February, 2024

Unveiling the Secrets of Code Securing Mechanism (Python)

SHARE THIS

Introduction

The ancient Chinese military strategist Sun Tzu, in The Art of War, famously stated, “A good defense starts with multiple layers.” Though applied to warfare, this principle extends beyond the battlefield and into the digital realm.
Securing code is more critical than ever in the ever-evolving landscape of information technology. Like military strategists, developers understand the importance of fortifying their code to protect sensitive information. They strive to ensure the integrity and confidentiality of critical data through multi-layered techniques: code obfuscation and code encryption.
Code obfuscation is a technique used to make the source code of a software application more difficult to understand. The primary purpose is to deter reverse engineering and unauthorized access by introducing complexity and ambiguity.

Code encryption involves transforming data or information into a secure and unreadable form, known as ciphertext, using an algorithm and an encryption key.

In this blog, we will delve into the world of code obfuscation and encryption using python packages.

Section 1: Code Obfuscation using PyArmor

PyArmor, a robust Python tool, specializes in obfuscating code, making it challenging to comprehend or reverse-engineer. It focuses on safeguarding scripts to ensure they can run smoothly while concealing the underlying code. In the following section, we’ll explore how to utilize PyArmor for code obfuscation.

First install pyarmor using pip.
(Installation)
I have created a .py file with some random code in it
test_file.py

To obfuscate the above code file, I will have to run the following command:
pyarmor g test_file.py

Now if I see my test_file.py directory I can see a new folder named dist is created

Inside the “dist” directory, you’ll find a file named “test_file.py,” which has undergone the process of code obfuscation. Upon opening “dist/test_file.py,” you’ll discover that it now contains obfuscated code, magically transformed through this process.
Upon executing “dist/test_file.py,” the expected functionality will be maintained; however, the Python code itself will remain concealed from direct view.

Section 2: Code Encryption using Fernet

With the Fernet module from the cryptography library, Python allows effortless encryption and decryption of scripts. Fernet employs AES and offers a straightforward and reliable approach to symmetric encryption, utilizing a single key for encryption and decryption purposes. To encrypt code using Fernet, we’ll install the cryptography package and apply encryption to the test_file.py mentioned earlier.

pip install cryptography

After installation, first, we will have to generate the symmetric key used for encryption. The package provides a function itself for generating a random key. The new randomly generated key will be written in the file “mykey.key”

from cryptography.fernet import Fernet
key = Fernet.generate_key()
with open(‘mykey.key’, ‘wb’) as mykey:
mykey.write(key)

Once the key is generated, it can be viewed by opening the “mykey.key”
fTWyB6jL2gCANk9l7FR6k5nSAitkE5LqleXpgmpxT-0=

Now, we will encrypt the test_file.py with this key. This code will encrypt the content of ‘test_file.py’ using the Fernet cipher with the provided key and save the encrypted result back to the same file.

if = Fernet(key)
with open(‘test_file.py’, ‘rb’) as test_file:
test_file = test_file.read() encrypted = f.encrypt(test_file)
with open(‘test_file.py’, ‘wb’) as encrypted_file:
encrypted_file.write(encrypted)

test_file.py

encrypted test_file.py

As mentioned earlier, PyArmor specializes in code obfuscation, allowing the code to remain executable. With Fernet encryption, the code is not only obfuscated but also somewhat secured against direct visibility and execution. Fernet encrypts the code, rendering it inaccessible and ensures a higher level of confidentiality.

The same file can be decrypted using the same key and the below script.

from cryptography.fernet import Fernet=
with open(‘mykey.key’, ‘rb’) as mykey:
key = mykey.read()
f = Fernet(key)
with open(‘test_file.py’, ‘rb’) as encrypted_file:
encrypted = encrypted_file.read()
decrypted = f.decrypt(encrypted)
with open(‘test_file.py’, ‘wb’) as decrypted_file:
decrypted_file.write(decrypted)

Conclusion

Strategically integrating PyArmor as level 1 security and Fernet cryptography encryption as level 2 security establishes a robust layered defense mechanism for Python scripts.

At the first level, PyArmor employs sophisticated code obfuscation to obscure the source code, bolstering its resilience against reverse engineering while still enabling usage without code visibility.

Complementing PyArmor, Fernet encryption operates as level 2 security, introducing an additional layer of protection by encrypting the code. This cryptographic layer ensures that the user cannot view or execute the code, unlike PyArmor, further reducing the risk of unauthorized access and preserving the confidentiality of critical components.

Picture of Muhammad Ali Qasim

Muhammad Ali Qasim

Ali, at TenX works as Data Analyst