Download Hack Apple h9!10!2011 Teasers PDF

TitleHack Apple h9!10!2011 Teasers
File Size4.0 MB
Total Pages28
Table of Contents
                            Cover
Dear Readers
CONTENTS
In brief
Hacking Tools on iOS
Apple Memory Tricks
As Apple Devices Gain Popularity Do They Become More Vulnerable to Exploitatio
Import Hooks For 
Encrypted Python Modules
Apple OS X and iOS 
Hacking News
Interception With Paros 
Proxy
Prey: From Praying to 
Preying
Facebook and the Fuzz Smartphones, Social Media, and Policing
Civil Disturbances
Interview With 
David Harley
In the next issue
                        
Document Text Contents
Page 2

spread : http://www.elearnsecurity.com/r/h9mag_s_1.php

Page 14

10/2011 26

DEFENCE Import Hooks For Encrypted Python Modules

www.hakin9.org/en 27

Well, the answer is Yes! There are ways, and one such way is through the use of Import Hooks.
Import Hooks[1] are objects that can be injected into

Python’s import mechanism and used to customize how
modules are found and loaded, allowing it to import
modules stored in a non-standard way. As we want to
import encrypted modules, we fall into this non-standard
category, ergo, we need to write an import hook.

The The Importer Protocol is presented in the
Python-Enhancement Proposal (PEP) 302. This
protocol describes Import Hooks and explains how
the import process works for loading Python modules.
According to this PEP, when the Python interpreter
finds an import statement, it calls the
function from the built-in name space with the name of
the module and a reference to the global name space.
If the name is a sub-module of a package,
will try to resolve that name relative to that package
first. If that fails, will try an absolute import.

When the interpreter finds a dotted import, it first
splits the name into components and then tries to
import those components in order, looking for a
component inside the previous one. Thus, import
foo.bar, becomes first an import of the foo module, and
when that succeeds, the interpreter imports bar as a
sub-module of foo, which implies that by the time bar is
being imported, foo was already loaded successfully.
Every time one of these individual imports is made, a

hook is invoked to handle the import. If no hooks exist
or it can’t handle the import, then the built-in method
is applied.

According to the PEP, The Importer Protocol involves
two objects, the finder and the loader. The finder has
the task to let the import process know if it knows of a
loader for a given module. The finder must implement a
function of this form:

Import Hooks For
Encrypted Python Modules

Every now and again, somebody comes up and ask this question:
How can I hide/encrypt/obfuscate my Python code? And the
answers may be different, ranging from things like: Python is not
the Tool; rewrite it in Perl; distribute only your .pyc or .pyo files; and
other creative solutions.

What you will learn…
• Python’s import mechanism and hooks
• How to import encrypted Python modules

What you should know…
• Basic knowledge of Python
• Knowledge of Python’s C API
• Some knowledge of the XOR cipher.

Table 1. Things loader.load_module is
responsible for
• The attribute of the new module must be

set. It could be any string at all, but it must be set.
• The attribute must be set.
• If the module is a package, then the attribute

must be set with a list, although it could be an empty list
if not needed.

• The attribute must be set to the Loader
object.

• The loader must execute the code of the module inside
the new module’s global namespace (or

).
• The loader should �rst look up the module in sys.modules

and if found, use that module. On the same note, the
Loader should append the new loaded module in

.

Page 15

10/2011 30

DEFENCE

www.hakin9.org/en

the given file (see Listing 1), and returns the decrypted
contents to the callee.

With the decrypted code in hand, we proceed to
execute it. But first, we need a reference to our new
module’s __dict__ attribute, as the code has to be
executed with a reference to this dictionary. The second
thing is that we need to provide Py_file_input as the
second argument to the PyRun_String function that we
are going to use to execute our code into the new
python module. If we use something other than Py_file_
input, we will get Segfaults all over.

The line (line 55) res = PyRun_String(module_code, Py_
file_input, new_module_dict, new_module_dict) is analogous
to the exec code in mod.__dict__ python code you will
find in PEP 302.

After all this, we are ready to run the test.
Do you remember we created EncModule.pye a while

ago? It is time to use it. Put EncModule.pye and the
compiled CryptImpHook in the same directory and just
execute the Python test script in Listing 6, and Voila!,
we just imported an encrypted module in Python.

You’ll find the whole code in http://dev.gentoo.org/
~neurogeek/CryptImpHook.tar.gz.

References
• New Import Hooks (PEP 302) http://www.python.org/dev/

peps/pep-0302 [1]
• XOR Cipher http://en.wikipedia.org/wiki/XOR_cipher [2]
• Python C API http://docs.python.org/c-api/index.html [3]

JESUS RIVERO
Jesus Rivero, a.k.a Neurogeek, is a Computer Scientist
programming for the past 10 years from embedded systems
to web applications. Currently, he develops software for the
�nancial world and is a Gentoo GNU/Linux developer.
[email protected]
[email protected]
Website/blog: http://dev.gentoo.org/~neurogeek

http://dev.gentoo.org/~neurogeek/CryptImpHook.tar.gz
http://dev.gentoo.org/~neurogeek/CryptImpHook.tar.gz
http://www.python.org/dev/peps/pep-0302
http://www.python.org/dev/peps/pep-0302
http://en.wikipedia.org/wiki/XOR_cipher
http://docs.python.org/c-api/index.html
mailto:[email protected]
mailto:[email protected]
http://dev.gentoo.org/~neurogeek
mailto:[email protected]

Page 27

http://lostpassword.com/kit-forensic.htm

Page 28

http://hackerhalted.com/

Similer Documents