x86_64. The last number stands for the features: 0: No anti-debug, JIT, advanced mode features, high speed 7: Include anti-debug, JIT, advanced mode features, high security It’s possible to obfuscate --list pyarmor download --list windows pyarmor download --list windows.x86_64 pyarmor download --list JIT pyarmor download --list armv7 After pyarmor is upgraded, however these downloaded dynamic libraries Each feature has its own bit 1: Anti-Debug 2: JIT 4: ADV, advanced mode 8: SUPER, super mode For example, windows.x86_64.7 means anti-debug(1), JIT(2) and advanced mode(4) supported, windows.x86_64

x86_64. The last number stands for the features: 0: No anti-debug, JIT, advanced mode features, high speed 7: Include anti-debug, JIT, advanced mode features, high security It’s possible to obfuscate --list pyarmor download --list windows pyarmor download --list windows.x86_64 pyarmor download --list JIT pyarmor download --list armv7 After pyarmor is upgraded, however these downloaded dynamic libraries Each feature has its own bit 1: Anti-Debug 2: JIT 4: ADV, advanced mode 8: SUPER, super mode For example, windows.x86_64.7 means anti-debug(1), JIT(2) and advanced mode(4) supported, windows.x86_64

forwarding, encapsula�on, etc. An in-kernel verifier ensures that BPF programs are safe to run and a JIT compiler converts the bytecode to CPU architecture specific instruc�ons for na�ve execu�on efficiency linked, either choice is valid. CONFIG_BPF=y CONFIG_BPF_SYSCALL=y CONFIG_NET_CLS_BPF=y CONFIG_BPF_JIT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_SCH_INGRESS=y CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_USER_API_HASH=y through a compiler back end (e.g. LLVM), so that the kernel can later on map them through an in-kernel JIT compiler into na�ve opcodes for op�mal execu�on performance inside the kernel. The advantages for

forwarding, encapsulation, etc. An in- kernel verifier ensures that BPF programs are safe to run and a JIT compiler converts the bytecode to CPU architecture specific instructions for native execution efficiency linked, either choice is valid. CONFIG_BPF=y CONFIG_BPF_SYSCALL=y CONFIG_NET_CLS_BPF=y CONFIG_BPF_JIT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_SCH_INGRESS=y CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_USER_API_HASH=y through a compiler back end (e.g. LLVM), so that the kernel can later on map them through an in-kernel JIT compiler into native opcodes for optimal execution performance inside the kernel. The advantages for

Maps Object Pinning Tail Calls BPF to BPF Calls JIT Hardening Offloads Toolchain Development Environment LLVM iproute2 bpftool BPF sysctls Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous forwarding, encapsulation, etc. An in- kernel verifier ensures that BPF programs are safe to run and a JIT compiler converts the bytecode to CPU architecture specific instructions for native execution efficiency linked, either choice is valid. CONFIG_BPF=y CONFIG_BPF_SYSCALL=y CONFIG_NET_CLS_BPF=y CONFIG_BPF_JIT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_SCH_INGRESS=y CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_USER_API_HASH=y

Maps Object Pinning Tail Calls BPF to BPF Calls JIT Hardening Offloads Toolchain Development Environment LLVM iproute2 bpftool BPF sysctls Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous forwarding, encapsulation, etc. An in-kernel verifier ensures that BPF programs are safe to run and a JIT compiler converts the bytecode to CPU architecture specific instructions for native execution efficiency linked, either choice is valid. CONFIG_BPF=y CONFIG_BPF_SYSCALL=y CONFIG_NET_CLS_BPF=y CONFIG_BPF_JIT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_SCH_INGRESS=y CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_USER_API_HASH=y

Maps Object Pinning Tail Calls BPF to BPF Calls JIT Hardening Offloads Toolchain Development Environment LLVM iproute2 bpftool BPF sysctls Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous forwarding, encapsulation, etc. An in-kernel verifier ensures that eBPF programs are safe to run and a JIT compiler converts the bytecode to CPU architecture specific instructions for native execution efficiency linked, either choice is valid. CONFIG_BPF=y CONFIG_BPF_SYSCALL=y CONFIG_NET_CLS_BPF=y CONFIG_BPF_JIT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_SCH_INGRESS=y CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_USER_API_HASH=y

Maps Object Pinning Tail Calls BPF to BPF Calls JIT Hardening Offloads Toolchain Development Environment LLVM iproute2 bpftool BPF sysctls Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous forwarding, encapsulation, etc. An in-kernel verifier ensures that eBPF programs are safe to run and a JIT compiler converts the bytecode to CPU architecture specific instructions for native execution efficiency linked, either choice is valid. CONFIG_BPF=y CONFIG_BPF_SYSCALL=y CONFIG_NET_CLS_BPF=y CONFIG_BPF_JIT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_SCH_INGRESS=y CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_USER_API_HASH=y

Maps Object Pinning Tail Calls BPF to BPF Calls JIT Hardening Offloads Toolchain Development Environment LLVM iproute2 bpftool BPF sysctls Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous forwarding, encapsulation, etc. An in-kernel verifier ensures that eBPF programs are safe to run and a JIT compiler converts the bytecode to CPU architecture specific instructions for native execution efficiency linked, either choice is valid. CONFIG_BPF=y CONFIG_BPF_SYSCALL=y CONFIG_NET_CLS_BPF=y CONFIG_BPF_JIT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_SCH_INGRESS=y CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_USER_API_HASH=y

scripts, use these options to get more security: $ pyarmor gen --enable-jit --mix-str --assert-call --private foo.py Using --enable-jit tells Pyarmor processes some sentensive data by c function generated protect package For package, remove --private and append 2 extra options: $ pyarmor gen --enable-jit --mix-str --assert-call --assert-import -- restrict joker/ Using --assert-import prevents obfsucated more times, for example, importing a plain script about 1 ms, but bcc module about 200 ms --enable-jit prevents from static decompilation --enable-themida prevents from most of debuggers, only available