I'm trying to create two for statements,but only one of them runs >.< it's supposed to obfuscate username AND passwords..

Also is there any way to simplify it rather than have two for statements..? The only difference in the second for statement is "Username" and "username" changed to "Password" and "password" ..

for key1, value1 in self.entrydict.items():
            if not isinstance(value1, dict): # shouldn't happen
                if key1.find('Username') == -1:
                    self.settings[key1] = value1.getvalue()
                else:
                    self.settings[key1] = myutils.username_obfuscate(value1.getvalue())										
            else:
                for key2, value2 in value1.items():
                    if not isinstance(value2, dict):
                        if key2.find('Username') == -1:
                            self.settings[key1][key2] = value2.getvalue()
                        else:
                            self.settings[key1][key2] = myutils.username_obfuscate(value2.getvalue())												
                    else:
                        for key3, value3 in value2.items():
                            if not isinstance(value3, dict):
                                if key3.find('Username')  == -1:
                                    self.settings[key1][key2][key3] = value3.getvalue()
                                else:
                                    self.settings[key1][key2][key3] = myutils.username_obfuscate(value3.getvalue())															
                            else:
                                pass # shouldn't happen	


######### Here is where the second for statement starts .. redundant and doesn't even work
############### 

        for key1, value1 in self.entrydict.items():
            if not isinstance(value1, dict): # shouldn't happen
                if key1.find('Password') == -1:
                    self.settings[key1] = value1.getvalue()
                else:
                    self.settings[key1] = myutils.password_obfuscate(value1.getvalue())										
            else:
                for key2, value2 in value1.items():
                    if not isinstance(value2, dict):
                        if key2.find('Password') == -1:
                            self.settings[key1][key2] = value2.getvalue()
                        else:
                            self.settings[key1][key2] = myutils.password_obfuscate(value2.getvalue())												
                    else:
                        for key3, value3 in value2.items():
                            if not isinstance(value3, dict):
                                if key3.find('Password')  == -1:
                                    self.settings[key1][key2][key3] = value3.getvalue()
                                else:
                                    self.settings[key1][key2][key3] = myutils.password_obfuscate(value3.getvalue())															
                            else:
                                pass # shouldn't happen

Edited 5 Years Ago by Swift2: n/a

By the way, this is Python code..but im sure someone can help me with this basic question

This is the error I get when running

Error: 1
<class 'zlib.error'> Exception in Tk callback
  Function: <controlpanel.Command instance at 0x024FA760> (type: <type 'instance'>)
  Args: ()
Traceback (innermost last):
  File "Pmw\Pmw.pyc", line 1780, in __call__
    None
  File "controlpanel.pyc", line 306, in __call__
    None
  File "controlpanel.pyc", line 186, in __init__
    None
  File "myutils.pyc", line 32, in password_recover
    None
<class 'zlib.error'>: Error -3 while decompressing data: incorrect header check

Edited 5 Years Ago by Swift2: n/a

Error happens in your myutils code where zlib does not like your file format. There is also the obfuscate code myutils.password_obfuscate, which you did not post.

You have much to correct in your style. Use for example assert, not if, to check your assumptions.

Edited 5 Years Ago by pyTony: n/a

But my file format for username is the same as password. It compiles and runs perfectly by only doing one or the other, username or password. But when I try to do both, it doesn't work.

This is line 32 in myutils:

#31 def password_recover(password):
#32    return zlib.decompress(base64.b64decode(password))

#####It's only giving the error in line 32 because it's trying to decode pure string, not base64 encrypted string. 
#####This is happening because my obfuscation code (in the original post way above ^) isn't encrypting the password correctly.

Edited 5 Years Ago by Swift2: n/a

I do not know if this is any help but here is what I played in interactive Python session:

>>> import base64
>>> base64.b64encode('tonyjv')
'dG9ueWp2'
>>> def password_obfuscate(w):
	return base64.b64encode(w)

>>> settings = {'username':'tonyjv', 'password':'abcdef'}
>>> settings.update((key, password_obfuscate(settings[key])) for key in settings)
>>> settings
{'username': 'dG9ueWp2', 'password': 'YWJjZGVm'}
>>> settings.update((key, password_obfuscate(settings[key])) for key in settings)
>>> settings
{'username': 'ZEc5dWVXcDI=', 'password': 'WVdKalpHVm0='}
>>> def password_recover(w):
	return base64.b64decode(w)

>>> settings.update((key, password_recover(settings[key])) for key in settings)
>>> settings.update((key, password_recover(settings[key])) for key in settings)
>>> settings
{'username': 'tonyjv', 'password': 'abcdef'}
>>>

Hm, I thank you for messing around with it for me! But i'm not quite sure that i'm following..
Maybe if I post the following you'll better understand what it is I'm trying to do.


