--- tags: De-obfuscating Python title: Related works --- # Motivating example Ref: [link](https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack)  # Related Works **Obfuscation techniques in Python**: The state of the art obfuscation techniques include: 1. *Renaming variables*: [[1](https://pyob.oxyry.com/)] 2. *Adding garbage code*: [[2](https://github.com/davidteather/python-obfuscator)] -- The attacker renames the variables and mixes it with noise (i.e., garbage code including new variables being assigned to constants or each other) 3. *Executing code via function*: [[2](https://github.com/davidteather/python-obfuscator),[3](https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack)] -- The attacker runs malicious (often obfuscated) code via (sometimes chained) `exec`, `compile`, and `os.system`. Code may be zipped and require decompression. 4. *Encrypt strings and numerics*: [[4](https://benkurtovic.com/2014/06/01/obfuscating-hello-world.html#addendum-python-3-support), [5](https://github.com/brandonasuncion/Python-Code-Obfuscator)] -- Essentially all literals are encrypted. 5. *lambdas*: [[4](https://benkurtovic.com/2014/06/01/obfuscating-hello-world.html#addendum-python-3-support), [6](https://wiki.c2.com/?ObfuscatedPython)] -- to change scopes and more. 6. *hide inbuilt functions*: [[5](https://github.com/brandonasuncion/Python-Code-Obfuscator)] -- This is done via `getattr` to call the inbuilt functions indirectly. **Obfuscation detection**: **Deobfuscation techniques**: The [generic deobfuscation technique](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7163054). [Jsnice](https://files.sri.inf.ethz.ch/website/papers/jsnice15.pdf), ### Jsnice