self.replace_dict[rex.group('name')] = n
        return n
        
    def run(self, source_directory):
        OPCODE_PY = 'Lib/opcode.py'
        OPTARGETS_H = "Include/opcode.h"
        print source_directory
        print('start run......', os.path.join(source_directory, OPCODE_PY))
        self.replace_file(reg=regex_for_opcode_py, file=os.path.join(source_directory, OPCODE_PY))
        print('run {} end'.format(os.path.join(source_directory, OPCODE_PY)))
        print('start run......', os.path.join(source_directory, OPCODE_PY))
        self.replace_file(reg=regex_for_opcode_h, file=os.path.join(source_directory, OPTARGETS_H), is_update=True)
        print('run {} end'.format(os.path.join(source_directory, OPTARGETS_H)))
        self.write_opcode_targets_contents()
        print('run {} end'.format(os.path.join(source_directory, OPTARGETS_H)))
    
    def write_opcode_targets_contents(self, file='Python/opcode_targets.h'):
        """Write C code contents to the target file object.
        """
        targets = ['_unknown_opcode'] * 256
        for opname, op in sorted(self.replace_dict.items(), key=lambda nc: nc[1]):
            targets[op] = "TARGET_%s" % opname
        with open(os.path.join(source_directory, file), 'w') as f:
            f.write("static void *opcode_targets[256] = {\n")
            sep = ',%s' % os.linesep
            f.write(sep.join(["    &&%s" % s for s in targets]))
            f.write("\n};\n")
            
            
if __name__ == '__main__':
    parser = argparse.ArgumentParser(description='Scramble python opcodes table')
    parser.add_argument('--python-source', dest='src', type=str,
                        help='Python source code', required=True)
    args = parser.parse_args()
    source_directory = os.path.abspath(args.src)
    # main(source_directory)
    replace_opcode_class = replace_opcode()
    replace_opcode_class.run(source_directory)
cd /opt/
下载源码包 wget 
解压   tar xJf Python-3.5.3.tar.xz

执行修改opcode操作

python scramble-opcodes.py --python-source=/opt/Python-3.5.3


#后面几步就是标准的python安装步骤啦

cd /opt/Python-3.5.3 

./configure --prefix=/opt/python-3.5.3 && make && make install

加入系统路径

export PATH=/opt/python-3.5.3/bin/:$PATH

这时候执行python3就可以进入python3.5.3的修改opcode后的环境了


加密Python代码(一定要在修改过opcode的Python环境执行,否则不生效的)


#!/usr/bin/env python2.7
# encoding:utf-8
__author__ = 'mafei'
import os
import subprocess
import argparse
import sys
def compile_py3(source_dir):
    g = os.walk(source_dir)
    # compileall.compile_dir(source_dir, maxlevels=100)
    subprocess.check_output('{} -m compileall -b {}'.format(sys.executable,source_dir),shell=True)
    for path,d,filelist in g:
        for filename in filelist:
            #对所有py文件进行加密并删除原始文件
            if os.path.splitext(filename)[-1] =='.py':
                os.remove(os.path.join(path, filename))
                print('compile {}'.format(os.path.join(path, filename)))
if __name__ == '__main__':
    parser = argparse.ArgumentParser(description='Scramble python opcodes table')
    parser.add_argument('--python-source', dest='src', type=str,
                        help='Python source code', required=True)
    args = parser.parse_args()
    source_directory = os.path.abspath(args.src)
    compile_py3(source_directory)

转载自https://blog.51cto.com/mapengfei/1976189