python-obfuscation-framework 1.4.1__py3-none-any.whl

pof/obfuscator/remove/comments.py

@@ -0,0 +1,36 @@
+from tokenize import COMMENT, DEDENT, ENCODING, INDENT, NEWLINE, NL, STRING
+
+
+class CommentsObfuscator:
+    """Remove comments and docstrings from the code."""
+
+    @staticmethod
+    def obfuscate_tokens(tokens):
+        result = []  # obfuscated tokens
+        prev_toknum = None
+        head = True  # to detect file docstrings
+        for toknum, tokval, *_ in tokens:
+            new_tokens = [(toknum, tokval)]
+
+            if toknum == STRING and (
+                prev_toknum
+                in [
+                    NEWLINE,
+                    DEDENT,
+                    INDENT,
+                    ENCODING,
+                ]
+                or head
+            ):
+                # Docstring
+                new_tokens = None
+            elif toknum == COMMENT:
+                new_tokens = None
+
+            if head and toknum not in [NEWLINE, NL, STRING, COMMENT]:
+                head = False
+
+            if new_tokens:
+                result.extend(new_tokens)
+            prev_toknum = toknum
+        return result

pof/obfuscator/remove/exceptions.py

@@ -0,0 +1,75 @@
+# Remove exception text, or replace it with a code.
+# Replace text with code to still be able to use exception message on error
+#       raise Exception("text...") --> raise Exception("42")
+#       and log the code to text: 42: "text..."
+import logging
+from tokenize import NAME, OP, STRING
+
+
+class ExceptionObfuscator:
+    """Remove print statements from the code."""
+
+    def __init__(self, add_codes=None, generator=None) -> None:
+        if add_codes is None and generator is not None:
+            add_codes = True
+        self.add_codes = add_codes
+        self.generator = generator
+
+    def get_code(self):
+        return next(self.generator)
+
+    def obfuscate_tokens(self, tokens):  # noqa: C901
+        result = []  # obfuscated tokens
+        parenthesis_depth = 0  # parenthesis depth
+        prev_tokval = None
+        prev_toknum = None
+        exception_par_depth = 0
+        inside_exception = False
+        is_exception = False
+        for index, (toknum, tokval, *_) in enumerate(tokens):
+            new_tokens = [(toknum, tokval)]
+            next_tokval = None
+            if len(tokens) > index + 1:
+                _, next_tokval, *__ = tokens[index + 1]
+
+            if toknum == OP and tokval == "(":
+                parenthesis_depth += 1
+            elif toknum == OP and tokval == ")":
+                parenthesis_depth -= 1
+
+            if inside_exception:
+                if exception_par_depth == parenthesis_depth:
+                    inside_exception = False
+                else:
+                    new_tokens = None
+
+            elif (
+                prev_toknum == NAME and is_exception and toknum == OP and tokval == "("
+            ):
+                inside_exception = True
+                exception_par_depth = parenthesis_depth - 1
+                is_exception = False
+
+                if self.add_codes:
+                    current_code = self.get_code()
+                    new_tokens.extend([(STRING, f'"{current_code}"')])
+                    logging.debug(
+                        "Exception code {current_code} --> {next_tokval}",
+                        extra={
+                            "current_code": current_code,
+                            "next_tokval": next_tokval,
+                        },
+                    )
+
+            elif prev_tokval == "raise" and prev_toknum == NAME:
+                is_exception = True
+            else:
+                # except Exception as e:
+                #       raise e
+                is_exception = False
+
+            if new_tokens:
+                result.extend(new_tokens)
+            prev_tokval = tokval
+            prev_toknum = toknum
+        return result

pof/obfuscator/remove/indents.py

@@ -0,0 +1,28 @@
+# TODO (deoktr): support multi symbols indents (mix spaces and tabs)
+# this might be extremly difficult because we'll have to keep track of the
+# current function/class declaration, we can't mix inside the same function be
+# between multiple we can
+from tokenize import DEDENT, INDENT
+
+
+class IndentsObfuscator:
+    """Remove indents to minimum."""
+
+    def __init__(self, indent=" ") -> None:
+        self.indent = indent
+
+    def obfuscate_tokens(self, tokens):
+        result = []  # obfuscated tokens
+        depth = 0  # indent depth
+        for toknum, tokval, *_ in tokens:
+            new_tokens = [(toknum, tokval)]
+
+            if toknum == INDENT:
+                depth += 1
+                new_tokens = [(toknum, depth * self.indent)]
+            elif toknum == DEDENT:
+                depth -= 1
+
+            if new_tokens:
+                result.extend(new_tokens)
+        return result

