PyPI - PyProtect-v3 - Versions diffs - 3.0.0__tar.gz → 3.2.0__tar.gz - Mend

PyProtect-v3 3.0.0tar.gz → 3.2.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

{pyprotect_v3-3.0.0 → pyprotect_v3-3.2.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: PyProtect-v3
-Version: 3.0.0
+Version: 3.2.0
 Summary: Python script obfuscation library with AES-256-GCM encryption and C extension acceleration
 Author-email: NguyenNgocNam <c.nam020213@gmail.com>
 License-Expression: MIT

{pyprotect_v3-3.0.0 → pyprotect_v3-3.2.0}/PyProtect_v3.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: PyProtect-v3
-Version: 3.0.0
+Version: 3.2.0
 Summary: Python script obfuscation library with AES-256-GCM encryption and C extension acceleration
 Author-email: NguyenNgocNam <c.nam020213@gmail.com>
 License-Expression: MIT

{pyprotect_v3-3.0.0 → pyprotect_v3-3.2.0}/PyProtect_v3.egg-info/SOURCES.txt RENAMED Viewed

@@ -10,7 +10,6 @@ PyProtect_v3.egg-info/requires.txt
 PyProtect_v3.egg-info/top_level.txt
 pyprotect/__init__.py
 pyprotect/__main__.py
-pyprotect/_key.py
 pyprotect/anti_debug.py
 pyprotect/crypto.py
 pyprotect/engine.c

{pyprotect_v3-3.0.0 → pyprotect_v3-3.2.0}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "PyProtect-v3"
-version = "3.0.0"
+version = "3.2.0"
 description = "Python script obfuscation library with AES-256-GCM encryption and C extension acceleration"
 readme = "README.md"
 requires-python = ">=3.8"

{pyprotect_v3-3.0.0 → pyprotect_v3-3.2.0}/pyprotect/__main__.py RENAMED Viewed

@@ -15,7 +15,6 @@ def cmd_encrypt(args):
     )
     out_path = obf.encrypt_file(args.input)
     print(f"[+] Encrypted: {args.input} -> {out_path}")
-    _copy_engine(args.output_dir)
 def cmd_encrypt_dir(args):
@@ -29,7 +28,6 @@ def cmd_encrypt_dir(args):
     print(f"[+] Encrypted {len(out_files)} files from {args.input}")
     for f in out_files:
         print(f"    -> {f}")
-    _copy_engine(args.output_dir)
 def cmd_build_engine(args):

