Increasing numbers of commercial and closed source applications are being developed in Python. Developers of such applications are investing more & more to stop people being able to see their source code through a variety of code obfuscation techniques. At the same time Python is an increasingly present component of 'Cloud' technologies where traditional bytecode decompilation techniques fall down through lack of access to files on disk.
The pyREtic presentation discusses the techniques and subsequent toolkit developed while trying to audit one such closed source Python application. The methodology behind the approaches used as well as practicalities of reverse engineering at the Python level (rather than the assembly level that we are all more familiar with) will be discussed as well as releasing a toolkit.
The toolkit is able to reverse Python applications from live objects in memory as opposed to decompiling .pyc bytecode files, it also shows how to defeat the techniques most commonly employed to obfuscate Python code today. This will allow people to find bugs in code that was previously opaque to them.
Rich Smith joined Immunity in October 2008 as a researcher and has worked across a variety of areas encompassing attack tooling and framework design, exploit development in addition to consulting for a variety of industry sectors as an outside expert in a range of technical capacities. Prior to joining Immunity, Rich worked as a principal security researcher with HP Labs leading the Research In Offensive Technology and Threats based in the UK. Rich has spoken at numerous international conferences, both public and private, and participated in community, industry and government sponsored infosec groups.