pof/obfuscator/remove/loggings.py

@@ -0,0 +1,120 @@
+from tokenize import NAME, OP, STRING
+
+
+# TODO (deoktr): REFACTORING this class
+class LoggingObfuscator:
+    """Keep logging and change them with a generated code."""
+
+    def __init__(self, add_codes=None, generator=None) -> None:
+        if add_codes is None and generator is not None:
+            add_codes = True
+        self.add_codes = add_codes
+        self.generator = generator
+
+    def obfuscate_tokens(self, tokens):
+        result = []  # obfuscated tokens
+        parenthesis_depth = 0  # parenthesis depth
+        prev_tokval = None
+        logging_par_depth = 0
+        inside_log = False
+        logging_type = None
+        for index, (toknum, tokval, *_) in enumerate(tokens):
+            new_tokens = [(toknum, tokval)]
+            next_tokval = None
+            if len(tokens) > index + 1:
+                _, next_tokval, *__ = tokens[index + 1]
+
+            if toknum == OP and tokval == "(":
+                parenthesis_depth += 1
+            elif toknum == OP and tokval == ")":
+                parenthesis_depth -= 1
+
+            if inside_log:
+                if (
+                    logging_par_depth is not None
+                    and parenthesis_depth < logging_par_depth
+                    and tokval not in ["debug", "warning", "info", "critical", "error"]
+                ):
+                    inside_log = False
+
+                    code = ""
+                    if self.add_codes:
+                        code = next(self.generator)
+
+                    new_tokens = [
+                        (NAME, logging_type),
+                        (OP, "("),
+                        (STRING, repr(code)),
+                        (OP, ")"),
+                    ]
+                    logging_type = None
+                else:
+                    new_tokens = None
+
+            elif (
+                toknum == OP
+                and tokval == "."
+                and prev_tokval == "logging"
+                and next_tokval in ["debug", "warning", "info", "critical", "error"]
+            ):
+                inside_log = True
+                logging_type = next_tokval
+                logging_par_depth = parenthesis_depth + 1
+
+            if new_tokens:
+                result.extend(new_tokens)
+            prev_tokval = tokval
+        return result
+
+
+class LoggingRemoveObfuscator:
+    """Remove logging statements from the code."""
+
+    @staticmethod
+    def obfuscate_tokens(tokens):
+        result = []  # obfuscated tokens
+        parenthesis_depth = 0  # parenthesis depth
+        prev_tokval = None
+        logging_par_depth = 0
+        inside_log = False
+        for index, (toknum, tokval, *_) in enumerate(tokens):
+            new_tokens = [(toknum, tokval)]
+            next_tokval = None
+            if len(tokens) > index + 1:
+                _, next_tokval, *__ = tokens[index + 1]
+
+            if toknum == OP and tokval == "(":
+                parenthesis_depth += 1
+            elif toknum == OP and tokval == ")":
+                parenthesis_depth -= 1
+
+            if inside_log:
+                if (
+                    logging_par_depth is not None
+                    and parenthesis_depth <= logging_par_depth
+                    and tokval not in ["debug", "warning", "info", "critical", "error"]
+                    and tokval != ")"
+                ):
+                    inside_log = False
+                    # replace logging statements with "pass"
+                    new_tokens = [(NAME, "pass"), *new_tokens]
+                else:
+                    new_tokens = None
+
+            elif (
+                toknum == OP
+                and tokval == "."
+                and prev_tokval == "logging"
+                and next_tokval in ["debug", "warning", "info", "critical", "error"]
+            ):
+                inside_log = True
+                logging_par_depth = parenthesis_depth
+
+                new_tokens = None
+                # remove the last items "logging"
+                result.pop()
+
+            if new_tokens:
+                result.extend(new_tokens)
+            prev_tokval = tokval
+        return result

pof/obfuscator/remove/loggings_old.py

@@ -0,0 +1,45 @@
+from tokenize import NAME, OP
+
+
+class LoggingObfuscator:
+    """Remove logging statements from the code."""
+
+    @staticmethod
+    def obfuscate_tokens(tokens):
+        result = []  # obfuscated tokens
+        parenthesis_depth = 0  # parenthesis depth
+        prev_tokval = None
+        logging_par_depth = 0
+        inside_log = False
+        for index, (toknum, tokval, *_) in enumerate(tokens):
+            new_tokens = [(toknum, tokval)]
+            next_tokval = None
+            if len(tokens) > index + 1:
+                _, next_tokval, *__ = tokens[index + 1]
+
+            if not inside_log and toknum == NAME and tokval == "logging":
+                new_tokens = None
+                inside_log = True
+                logging_par_depth = parenthesis_depth
+
+            if tokval == "import" and next_tokval == "logging":
+                new_tokens = None
+
+            if inside_log:
+                if logging_par_depth == parenthesis_depth and (
+                    tokval not in ("(", "logging")
+                    and prev_tokval not in (".", "logging")
+                ):  # check if still inside log
+                    inside_log = False
+                else:
+                    new_tokens = None
+
+            if toknum == OP and tokval == "(":
+                parenthesis_depth += 1
+            elif toknum == OP and tokval == ")":
+                parenthesis_depth -= 1
+
+            if new_tokens:
+                result.extend(new_tokens)
+            prev_tokval = tokval
+        return result