{pyprotect_v3-3.0.0 → pyprotect_v3-3.2.0}/pyprotect/engine.c RENAMED Viewed

@@ -298,6 +298,86 @@ static int deep_anti_debug(void) {
     return detected;
 }
+/* ------------------------------------------------------------------ */
+/* Anti-hook — detect debugger trace, profile, suspicious import hooks */
+/* ------------------------------------------------------------------ */
+static int deep_anti_hook(void) {
+    int detected = 0;
+    PyObject *sys_mod = PyImport_AddModule("sys");
+    if (!sys_mod) return 0;
+    PyObject *f = PyObject_GetAttrString(sys_mod, "gettrace");
+    if (f) {
+        PyObject *v = PyObject_CallNoArgs(f);
+        if (v && v != Py_None) detected = 1;
+        Py_XDECREF(v); Py_DECREF(f);
+    }
+    f = PyObject_GetAttrString(sys_mod, "getprofile");
+    if (f) {
+        PyObject *v = PyObject_CallNoArgs(f);
+        if (v && v != Py_None) detected = 1;
+        Py_XDECREF(v); Py_DECREF(f);
+    }
+    /* Check meta_path for known hostile importers */
+    PyObject *meta_path = PySys_GetObject("meta_path");
+    if (meta_path && PyList_Check(meta_path)) {
+        Py_ssize_t n = PyList_Size(meta_path);
+        for (Py_ssize_t i = 0; i < n; i++) {
+            PyObject *item = PyList_GetItem(meta_path, i);
+            if (!item) continue;
+            PyObject *name = PyObject_GetAttrString(item, "__class__");
+            if (!name) { PyErr_Clear(); continue; }
+            PyObject *cname = PyObject_GetAttrString(name, "__name__");
+            Py_DECREF(name);
+            if (!cname) { PyErr_Clear(); continue; }
+            const char *s = PyUnicode_AsUTF8(cname);
+            if (s) {
+                if (strstr(s, "Hook") || strstr(s, "Redirect") ||
+                    strstr(s, "Monitor") || strstr(s, "Interceptor") ||
+                    strstr(s, "Tracer") || strstr(s, "Proxy") ||
+                    strstr(s, "Debug") || strstr(s, "Inject")) {
+                    detected = 1;
+                    Py_DECREF(cname);
+                    break;
+                }
+            }
+            Py_DECREF(cname);
+        }
+    }
+    return detected;
+}
+/* ------------------------------------------------------------------ */
+/* Anti-decode — block decompilers, profilers, debugger modules        */
+/* ------------------------------------------------------------------ */
+static int deep_anti_decode(void) {
+    int detected = 0;
+    PyObject *sys_mod = PyImport_AddModule("sys");
+    if (sys_mod) {
+        PyObject *modules = PyObject_GetAttrString(sys_mod, "modules");
+        if (modules && PyDict_Check(modules)) {
+            const char *sus[] = {
+                "decompyle3","uncompyle6","decompyle","frida",
+                "pyrasite","pydevd","pdb","ipdb",
+                "pyinstrument","cProfile","line_profiler",NULL
+            };
+            for (int i = 0; sus[i]; i++) {
+                PyObject *k = PyUnicode_FromString(sus[i]);
+                if (k) {
+                    if (PyDict_GetItem(modules, k)) { detected = 1; Py_DECREF(k); break; }
+                    Py_DECREF(k);
+                }
+            }
+        }
+        Py_XDECREF(modules);
+    }
+    if (getenv("PYTHONDEVMODE")) detected = 1;
+    if (getenv("PYTHONINSPECT")) detected = 1;
+    if (getenv("PYSEC")) detected = 1;
+    return detected;
+}
 /* ------------------------------------------------------------------ */
 /* Memory protection: re-encrypt buffer after use                      */
 /* ------------------------------------------------------------------ */
@@ -382,6 +462,77 @@ static int _decrypt_payload(const uint8_t *data, size_t data_len,
     return 0;
 }
+/* ------------------------------------------------------------------ */
+/* Frame evaluation hook — anti-tamper check on every function call    */
+/* We use the CPython 3.11+ internal API to intercept frame evaluation */
+/* ------------------------------------------------------------------ */
