tnvjalstnwlq
Infrastructure Automation Wizard
Divine
LEVEL 1
500 XP
Reply to see the thread
https://i.ibb.co/mXM4pbH/Screen-Shot-2022-05-02-at-8-56-43-PM.pngA lot of python developers, especially the new ones I see entering the community everyday don't realize that the trial version has a publicRSA 1024bit key which is shared by trial users. Therefore, anyone who releases a python tool obfuscated by the trial version ofPyArmorcan easily have their tool unobfuscated and cracked in a matter of minutes. In addition, a lot of people have a misconception that PyArmor will protect your tool from being reversed or cracked, however, this is a HUGE misunderstanding and simply isn't true. For example, PyArmor protects the code, but not the authentication method you choose. By using a simple tool like Fiddler we can see exactly where every request from a tool is going and then try to bypass it by fuzzing the API, or by removing the auth file. For instance, let's say your python tool has an 'authenticate.py' file in it, and a 'main.py' file. This is extremely stupid because anyone could easily reverse the EXE into separate files and then delete the 'authenticate.py' file and just repack the 'main.py' file. This is why you must make sure the current user is authenticated THROUGHOUT the usage of the tool randomly checking the authenticated state. As I said, there's always some smart dude in Lithuania who will most likely crack your tool no matter how hard you try to protect it, but just know that the public version of PyArmor and other obfuscators will never be enough to protect your code and sometimes it takes common sense and your own custom tricks to do the job, trust me, if anyone knows it's me since my tool was cracked because of both of these reasons (BlazingDork for any of those who don't know).
https://i.ibb.co/mXM4pbH/Screen-Shot-2022-05-02-at-8-56-43-PM.pngA lot of python developers, especially the new ones I see entering the community everyday don't realize that the trial version has a publicRSA 1024bit key which is shared by trial users. Therefore, anyone who releases a python tool obfuscated by the trial version ofPyArmorcan easily have their tool unobfuscated and cracked in a matter of minutes. In addition, a lot of people have a misconception that PyArmor will protect your tool from being reversed or cracked, however, this is a HUGE misunderstanding and simply isn't true. For example, PyArmor protects the code, but not the authentication method you choose. By using a simple tool like Fiddler we can see exactly where every request from a tool is going and then try to bypass it by fuzzing the API, or by removing the auth file. For instance, let's say your python tool has an 'authenticate.py' file in it, and a 'main.py' file. This is extremely stupid because anyone could easily reverse the EXE into separate files and then delete the 'authenticate.py' file and just repack the 'main.py' file. This is why you must make sure the current user is authenticated THROUGHOUT the usage of the tool randomly checking the authenticated state. As I said, there's always some smart dude in Lithuania who will most likely crack your tool no matter how hard you try to protect it, but just know that the public version of PyArmor and other obfuscators will never be enough to protect your code and sometimes it takes common sense and your own custom tricks to do the job, trust me, if anyone knows it's me since my tool was cracked because of both of these reasons (BlazingDork for any of those who don't know).