pof/obfuscator/remove/newline.py

@@ -0,0 +1,27 @@
+from tokenize import INDENT, NEWLINE, NL
+
+
+class NewlineObfuscator:
+    """Remove empty lines."""
+
+    @staticmethod
+    def obfuscate_tokens(tokens):
+        result = []  # obfuscated tokens
+        prev_toknum = None
+        for toknum, tokval, *_ in tokens:
+            new_tokens = [(toknum, tokval)]
+
+            # remove empty lines from the original source
+            # remove empty lines created after token manipulations
+            # \n after \n --> 2 new lines in a row = one is useless
+            # \n after NL --> same ^
+            # \n after INDENT --> docstrings are placed after an indent
+            if toknum == NL or (
+                toknum == NEWLINE and (prev_toknum in (NEWLINE, NL, INDENT))
+            ):
+                new_tokens = None
+
+            if new_tokens:
+                result.extend(new_tokens)
+            prev_toknum = toknum
+        return result

pof/obfuscator/remove/print.py

@@ -0,0 +1,40 @@
+# this could cause some problems, if the print statement was the
+# only one present in the file
+from tokenize import NAME, OP
+
+
+class PrintObfuscator:
+    """Remove print statements from the code."""
+
+    @staticmethod
+    def obfuscate_tokens(tokens):
+        result = []  # obfuscated tokens
+        parenthesis_depth = 0  # parenthesis depth
+        prev_tokval = None
+        print_par_depth = 0
+        inside_print = False
+        for toknum, tokval, *_ in tokens:
+            new_tokens = [(toknum, tokval)]
+
+            if not inside_print and toknum == NAME and tokval == "print":
+                new_tokens = None
+                inside_print = True
+                print_par_depth = parenthesis_depth
+
+            if inside_print:
+                if print_par_depth == parenthesis_depth and (
+                    tokval not in ("(", "print") and prev_tokval != "print"
+                ):  # check if still inside print
+                    inside_print = False
+                else:
+                    new_tokens = None
+
+            if toknum == OP and tokval == "(":
+                parenthesis_depth += 1
+            elif toknum == OP and tokval == ")":
+                parenthesis_depth -= 1
+
+            if new_tokens:
+                result.extend(new_tokens)
+            prev_tokval = tokval
+        return result

pof/obfuscator/restructure.py

@@ -0,0 +1,15 @@
+# TODO (deoktr): WORK IN PROGRESS !
+
+
+class RestructureObfuscator:
+    """Obfuscate by restructuring the entire code.
+
+    This is done by moving functions and classes around.
+    """
+
+    @staticmethod
+    def obfuscate_tokens(tokens):
+        # TODO (deoktr): test if ast include decorators into function definition or if
+        # it's easy to get, and move stuff using it, it's probably easier than
+        # using tokens
+        return tokens