+/* These are declared in cpython/pystate.h and cpython/ceval.h
+   which are included by Python.h */
+static _PyFrameEvalFunction original_eval_frame = NULL;
+static PyInterpreterState *hooked_interp = NULL;
+static PyObject* protected_eval_frame(PyThreadState *tstate, struct _PyInterpreterFrame *frame, int throwflag) {
+    if (deep_anti_debug() || deep_anti_hook() || deep_anti_decode()) {
+        PyErr_SetString(PyExc_RuntimeError, "Tamper detected");
+        return NULL;
+    }
+    return _PyEval_EvalFrameDefault(tstate, frame, throwflag);
+}
+static void install_frame_hook(void) {
+    if (original_eval_frame) return;
+    PyInterpreterState *interp = PyInterpreterState_Get();
+    if (!interp) return;
+    _PyFrameEvalFunction cur = _PyInterpreterState_GetEvalFrameFunc(interp);
+    if (cur == protected_eval_frame) return;
+    original_eval_frame = cur;
+    hooked_interp = interp;
+    _PyInterpreterState_SetEvalFrameFunc(interp, protected_eval_frame);
+}
+static void restore_frame_hook(void) {
+    if (!original_eval_frame || !hooked_interp) return;
+    _PyInterpreterState_SetEvalFrameFunc(hooked_interp, original_eval_frame);
+    original_eval_frame = NULL;
+    hooked_interp = NULL;
+}
+/* ------------------------------------------------------------------ */
+/* Wipe code tree — recursively clear all code objects' bytecodes      */
+/* ------------------------------------------------------------------ */
+static void wipe_code_tree(PyObject *co) {
+    if (!co || !PyCode_Check(co)) return;
+    PyCodeObject *code = (PyCodeObject*)co;
+    PyObject *bc = PyCode_GetCode(code);
+    if (bc && PyBytes_Check(bc)) {
+        Py_ssize_t sz;
+        char *buf;
+        if (PyBytes_AsStringAndSize(bc, &buf, &sz) == 0 && buf && sz > 0) {
+            memset(buf, 0, (size_t)sz);
+        }
+    }
+    Py_XDECREF(bc);
+    PyObject *consts = code->co_consts;
+    if (consts && PyTuple_Check(consts)) {
+        Py_ssize_t n = PyTuple_Size(consts);
+        for (Py_ssize_t i = 0; i < n; i++) {
+            PyObject *item = PyTuple_GetItem(consts, i);
+            if (item && PyCode_Check(item)) {
+                wipe_code_tree(item);
+            }
+        }
+    }
+}
+/* ------------------------------------------------------------------ */
+/* Decrypt and exec                                                     */
+/* ------------------------------------------------------------------ */
 static PyObject* engine_decrypt_and_exec(PyObject *self, PyObject *args) {
     const uint8_t *data;
     Py_ssize_t data_len;
@@ -389,8 +540,8 @@ static PyObject* engine_decrypt_and_exec(PyObject *self, PyObject *args) {
     if (!PyArg_ParseTuple(args, "y#", &data, &data_len))
         return NULL;
-    if (deep_anti_debug()) {
-        PyErr_SetString(PyExc_RuntimeError, "Debugger detected");
+    if (deep_anti_debug() || deep_anti_hook() || deep_anti_decode()) {
+        PyErr_SetString(PyExc_RuntimeError, "Tamper detected");
         return NULL;
     }
@@ -462,15 +613,25 @@ static PyObject* engine_decrypt_and_exec(PyObject *self, PyObject *args) {
         return NULL;
     }
+    /* Install frame eval hook */
+    install_frame_hook();
     PyObject *builtins = PyEval_GetBuiltins();
-    if (!builtins) { Py_DECREF(code_obj); return NULL; }
+    if (!builtins) { restore_frame_hook(); Py_DECREF(code_obj); return NULL; }
     PyObject *globals = PyDict_New();
-    if (!globals) { Py_DECREF(code_obj); return NULL; }
+    if (!globals) { restore_frame_hook(); Py_DECREF(code_obj); return NULL; }
     PyDict_SetItemString(globals, "__builtins__", builtins);
     PyObject *result = PyEval_EvalCode((PyObject*)code_obj, globals, globals);
+    /* Restore frame hook */
+    restore_frame_hook();
+    /* Wipe all decrypted bytecodes from memory */
+    wipe_code_tree(code_obj);
     Py_DECREF(code_obj);
     Py_DECREF(globals);
@@ -489,6 +650,11 @@ static PyObject* engine_decrypt_and_get_code(PyObject *self, PyObject *args) {
