ull (numpy, pydantic, boto3, etc.) | High (AES-256-CTR + HMAC, runtime inspection only) |
Key Findings:
- Zero-disk architecture eliminates forensic extraction vectors entirely.
- Native extensions load successfully through platform-specific memory loaders.
- Cryptographic separation (AES-256-CTR + HMAC-SHA256) ensures bundles are useless without the key.
- Runtime protection aligns with defense-in-depth: stops casual reverse engineering, requires legal/contractual safeguards for determined actors.
Core Solution
paker implements a zero-disk loading architecture where encrypted modules are delivered at runtime and compiled directly into Python's memory space. The system bypasses traditional file-based import mechanisms by intercepting the import chain and injecting compiled code objects into sys.modules.
Architecture & Loading Flow
- Network Delivery: Encrypted bundles (
.paker) are fetched from a CDN or internal service.
- Key Injection: Decryption keys are retrieved separately via license servers, HSMs, or environment variables.
- Memory Compilation: The bundle is decrypted in RAM, compiled to bytecode, and injected into the interpreter without touching the filesystem.
- Native Extension Handling: Platform-specific loaders map C-extensions directly into process memory, satisfying dynamic linker requirements without disk artifacts.
- Windows & Linux: Native zero-disk loading via memory-mapped execution and custom import hooks.
- macOS: Mandatory code signing requires an ephemeral temp file (written, loaded, immediately deleted). The host binary must carry the
disable-library-validation entitlement to bypass signature verification for in-memory modules.
Instead of a rigid built-in obfuscator, paker exposes extensible transformation hooks for AST and bytecode-level passes, allowing developers to tailor protection to their exact threat model.
import paker, requests
# Key arrives from your license server. paker doesn't manage keys.
key = requests.post("https://license.example.com/key",
json={"license": LICENSE_ID}).content
# loads() accepts dict, str, bytes, or bytearray.
bundle = requests.get("https://cdn.example.com/sdk.paker").json()
with paker.loads(bundle, key=key):
import proprietary_sdk
proprietary_sdk.run()
import ast, paker
def strip_docstrings(tree: ast.AST, module_name: str) -> ast.AST:
for node in ast.walk(tree):
if isinstance(node, (ast.FunctionDef, ast.AsyncFunctionDef,
ast.ClassDef, ast.Module)):
if ast.get_docstring(node):
node.body.pop(0)
return tree
bundle = paker.dumps("myapp", key=KEY, ast_transform=strip_docstrings)
Pitfall Guide
- Key-Bundle Coupling: Never transmit or store the decryption key alongside the encrypted bundle. paker expects strict separation; key distribution must be handled via your existing infrastructure (license server, HSM, or secure environment variables).
- macOS Code Signing Constraints: macOS enforces mandatory code signing for executable memory. You must use an ephemeral temp file and grant the
disable-library-validation entitlement to the host binary, or loading will fail with signature verification errors.
- Runtime Memory Inspection: Once loaded, modules reside in
sys.modules as standard Python objects. Attackers with process access can extract bytecode via marshal.dumps(func.__code__) or traverse the heap with gc.get_objects(). Treat this as defense-in-depth, not absolute protection.
- Core Dump & Swap Leakage: Without explicit memory hardening, decrypted bytecode may leak into swap space or core dumps. Apply
mlock and MADV_DONTDUMP to sensitive memory regions to prevent OS-level persistence.
- Over-Engineering Obfuscation: Building complex built-in obfuscators is often unnecessary and introduces maintenance overhead. Use
ast_transform or code_transform hooks to apply targeted transformations that match your actual threat model.
- Threat Model Misalignment: Technical protection stops casual reverse engineering and automated extraction. A determined attacker with a valid license and debugger will eventually extract bytecode. Combine cryptographic runtime loading with legal/contractual safeguards for comprehensive protection.
- Import Context Leaks: The
paker.loads() context manager must wrap the import statement. Importing outside the context will trigger standard disk-based resolution, bypassing memory loading and potentially exposing fallback artifacts.
Deliverables
- Blueprint: paker Runtime Architecture & Key Distribution Flow (diagram showing network delivery, memory decryption, import hook injection, and platform-specific loader paths)
- Checklist: Secure Deployment & Memory Hardening (covers key separation, macOS entitlements,
mlock/MADV_DONTDUMP application, context manager scoping, and transform hook validation)
- Configuration Templates: Transform Hook Setup & Encryption Parameters (ready-to-use
ast_transform/code_transform stubs, AES-256-CTR + HMAC-SHA256 parameter mapping, and CDN/license server integration examples)
