PyLocket Security Overview¶
Encryption & Key Management¶
- Military-grade encryption applied at the function level with unique keying material per function
- Industry-standard key derivation binding keys to license, application, and function context
- Cryptographic manifest signing with strict verification to prevent tampering
- Integrity verification before any decryption operation (encrypt-then-verify)
- Cloud-managed envelope encryption: per-application master keys with automatic rotation
- Secure memory handling for all key material — keys are never left in memory longer than needed
Binary Hardening¶
- Dynamic API resolution: security-sensitive system calls are resolved at runtime with no static strings in the binary
- Advanced code obfuscation applied to the native runtime across all supported platforms
- Aggressive compiler optimizations: minimal binary size, full link-time optimization, symbol stripping
Runtime Anti-Analysis¶
PyLocket's native runtime includes a multi-layered anti-analysis suite that detects and responds to reverse engineering attempts:
- Debugger detection (platform-native mechanisms on Windows, Linux, and macOS)
- Virtualization and sandbox detection
- Known reverse-engineering tool detection (no tool names stored in plaintext)
- Dynamic instrumentation framework detection
- Timing-based analysis detection
- Memory dump prevention
- Continuous re-verification during execution
Memory Protection¶
- Guarded memory regions with hardware-enforced access controls
- Permission toggling: decrypted code is only accessible during active execution
- Secure zeroing of all sensitive data on eviction or deallocation
- Verified through automated testing across all supported platforms
Testing & CI¶
- Continuous fuzz testing across multiple attack surfaces
- Cross-platform CI matrix covering all supported OS, Python version, and packaging format combinations
- Automated memory dump analysis to verify no plaintext bytecode is recoverable
- Comprehensive unit and integration test suites for all cryptographic and verification operations
Platform Support¶
| Platform | Architecture | Status |
|---|---|---|
| Linux | x86_64 | Full support |
| Linux | aarch64 | Full support |
| macOS | x86_64 | Full support |
| macOS | aarch64 (Apple Silicon) | Full support |
| Windows | x86_64 | Full support |
Python Version Support¶
Python 3.9, 3.10, 3.11, 3.12, 3.13
Packaging Format Support¶
PyInstaller (onefile + onedir), cx_Freeze, Briefcase, wheel, zip