I would like to decrypt the python (pygame) pre-encrypted file for processing.
By decrypting it and writing it out to a file, I was able to restore it to the state before encryption.
I'm worried that if things go on like this, users will be able to handle the files they've written.
I would like you to tell me how to deal with this situation.
Below is the sample source
importos
import pygame
from Crypto.PublicKey import RSA
from Crypto.Cipher import AES, PKCS1_OAEP
TARGET_PATH=os.path.join(os.path.dirname(__file__), "../data")
PEM="===himitsukagi==="
defdecrypto_file(path):
# decoding
file_in=open(path, "rb")
private_key=RSA.import_key(PEM)
enc_session_key, nonce, tag, ciphertext = [ file_in.read(x) for x in (private_key.size_in_bytes(), 16, 16, -1)]
# Decrypt session keys with RSA private keys
cipher_rsa = PKCS1_OAEP.new(private_key)
session_key=cipher_rsa.decrypt(enc_session_key)
# Decrypt data with AES session key
cipher_aes=AES.new(session_key, AES.MODE_EAX, nonce)
data=cipher_aes.decrypt_and_verify(ciphertext, tag)
return data
if__name__=="__main__":
# initialization
pygame.init()
screen=pygame.display.set_mode(1280,720))
path=TARGET_PATH+"/crypto_file.sample"
data=decrypto_file(path)
# I really want to read music files here.
# pygame.mixer.music.load(data)
# be written and read in a file as a breakthrough
file_out=open("decrypto_file.ogg", "wb")
file_out.write(data)
file_out.close()
pygame.mixer.music.load("decrypto_file.ogg")
pygame.mixer.music.play()
is_end=False
while(1):
# background
screen.fill((100,100,100))
for event in pygame.event.get():
if event.type==pygame.QUIT:
pygame.quit()
is_end = True
if is_end —break
2/04/2022 Add:
I was pointed out that analysis is easy, so I would appreciate it if you could let me know if it is impossible to protect even in the following cases.
Now, I have a question, is this procedure also easy to extract the variables and media data used in the program from memory?
Also, is the extraction method a commercial tool or a standard OS tool?
If I know how to extract it, I would like to consider the following additional steps.
I apologize for the inconvenience, but I appreciate your cooperation
python pygame pycrypto
If you pass the decrypted data to pygame.mixer.music.load
in the binary stream, you can play it without creating a file.
#Actually, I want to load the music file here.
# pygame.mixer.music.load(data)
# be written and read in a file as a breakthrough
# file_out=open("decrypto_file.ogg", "wb")
# file_out.write(data)
# file_out.close()
# pygame.mixer.music.load("decrypto_file.ogg")
importio
bytesIO=io.BytesIO(bytes(data))
pygame.mixer.music.load (bytesIO)
pygame.mixer.music.play()
According to music-Pygame documentation Japanese translation, pygame.mixer.music.load
reads "Load music file names and objects."
When I tried reading the data from the music file into binary stream and passed it to pygame.mixer.music.load
, I was able to play the music.
I'm worried that users can handle the files they've written.
Assumed
I think that's the problem.
As for the former, there is not much difference whether you write to a file or use on-memory.As long as the data is played back in the "User" environment, the "User" has easy access to the data.In addition, this code base provides easy access to encryption keys, so there is no point in encrypting them in the first place.
Conversely, when you try to protect your data from users, this becomes what you call "protection" and becomes a fairly difficult task.
As for the latter, it's meaningful to use on-memory because it's useless, but as mentioned above, encryption doesn't make sense in the first place, so it's better to have the original data read as it is.
"It seems that what is required is the story of ""Protect,"" but as I wrote above, this is a very difficult task."If you have to do it at a cost, you should consult a specialist company.Or you can develop it for your own use.
There is no point in sending the key online.The key is easy to read.So why don't you encrypt the key?Where do I keep the keys to decrypt the keys?If it's local, you just have to use the key from the beginning, and it's just useless to send it online.
First of all, I recommend that you learn the basics of cryptography.You should understand what the code provides protection for (what it does not provide protection for).
© 2024 OneMinuteCode. All rights reserved.