I am not convinced that's enough obfuscation to hide secrets using MicroPython. I haven't built a full MicroPython to test but I believe the bytecode generated should be the same whether included in a full build as it is from using 'mpy-cross' to create a '.mpy' file.I finalized settled on using features of compiling Python/uPython code and simply storing the ASCII values of the credentials in a LIST. See https://github.com/DS256/Python-Hiding- ... edentials for details.
My approach holds the credentials in compiled byte-code and until there is a decompiler for the current versions, I feel it's safe.
Using a cut-down and slightly modified version of code and data from your GitHub -
Code:
pi@Pi4B:/tmp $ cat secret.pydef Wrapper(): def recompose(eval_list): # Input must be of type LIST pass # paul@somedomain.com from_email=recompose([112,97,117,108,64,115,111,109,101,100,111,109,97,105,110,46,99,111,109]) # 1234someFancyPassword!@*# email_pass=recompose([49,50,51,52,115,111,109,101,70,97,110,99,121,80,97,115,115,119,111,114,100,33,64,42,35]) # username email_login=recompose([117,115,101,114,110,97,109,101]) # serveraddress email_server=recompose([115,101,114,118,101,114,97,100,100,114,101,115,115])Code:
pi@Pi4B:/tmp $ mpy-cross secret.pyCode:
pi@Pi4B:/tmp $ dump secret.mpy...0050 : 80 70 22 80 61 22 80 75 22 80 6C 22 80 40 22 80 .p".a".u".l".@".0060 : 73 22 80 6F 22 80 6D 22 80 65 22 80 64 22 80 6F s".o".m".e".d".o0070 : 22 80 6D 22 80 61 22 80 69 22 80 6E AE 22 80 63 ".m".a".i".n.".c0080 : 22 80 6F 22 80 6D 2B 13 34 01 C1 B0 22 31 22 32 ".o".m+.4..."1"20090 : 22 33 22 34 22 80 73 22 80 6F 22 80 6D 22 80 65 "3"4".s".o".m".e00A0 : 22 80 46 22 80 61 22 80 6E 22 80 63 22 80 79 22 ".F".a".n".c".y"00B0 : 80 50 22 80 61 22 80 73 22 80 73 22 80 77 22 80 .P".a".s".s".w".00C0 : 6F 22 80 72 22 80 64 A1 22 80 40 AA A3 2B 19 34 o".r".d.".@..+.400D0 : 01 C2 B0 22 80 75 22 80 73 22 80 65 22 80 72 22 ...".u".s".e".r"00E0 : 80 6E 22 80 61 22 80 6D 22 80 65 2B 08 34 01 C3 .n".a".m".e+.4..00F0 : B0 22 80 73 22 80 65 22 80 72 22 80 76 22 80 65 .".s".e".r".v".e0100 : 22 80 72 22 80 61 22 80 64 22 80 64 22 80 72 22 ".r".a".d".d".r"0110 : 80 65 22 80 73 22 80 73 2B 0D 34 01 C4 51 63 01 .e".s".s+.4..Qc.0120 : 38 09 06 03 04 40 51 63 8....@QcCode:
pi@Pi4B:/tmp $ cat decode.pywith open("secret.mpy", "rb") as f: s = f.read()o = ""for n in range(len(s)): b = s[n] if b == 0x00 : o = "" elif b == 0xA3 : o += "#" elif b == 0xAA : o += "*" elif b == 0xAE : o += "." elif b == 0x34 and chr(s[n-1]) != '"' : o = o.rstrip("+") + "\n" elif b >= 0x20 and b <= 0x7F and chr(b) != '"' : o += chr(b)print(o)Code:
pi@Pi4B:/tmp $ python decode.pypaul@somedomain.com1234someFancyPassword@*#usernameserveraddressQc8@QcStatistics: Posted by hippy — Thu Apr 10, 2025 6:16 pm