Here is what I want it to do: (notice the two if statements for each nest whereas there are none in the original).
If it finds 'password' to be == -1, then do that, ALSO if it finds 'username' then do that as well..

Or maybe I can do this?

if key1.find('Password') == -1 and key2.find('Username') == -1:

Basically I just want it to run two if's, one for password and one for username..

for key1, value1 in self.entrydict.items():
            if not isinstance(value1, dict): # shouldn't happen
                if key1.find('Password') == -1:
                    self.settings[key1] = value1.getvalue()
                else:
                    self.settings[key1] = myutils.password_obfuscate(value1.getvalue())
                if key1.find('Username') == -1:
                    self.settings[key1] = value1.getvalue()
                else:
                    self.settings[key1] = myutils.password_obfuscate(value1.getvalue())																	
            else:
                for key2, value2 in value1.items():
                    if not isinstance(value2, dict):
                        if key2.find('Password') == -1:
                            self.settings[key1][key2] = value2.getvalue()
                        else:
                            self.settings[key1][key2] = myutils.password_obfuscate(value2.getvalue())
                        if key2.find('Username') == -1:
                            self.settings[key1][key2] = value2.getvalue()
                        else:
                            self.settings[key1][key2] = myutils.password_obfuscate(value2.getvalue())																			
                    else:
                        for key3, value3 in value2.items():
                            if not isinstance(value3, dict):
                                if key3.find('Password')  == -1:
                                    self.settings[key1][key2][key3] = value3.getvalue()
                                else:
                                    self.settings[key1][key2][key3] = myutils.password_obfuscate(value3.getvalue())
                                if key3.find('Username')  == -1:
                                    self.settings[key1][key2][key3] = value3.getvalue()
                                else:
                                    self.settings[key1][key2][key3] = myutils.password_obfuscate(value3.getvalue())																										
                            else:
                                pass # shouldn't happen

Edited 5 Years Ago by Swift2: n/a

And why should one or both of them be such stupid value? I don't get your motivation. Any test data? You are grapping data from some gui inputs directly? I do not think your variable naming is helpfull.

If you are trying to do some kind of error handling, you should use try...except...else...finally

Edited 5 Years Ago by pyTony: n/a

Would you like to teamview into me so I can show you what's going on?

why not obfuscate changed value in Gui input entry call back function for changed value or make obfuscated property for the object?

I do not want to install strange software to compromize my security. Looks suspicious from comments feedback.

There's no installing required, the files you download are source only.

Maybe some dependency problem but it complains of libraries not found when trying to run the control panel.

Got it working after couple of easy_install's.

The code does this to password, how are you setting the username?

def password_dialog(self):
        mypassword = tkSimpleDialog.askstring("Enter Password", 
                                                "Password:", show="*")
        if mypassword != myutils.password_recover(self.panelsettings['General']['Master Password']):
            if mypassword != None:
                tkMessageBox.showerror("Incorrect Password", 
                                        "Incorrect Password")
            return False
        else:
            return True

Sorry for the late reply.

What you posted is just the 'master password' . What i'm interested in is the other passwords, check out the .ini file and search for "password = " and you'll see. Master pass is different from the other category passwords, such as FTP and SMTP password. It's currently obfuscating all the fields ending in "Password" , such as FTP Password. But I also want it to obfuscate all ending in "Username" such as FTP Username.

You got it running a lot quicker than when I first tried downloading it! Lol
Btw, search for "nag" and set that to False in controlpanel (i believe that's where it's at, might be keylogger.pwc)

One more thing:

python setup.py py2exe

This is the code to compile the source into an exe and then test the control panel. At least that's what I'm doing. I suppose you can just run it from source too:

python keylogger.pyw

The dependencies were pyhook, configobj, and py2exe.