     if (!PyArg_ParseTuple(args, "y#", &data, &data_len))
         return NULL;
+    if (deep_anti_debug() || deep_anti_hook() || deep_anti_decode()) {
+        PyErr_SetString(PyExc_RuntimeError, "Tamper detected");
+        return NULL;
+    }
     uint8_t iv[12];
     uint8_t *plain = NULL;
     size_t plain_len = 0;
@@ -549,19 +715,89 @@ static PyObject* engine_decrypt_and_get_code(PyObject *self, PyObject *args) {
     return code_obj;
 }
+/* ------------------------------------------------------------------ */
+/* Encrypt — used by Python obfuscator so key stays in .so only        */
+/* ------------------------------------------------------------------ */
+static PyObject* engine_encrypt(PyObject *self, PyObject *args) {
+    const uint8_t *plain;
+    Py_ssize_t plain_len;
+    if (!PyArg_ParseTuple(args, "y#", &plain, &plain_len))
+        return NULL;
+    uint8_t iv[12];
+    size_t ct_len = (size_t)plain_len;
+    size_t out_len = 12 + ct_len + 16; /* iv + ct + tag */
+    uint8_t *out = (uint8_t*)malloc(out_len);
+    if (!out) return PyErr_NoMemory();
+    /* Generate random IV */
+#if defined(PLATFORM_WINDOWS)
+    HCRYPTPROV hProv = 0;
+    CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
+    CryptGenRandom(hProv, 12, iv);
+    CryptReleaseContext(hProv, 0);
+#else
+    FILE *urandom = fopen("/dev/urandom", "rb");
+    if (!urandom) { free(out); PyErr_SetString(PyExc_RuntimeError, "No /dev/urandom"); return NULL; }
+    fread(iv, 1, 12, urandom);
+    fclose(urandom);
+#endif
+    memcpy(out, iv, 12); /* prepend iv */
+#if defined(USE_EMBEDDED_AES)
+    /* For embedded AES, we'd need aes_gcm_encrypt. Use OpenSSL fallback. */
+    free(out);
+    PyErr_SetString(PyExc_RuntimeError, "Encryption requires OpenSSL");
+    return NULL;
+#else
+    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+    if (!ctx) { free(out); PyErr_NoMemory(); return NULL; }
+    int len, ct_written = 0;
+    if (EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL) != 1) goto err;
+    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL) != 1) goto err;
+    if (EVP_EncryptInit_ex(ctx, NULL, NULL, EMBEDDED_KEY, iv) != 1) goto err;
+    if (EVP_EncryptUpdate(ctx, NULL, &len, (const uint8_t*)"pyprotect", 9) != 1) goto err; /* AAD */
+    if (EVP_EncryptUpdate(ctx, out + 12, &len, plain, (int)ct_len) != 1) goto err;
+    ct_written = len;
+    if (EVP_EncryptFinal_ex(ctx, out + 12 + ct_written, &len) != 1) goto err;
+    ct_written += len;
+    uint8_t tag[16];
+    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag) != 1) goto err;
+    memcpy(out + 12 + ct_len, tag, 16); /* append tag */
+    EVP_CIPHER_CTX_free(ctx);
+    PyObject *result = PyBytes_FromStringAndSize((const char*)out, (Py_ssize_t)out_len);
+    free(out);
+    return result;
+err:
+    ERR_print_errors_fp(stderr);
+    EVP_CIPHER_CTX_free(ctx);
+    free(out);
+    PyErr_SetString(PyExc_RuntimeError, "Encryption failed");
+    return NULL;
+#endif
+}
 /* ------------------------------------------------------------------ */
 /* Module definition                                                   */
 /* ------------------------------------------------------------------ */
 static PyMethodDef EngineMethods[] = {
-    {"decrypt_and_exec",     engine_decrypt_and_exec,     METH_VARARGS, "Decrypt and execute protected payload."},
+    {"decrypt_and_exec",     engine_decrypt_and_exec,     METH_VARARGS, "Decrypt+execute with frame hook + anti-tamper + memory wipe."},
     {"decrypt_and_get_code", engine_decrypt_and_get_code, METH_VARARGS, "Decrypt and return code object."},
+    {"encrypt",              engine_encrypt,              METH_VARARGS, "Encrypt payload with embedded key."},
     {NULL, NULL, 0, NULL}
 };
 static struct PyModuleDef enginemodule = {
     PyModuleDef_HEAD_INIT, "engine_c",
-    "pyprotect-v4 engine - embedded key, anti-debug, anti-dump",
+    "pyprotect-v4 engine - frame hook, anti-tamper, anti-dump",
     -1, EngineMethods
 };

