GuardShield is a Python library that provides robust security measures to protect your Python projects. It offers various detection methods to prevent debugging attempts and ensure secure execution of your code.
pip install --force-reinstall guardshield
Import the library:
import guardshield
Enable anti-debugger detection and define custom actions on detection:
# Custom function to be executed on debugger detection
def debugger_detected():
print("Debugger detected!")
# Create a Security instance with desired settings
module = guardshield.Security(
anti_debugger=True, # Enable debugger detection
kill_on_debug=False, # Kill the application on detection
detect_vm=False, # Call custom function on vm detection
detect_sandbox=False, # Call custom function on sandbox detection
on_detection=debugger_detected # Execute custom function on detection
)
# Start the security check loop in a separate thread
module.check_security() # -> dict { 'detected' : bool, 'description' : str }
Perform simple checks:
# Check if the application is being debugged
module.check_debug() # -> bool
# Detect if the application is running within a sandbox environment (e.g., Sandboxie)
module.check_sandbox() # -> bool
# Terminate the application
module.force_kill() # -> None
# Detect if the application is running in vm and rdp
module.check_vm() # -> bool
# Crash user pc with Blue screen
module.crash_pc() # -> None
# Create pc fingerprint / hwid
module.get_uuid() # -> str
# Protect injection / hooking
module.anti_injection() # -> None
v1.1.5 ⋮ 06/02/2024
+ bug fix
+ dll injection detection (by bytes)
v1.1.4 ⋮ 04/02/2024
+ bug fix
+ pyinject process detection (by name)
v1.1.3 ⋮ 01/02/2024
+ injection protection
v1.1.2 ⋮ 01/02/2024
+ false detection fix
https://www.youtube.com/watch?v=AP1rasewaUw&ab_channel=oxyn
To ensure the security of your executable (.exe
) file, it is recommended to avoid using PyInstaller for compilation, as it can be easily reversed. Instead, you can use "Nuitka," a source-to-source compiler that compiles Python code into optimized C source code, making it harder for checkers and reverse engineers to understand and modify your code.
Follow these steps to compile your code securely:
- Obfuscate your code using tools like the Pyobfuscate website, which can obfuscate variable names and enhance protection.
- Import GuardShield to prevent debugging during the execution of your code.
- Compile the code using Nuitka. Here's an example command:
python -m nuitka --follow-imports --onefile --standalone --windows-icon-from-ico=icon.ico main.py
After compiling the program, you can also provide it with additional protection using the vmprotect application.
By following these steps, your code will be well-protected. However, for the utmost security, consider keeping sensitive parts of your code on the server-side as an API and perform critical operations there. This approach adds an extra layer of protection and makes your application almost unbreakable.
To enhance the security of your API requests, it is recommended to encrypt the requests or add a fingerprint (custom hash) to the request that can be checked in the application and on the server. Here's an example of AES encryption using the AESCipher
class:
import base64
from Crypto.Cipher import AES
from Crypto import Random
import hashlib
class AESCipher(object):
def __init__(self, key):
self.bs = AES.block_size
self.key = hashlib.sha256(key.encode()).digest()
def encrypt(self, raw):
raw = self._pad(raw)
iv = Random.new().read(AES.block_size)
cipher = AES.new(self.key, AES.MODE_CBC, iv)
return base64.b64encode(iv + cipher.encrypt(raw.encode()))
def decrypt(self, enc):
enc = base64.b64decode(enc)
iv = enc[:AES.block_size]
cipher = AES.new(self.key, AES.MODE_CBC, iv)
return self._unpad(cipher.decrypt(enc[AES.block_size:])).decode('utf-8')
def _pad(self, s):
return s + (self.bs - len(s) % self.bs) * chr(self.bs - len(s) % self.bs)
@staticmethod
def _unpad(s):
return s[:-ord(s[len(s)-1:])]
class Aes:
def __init__(self):
self.key = "SecKey2115"
def decrypt(self, text, key=None):
if key is not None:
self.key = key
return AESCipher(self.key).decrypt(text)
def encrypt(self, text, key=None):
if key is not None:
self.key = key
return AESCipher(self.key).encrypt(text).decode()
You can use the Aes
class to encrypt and decrypt your requests using AES encryption. Remember to use a strong and secure key for encryption.
- Add sandboxie detection
- Add Vm detection
- Add Better cheat engine detection
- Add DLL injection protection