pof/obfuscator/stegano/docstrings.py

@@ -0,0 +1,111 @@
+import ast
+import io
+from tokenize import LPAR, NAME, NEWLINE, OP, RPAR, STRING, generate_tokens
+
+from pof.utils.encoding import Base64Encoding
+from pof.utils.tokens import untokenize
+
+
+class DocstringObfuscator:
+    """Hide code inside doc strings."""
+
+    # TODO (deoktr): add ability to choose entry point (function) name without calling
+    # it put the exec code inside this function
+    # TODO (deoktr): add ability to choose the base code
+    # TODO (deoktr): add ability to split the docstring among multiple class/functions
+
+    def __init__(self, encoding_class=None, base_code=None) -> None:
+        if encoding_class is None:
+            encoding_class = Base64Encoding
+        self.encoding_class = encoding_class
+
+        if base_code is None:
+            base_code = "class Foo:\n    pass\n"
+        self.base_code = base_code
+
+    def get_exec_tokens(self, name):
+        # the replace will remove \n and space indents from the docstrings
+        # because on some encoding it can break it, it works without problems
+        # with base64 but doesn't with base85, base16 and other.
+        docstring_tokens = [
+            (NAME, name),
+            (OP, "."),
+            (NAME, "__doc__"),
+            (OP, "."),
+            (NAME, "replace"),
+            (LPAR, "("),
+            (STRING, repr(r"\n")),
+            (OP, ","),
+            (STRING, "''"),
+            (RPAR, ")"),
+            (OP, "."),
+            (NAME, "replace"),
+            (LPAR, "("),
+            (STRING, repr(" ")),
+            (OP, ","),
+            (STRING, repr("")),
+            (RPAR, ")"),
+        ]
+        return [
+            (NEWLINE, "\n"),
+            (NAME, "exec"),
+            (LPAR, "("),
+            *self.encoding_class.decode_tokens(docstring_tokens),
+            (RPAR, ")"),
+        ]
+
+    def get_docstring(self, code, indent="    "):
+        encode_tokens = ast.literal_eval(
+            untokenize(self.encoding_class.encode_tokens(code.encode())),
+        )
+
+        docstring = "\n" + indent
+        chunk_size = 74
+        for i in range(0, len(encode_tokens), chunk_size):
+            chunk = encode_tokens[i : i + chunk_size]
+            docstring += chunk + "\n" + indent
+        return f'"""{docstring}"""'
+
+    def get_base_tokens(self):
+        io_obj = io.StringIO(self.base_code)
+        return list(generate_tokens(io_obj.readline))
+
+    def obfuscate_tokens(self, tokens):
+        code = untokenize(tokens)
+        docstring = self.get_docstring(code)
+
+        base_tokens = self.get_base_tokens()
+
+        in_declaration = False
+        prev_tokval = None
+        name = None
+        new_tokens = []
+        add_next = False
+        for toknum, tokval, *_ in base_tokens:
+            tokens = [(toknum, tokval)]
+
+            if add_next:
+                tokens.extend([(STRING, docstring), (NEWLINE, "\n")])
+                add_next = False
+
+            # and name is None : used to add the docstring on only one
+            # class/function definition
+            # FIXME (deoktr): split it among multiple definitions
+            if prev_tokval in ["def", "class"] and name is None:
+                name = tokval
+                in_declaration = True
+            elif prev_tokval == ":" and in_declaration:
+                add_next = True
+                in_declaration = False
+
+            prev_tokval = tokval
+            new_tokens.extend(tokens)
+
+        return [
+            *self.encoding_class.import_tokens(),
+            (NEWLINE, "\n"),
+            *new_tokens,
+            (NEWLINE, "\n"),
+            *self.get_exec_tokens(name),
+            (NEWLINE, "\n"),
+        ]

pof/obfuscator/stegano/ipv6encoding.py

@@ -0,0 +1,21 @@
+from tokenize import LPAR, NAME, NEWLINE, RPAR
+
+from pof.utils.stegano import IPv6Encoding
+from pof.utils.tokens import untokenize
+
+
+class IPv6Obfuscator(IPv6Encoding):
+    """Encode the source code in a list of valid IPv6."""
+
+    @classmethod
+    def obfuscate_tokens(cls, tokens):
+        code = untokenize(tokens)
+        return [
+            *cls.import_tokens(),
+            (NEWLINE, "\n"),
+            (NAME, "exec"),
+            (LPAR, "("),
+            *cls.decode_tokens(cls.encode_tokens(code.encode())),
+            (RPAR, ")"),
+            (NEWLINE, "\n"),
+        ]

pof/obfuscator/stegano/macencoding.py

@@ -0,0 +1,21 @@
+from tokenize import LPAR, NAME, NEWLINE, RPAR
+
+from pof.utils.stegano import MACEncoding
+from pof.utils.tokens import untokenize
+
+
+class MACObfuscator(MACEncoding):
+    """Encode the source code in a list of valid MAC."""
+
+    @classmethod
+    def obfuscate_tokens(cls, tokens):
+        code = untokenize(tokens)
+        return [
+            *cls.import_tokens(),
+            (NEWLINE, "\n"),
+            (NAME, "exec"),
+            (LPAR, "("),
+            *cls.decode_tokens(cls.encode_tokens(code.encode())),
+            (RPAR, ")"),
+            (NEWLINE, "\n"),
+        ]

pof/obfuscator/stegano/uuidencoding.py

@@ -0,0 +1,21 @@
+from tokenize import LPAR, NAME, NEWLINE, RPAR
+
+from pof.utils.stegano import UUIDEncoding
+from pof.utils.tokens import untokenize
+
+
+class UUIDObfuscator(UUIDEncoding):
+    """Encode the source code in a list of valid UUID."""
+
+    @classmethod
+    def obfuscate_tokens(cls, tokens):
+        code = untokenize(tokens)
+        return [
+            *cls.import_tokens(),
+            (NEWLINE, "\n"),
+            (NAME, "exec"),
+            (LPAR, "("),
+            *cls.decode_tokens(cls.encode_tokens(code.encode())),
+            (RPAR, ")"),
+            (NEWLINE, "\n"),
+        ]