Wednesday, 16 June 2010

Python code obfuscation

A couple of days ago, I looked at code to access from Totem, and started looking at the XBMC plugin source code.

Then you see things like that:
Oo = ii [ 0 ] . urlopen ( I11i [ list ] )
I1ii11iIi11i = Oo . read ( )
I1IiI = ii [ 1 ] . getcwd ( ) + I11i [ list + 1 ] . replace ( "/" , ii [ 1 ] . sep )
o0OOO = I1IiI . split ( ii [ 1 ] . sep )
Probably a good thing there's readable alternatives available. Note that I'd still be interested in seeing somebody decypher that, as an excercise :)


Mattias said...

Wonderful. :)

Anonymous said...

Really, that's vile... let's see what it does...

Line 1, we're using urllib to open a url, and in line 2, reading content from it.

In line 3, we appear to be replacing / characters in a path with the platform's path separator (thus redundant on Unix) and appending it to the current directory. Which on the 4th line, we split on the path separator, to give a list of directory names.

In marginally more readable form:

fp = urllib.urlopen(data[list])

urlContent =

path = os.getcwd() + data[list+1].replace("/", os.sep)

pathElements = path.split(os.sep)

Just *why* it's doing all this, I've no idea.

hadess said...

Anonymous: thanks, but there's at least a 100 lines of obfuscated code like that in the tarball.

Anonymous said...

Why would anyone do that is beyond me :s

hadess said...

krkhan: probably because they don't want people to link directly to their video feeds without going through their website and tons of adverts...

Anonymous said...

That looks like it was done with pyobfuscate. Which is open source and not obfuscated itself, so you could probably figure out how it works and modify it to reverse the obfuscation faster than you could puzzle it out.