一种面向Python软件的静态逆向分析方法

A Static Reverse Analysis Method for Python Software

随着编程语言的发展,恶意软件愈发泛滥,包括木马、Shell、后门和钓鱼程序等。而其外观与正常软件几乎一样,普通用户难以区分,如果误装了恶意软件会产生很严重的后果。同时,安全从业人员也需要通过分析恶意软件的底层逻辑和源代码来研究如何防范恶意软件。针对Java和C++编写的软件已经有了成熟的逆向分析方法,而对基于Python开发的软件还没有。因此,提出了一种面向Python软件的静态逆向分析方法,通过解析软件源代码,帮助普通用户避免误用恶意软件以及帮助研究人员更透彻地了解恶意软件。对Python软件的打包封装原理进行了简要介绍,详细说明了逆向分析方法的流程,并对示例程序进行了打包封装及逆向分析全流程的实验验证,总结了该方法的应用场景及不足之处。

With the development of programming languages,malware is increasingly prevalent,including Trojan horses,shells,backdoors,phishing and so on.Its appearance is almost the same as normal software,which is difficult for ordinary users to distinguish.Installing malicious software by mistake will have serious consequences.At the same time,security practitioners also need to study how to prevent malware by analyzing the underlying logic and source code of malware.Nowadays,there are mature reverse analysis methods for software written in Java and C++,but not for software developed based on Python.Therefore,a static reverse analysis method for python software is put forward.By analyzing the software source code,it can help ordinary users avoid misuse of malware and help researchers have a better understanding of malware.Firstly,the packaging principle of Python software is briefly introduced.Then the process of reverse analysis method is explained in detail,and the whole process of packaging and reverse analysis of the example program is verified by experiments.Finally,the application scenarios and shortcomings of the method are summarized.