Edited 5 Years Ago by Swift2: n/a

This seems to do the obfuscating to ini, but somewhere must put the corresponding recover also for usernames. Only the changed beginning here.

I am afraid that this code obfuscates allready obfuscated values each time you open the dialog. So you should never push OK or Apply without setting the username and password again to their unobfuscated values.

def validate(self):
        for key1, value1 in self.entrydict.items():
                assert isinstance(value1, dict)
                for key2, value2 in value1.items():
                    if not isinstance(value2, dict):
                        # print 'Branch 1'
                        self.settings[key1][key2] =  myutils.password_obfuscate(value2.getvalue()) if 'Password' in key2 or 'User' in key2 else value2.getvalue()
                    else:
                        for key3, value3 in value2.items():
                            # print 'Branch 2'
                            if not isinstance(value3, dict):
                                self.settings[key1][key2][key3] = myutils.password_obfuscate(value3.getvalue()) if 'Password' in key3 or 'User' in key3 else value3.getvalue()

Got it, only I got catched with repeated obfuscation of my values and values allways looked obfuscated, change this piece (should be obvious, where the piece is from, I take some context around):

for subsection in subsections:
            page = notebook.add(subsection)
            subsubsettings = subsettings[subsection]
            self.entrydict[section].update({subsection:{}})
            for itemname, itemvalue in subsubsettings.items():
                if not itemname.startswith('_') and not itemname.endswith('Tooltip'):
                      entry = Pmw.EntryField(page,
                              labelpos = 'w',
                              label_text = '%s:' % itemname,
                              validate = None,
                              command = None)
                      if any(w in itemname for w in ("Password","User")):
                          entry.setvalue(myutils.password_recover(itemvalue))
                          # print myutils.password_recover(itemvalue)
                      else:
                          entry.setvalue(itemvalue)
                      entry.pack(fill='x', expand=1, padx=10, pady=5)
                      self.balloon.bind(entry,
                              subsubsettings[itemname + ' Tooltip'].replace('\\n','\n'))
                      self.entrydict[section][subsection].update({itemname: entry})

Edited 5 Years Ago by pyTony: n/a

You must copy correct base64 coded string (for example the one for empty master user password in initial ini:_eJwDAAAAAAE=) to the ini file in place of each username and password, else you get the same error as before. After that you can change them whatever you want them to be.

Edited 5 Years Ago by pyTony: n/a

Awesome! I'll check out the code you posted when I get to work (~2hrs). I'll let you know how things go.

And yeah I came into the copying base64 coded string to each empty password / username problem earlier, I've learned to do that now. Good catch too.

Thanks again for looking at it for me. You're awesome. Will check when I'm at work.

Btw, if you would like to help with my next problem...I need the script to delete the log files and / or .zip files (logs might already be deleting) after the trigger has been initiated. I haven't looked into it yet but I'll do that too after I check the obfuscation

It worked! I just tested it and everything is working smooth. I thank you again for your help! You did an amazing job :). So now I can manipulate your code by adding a few "or" 's in there to obfuscate other values, right? I'll give it a try, cause that would make things perfect.

Logs should have their own rotation, I do not think you should touch them. For zip files you can look for example into my "find files containing" snippet for starting point.scan filetree for files containing text

Yep logs do have their rotation, it's all in the timerthreads.py

def zip_logs(self):

That's the section the logs get deleted after they are archived into a zip file. However, once they get archived and then uploaded / sent out, I somehow need it to delete the zip file it just sent out..

EDIT: Here we go, here's where the FTP upload happens. I just need it to delete the files it JUST uploaded:

class FTPLogUploader(BaseTimerClass):

EDIT2: Hm, I think it might already have an option in the program to delete old zip files. But that only deletes days old files, not directly after an upload.

But this looks promising?

try:
            myzip = zipfile.ZipFile(zipfile_rel_path, "w", 
                                    zipfile.ZIP_DEFLATED)
            
            filelist = os.listdir(self.log_rel_dir)
            # will contain all files just zipped, and thus to be deleted
            filelist_copy = copy.deepcopy(filelist)
            for fname in filelist:
                if self.needs_zipping(fname):
                    myzip.write(os.path.join(self.log_rel_dir, fname))
                else: 
                    filelist_copy.remove(fname)

Edited 5 Years Ago by Swift2: n/a

This article has been dead for over six months. Start a new discussion instead.