How can I obfuscate my EXE program which is “compiled” with PyInstaller to avoid reverse engineer?
My exe file contain my mail and password which is send me ip address and log files.
The orginal script is .py python script.
This code below I would like to obfuscate it,sender and password i especially the password.

SMTP_SERVER = 'smtp.gmail.com'
sender = "Mymail@gmail.com"
password = "Mypasswd"
recipient = sender
subject = 'Python emaillib Test'

I will appriciate your help

Recommended Answers

All 10 Replies

While it's far from bulletproof, why not the old rot13() on the strings to make them not so easy to read plaintext?

Yes,maybe but I wonder if there is any better encryption method than rot13()?
If yes how can you encode the password above programmatically in python to get email?

That's an easy yes to better encoding. I wonder if you realize that you would enter a never ending arms race if you asked for better. There's always better. You can easily do the rot13() and change the variable names to not reveal what they are for. Why put it in plain sight?

If your program is any good, then sooner or later someone will simply write a better program without reverse engineering.

I agee with you vegaseat but still need to learn good way to encrypt my email password in my python script!
What about base64?

    SMTP_SERVER = 'smtp.gmail.com'
    SMTP_PORT = 587
    sender = "Mymail@gmail.com"
    password = "Mypasswd"
    recipient = sender
    subject = 'Python emaillib Test'

import base64
x = 'Mypasswd'
y = base64.b64encode (x)
print y

#Decode y:
z = base64.b64decode (y)
print z

My exe file contain my mail and password

Why does it need to contain your password? Isn't that just asking for trouble?

Yes, but how can I do it to encrypt it or to avoid write amy plain text password?

Lets say if the demo script look like this so we need to encrypt password(SMTP_PASS ),How we can do it?

# -*- coding: utf-8 -*-
import argparse
from email.mime.multipart import MIMEMultipart
from email.mime.application import MIMEApplication
import shlex
import smtplib
import socket
import subprocess
import sys
import time

SMTP_HOST = 'smtp.gmail.com'
SMTP_PORT = 25  # integer
MAIL_TO = 'Mymail@gmail.com'
SMTP_USER = 'Mymail@gmail.com'
SMTP_PASS = 'Mypasswd'
PAUSE = 600  # sec.
FILE = 'ip.txt'  # 

def get_ip_address():
    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    s.connect(('google.com', 80))
    ip, port = s.getsockname()
    return ip

def generate_eml(data):
    eml = MIMEMultipart()  # create eml object
    # add headers
    eml['Subject'] = '[{}] IP address'.format(time.strftime("%d %b %Y %I:%M %p", time.gmtime()))
    eml['To'] = MAIL_TO
    # attach file to eml
    p = MIMEApplication(data)
    p.add_header('Content-Disposition', 'attachment; filename="{}"'.format(FILE))
    return eml

def send_mail(eml):
    smtp = smtplib.SMTP(SMTP_HOST, SMTP_PORT)  # connect to SMTP server
    smtp.ehlo()  # send 'EHLO'
    smtp.login(SMTP_USER, SMTP_PASS)
    smtp.sendmail(SMTP_USER, MAIL_TO, eml.as_string())  # send message

if __name__ == "__main__":
    # parse command line arguments
    parser = argparse.ArgumentParser()
    parser.add_argument('-i', dest='install', default=False, action='store_true')
    args = parser.parse_args()

    # if run script with key '-i' then install script to system
    if args.install:
            # with open(FILE, 'w') as f:
            #     f.write(get_ip_address())
        except Exception as e:
            print e

While you could rot13() the strings that only obfucates the app a little. Your password is then exposed when I run it. How?

I can't guess why anyone would use SMTP today. It may have to die.

Anyway, I googles ROT13 ONLINE (those words) and there are tools to type in a string and get the rot13 string back to put into your clear text areas. Then you use your rot13 function to decode when needed.

This smells like gcat implant but UPX for obfuscation ..
For the password, you can AES encrypt it and only decrypt during runtime in memory so whatever touches disk will awalys be encrypted. Add anti-debug techniques otherwise using ollydbg would take 10 seconds to run ur executable and get to the point where the password is decrypted

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.