{pyprotect_v3-3.0.0 → pyprotect_v3-3.2.0}/pyprotect/obfuscator.py RENAMED Viewed

@@ -14,43 +14,16 @@ import shutil
 import ast
 import base64
-from pyprotect import crypto
-try:
-    from pyprotect._key import EMBEDDED_KEY
-except ImportError:
-    EMBEDDED_KEY = b'\xa1\xb2\xc3\xd4\xe5\xf6\x07\x18\x29\x3a\x4b\x5c\x6d\x7e\x8f\x90\x01\x23\x45\x67\x89\xab\xcd\xef\xfe\xdc\xba\x98\x76\x54\x32\x10'
+from pyprotect.engine_c import encrypt
-BOOTSTRAP_TEMPLATE = '''"""Protected script - generated by pyprotect-v3 v{version}."""
-import sys
-import os
-{payload_var} = {payload!r}
-def _exec_protected():
-    import importlib.util
-    _d = os.path.dirname(os.path.abspath(__file__))
-    for _f in os.listdir(_d):
-        if _f.startswith('engine_c') and any(_f.endswith(e) for e in ('.so', '.pyd', '.dll')):
-            _spec = importlib.util.spec_from_file_location('engine_c', os.path.join(_d, _f))
-            if _spec:
-                _mod = importlib.util.module_from_spec(_spec)
-                _spec.loader.exec_module(_mod)
-                return _mod.decrypt_and_exec({payload_var})
-    from pyprotect.engine_c import decrypt_and_exec as _e
-    return _e({payload_var})
-if __name__ == "__main__":
-    try:
-        _exec_protected()
-    except BaseException:
-        sys.stderr.write("[-] C engine not available. Install pyprotect-v3 with C extension.\\n")
-        sys.exit(1)
-'''
+BOOTSTRAP_TEMPLATE = '''# PyProtect-v3 | github.com/PyProtect/PyProtect
+from pyprotect.engine_c import decrypt_and_exec; decrypt_and_exec({payload!r})'''
 MULTI_BOOTSTRAP_TEMPLATE = '''"""Protected package - generated by pyprotect-v3 v{version}."""
 import sys
 import os
 import importlib.abc
 import importlib.machinery
 import types
@@ -288,41 +261,9 @@ def _add_junk_imports(tree):
 # ---------------------------------------------------------------------------
 def _generate_polymorphic_stub(payload_expr: str) -> str:
-    """Generate a polymorphic stub. No key in stub — key is in .so binary."""
-    used = set(_BAD_NAMES)
-    pname = _random_name(used)
-    stub = f'''"""Protected - {base64.b64encode(os.urandom(8)).decode()}"""
-import sys
-import os
-{pname} = {payload_expr}
-if __name__ == "__main__":
-    try:
-        import importlib.util
-        _d = os.path.dirname(os.path.abspath(__file__))
-        _ok = False
-        for _f in os.listdir(_d):
-            if _f.startswith('engine_c') and any(_f.endswith(e) for e in ('.so', '.pyd', '.dll')):
-                _spec = importlib.util.spec_from_file_location('engine_c', os.path.join(_d, _f))
-                if _spec:
-                    _mod = importlib.util.module_from_spec(_spec)
-                    _spec.loader.exec_module(_mod)
-                    _mod.decrypt_and_exec({pname})
-                    _ok = True
-                    break
-        if not _ok:
-            from pyprotect.engine_c import decrypt_and_exec as _e
-            _e({pname})
-            _ok = True
-    except SystemExit:
-        raise
-    except BaseException:
-        if not _ok:
-            sys.stderr.write("[-] C engine not available. Install pyprotect-v3 with C extension.\\n")
-            sys.exit(1)
-'''
+    """Generate a compact stub. No key in stub — key is in .so binary."""
+    stub = f'''# PyProtect-v3 | github.com/PyProtect/PyProtect
+from pyprotect.engine_c import decrypt_and_exec; decrypt_and_exec({payload_expr})'''
     return stub
 # ---------------------------------------------------------------------------
@@ -375,7 +316,7 @@ class Obfuscator:
         payload = _marshal_and_compress(code, self.compress)
         iv = os.urandom(12)
-        encrypted = crypto.encrypt(EMBEDDED_KEY, payload)
+        encrypted = encrypt(payload)
         filename = os.path.basename(input_path)
         output = self._build_stub(encrypted, filename)
@@ -429,12 +370,12 @@ class Obfuscator:
             code = _compile_code(source, os.path.basename(py_file))
             payload = _marshal_and_compress(code, self.compress)
-            encrypted = crypto.encrypt(EMBEDDED_KEY, payload)
+            encrypted = encrypt(payload)
             modules[module_name] = encrypted
         # Generate multi bootstrap
         bootstrap_source = MULTI_BOOTSTRAP_TEMPLATE.format(
-            version="3.0.0",
+            version="3.2.0",
             modules=modules,
         )
@@ -467,14 +408,12 @@ class Obfuscator:
         )
         os.makedirs(output_dir, exist_ok=True)
-        payload_var = random.choice(string.ascii_letters) + "_" + base64.b16encode(os.urandom(6)).decode()
         if self.polymorphic:
             stub_source = _generate_polymorphic_stub(repr(encrypted))
         else:
             stub_source = BOOTSTRAP_TEMPLATE.format(
-                version="3.0.0",
+                version="3.2.0",
                 payload=encrypted,
-                payload_var=f"_{payload_var}",
             )
         stub_name = original_filename.replace(".py", "_protected.py")
@@ -485,8 +424,6 @@ class Obfuscator:
         os.chmod(stub_path, 0o755)
-        self._copy_engine(output_dir)
         return stub_path
     def _copy_engine(self, output_dir: str):

pyprotect_v3-3.0.0/pyprotect/_key.py DELETED Viewed

	@@ -1,2 +0,0 @@
1	- """Auto-generated. Must match EMBEDDED_KEY in engine.c."""
2	- EMBEDDED_KEY = b'\xa1\xb2\xc3\xd4\xe5\xf6\x07\x18\x29\x3a\x4b\x5c\x6d\x7e\x8f\x90\x01\x23\x45\x67\x89\xab\xcd\xef\xfe\xdc\xba\x98\x76\x54\x32\x10'