obviscating python code for distribution

harrismh777 harrismh777 at charter.net
Wed May 18 22:54:48 EDT 2011 

Littlefield, Tyler wrote:
> I know about rate limiting and dos attacks, as well as some others, but
> I think there's a lot more that I don't know--can someone kind of aim me
> in the right direction for some of this? I want to be able to take
> techniques, break my server and then fix it so that can't be done before
> I head to public with this.

Black-hat and gray-hat papers are some of the best resources; and 
entertaining ta-boot...

Four resources that you will what to look into, in no particular order:

Erickson, Jon, "Hacking: The Art of Exploitation," 2nd ed,
	San Francisco: No Starch Press, 2008.


Anonymous, "Maximum Linux Security: A Hacker's Guide to Protecting
	Your Linux Server and Workstation," Indianapolis:
	Sams Publishing, 2000.
	
	(check for other editions)
	(this volume is a good read, even for other platforms,
		but is geared specifically to Linux)


Graves, Kimberly, "CEH Certified Ethical Hacker: Study Guide,"
	Indianapolis: Wiley Publishing, 2010.


Seitz, Justin, "Gray Hat Python: Python Programming for Hackers
	and Reverse Engineers," San Francisco: No Starch Press, 2009.


      The best way to protect your system is first to be able to 
understand how someone else will attempt to compromise it.

      I personally am an *ethical* hacker; by definition, I exploit 
possibilities, for problem solving, and I cause *NO* harm.  Having said 
that, I have studied *all* of the techniques employed in the field for 
causing harm; why? Because that is the *only* way to know how to defend 
against them.

      Its like missile anti missile...    virus anti virus, and the 
like. Because *all* of software is mathematical by nature it is not 
possible to lock software with software... this is partially the 
decidability problem at work. But mostly its a matter of their skills 
getting better... yours better be better yet, and when they get even 
better than you---  well you better be ready to improve ... and on and 
on it goes... But, first you need to understand what you're up against.

      There is absolutely *no* way to prevent reverse engineering. Its 
all just code, and that code can be unraveled with the right math and 
enough time. (time and talent is all it takes; that and the will to be 
tenacious and uncompromising. If someone wants your system badly enough, 
they will own it... its just a matter of time... so be ready for it... 
like the Bible says, "If the master of the house knew what hour the 
thief would break in and steal, he would have kept better watch on his 
house!"



kind regards,
m harris

More information about the Python-list mailing list