473,549 Members | 2,753 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Python obfuscation

Are there any commercial, or otherwise obfuscators for python source
code or byte code and what are their relative advantages or
disadvantages. I wonder because there are some byte code protection
available for java and .NET, although from what i've read these seem to
be not comprehensive as protection schemes



http://petantik.blogsome.com - Telling it like it is

Nov 9 '05 #1
159 13311
"petantik" <pe***********@ gmail.com> wrote:
Are there any commercial, or otherwise obfuscators for python source
code or byte code and what are their relative advantages or
disadvantages. I wonder because there are some byte code protection
available for java and .NET, although from what i've read these seem to
be not comprehensive as protection schemes


hmm. is google down today?

http://www.lysator.liu.se/~astrand/p...s/pyobfuscate/

pyobfuscate is a source code obfuscator: It makes Python source code
hard to read for humans, while still being executable for the Python
interpreter.

</F>

Nov 9 '05 #2
How effective can it be when python is designed to make writing this
kind of code hard(hopefully impossible) ? The most effective would be
renaming function and may be variables but if the functions are kept
short, they would at most looks like haskell ;-)

Fredrik Lundh wrote:
hmm. is google down today?

http://www.lysator.liu.se/~astrand/p...s/pyobfuscate/

pyobfuscate is a source code obfuscator: It makes Python source code
hard to read for humans, while still being executable for the Python
interpreter.

</F>


Nov 9 '05 #3
petantik wrote:
Are there any commercial, or otherwise obfuscators for python source
code or byte code and what are their relative advantages or
disadvantages. I wonder because there are some byte code protection
available for java and .NET, although from what i've read these seem to
be not comprehensive as protection schemes

Before adding complex protection mechanisms to your code you first need
some code worth protecting, which is to say it should have some novel
features or represent a lot of work that offers useful integrated
functionality for a task or a skill area.

Most inquiries of this nature appear to fall at that first hurdle.

There are things you can do, but I'm always keenly aware that very few
users of a program have both the skills and the inclination to rip off
the code even when the source is distributed as part of the product.
Personally I've never bothered with obfuscation, and prefer to rely on
copyright when I deliver code to customers.

regards
Steve
--
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC www.holdenweb.com
PyCon TX 2006 www.python.org/pycon/

Nov 9 '05 #4
Perhaps this could be a PEP:

1) Add a system path for decryption keys.
2) Add a system path for optional decryptors supplied by user
(to satisfy US Export Control)
3) When importing a module try: import routine except importation
error : for all decryptors present for all keys present run decryptor
upon module and retry, finally raise importation error.

With PGP encryption one could encrypt the pyc's with the private key
and sell a public key to the end user.

The Eternal Squire

Nov 9 '05 #5
Steve Holden wrote:
Before adding complex protection mechanisms to your code you first need
some code worth protecting, which is to say it should have some novel
features or represent a lot of work that offers useful integrated
functionality for a task or a skill area.

Most inquiries of this nature appear to fall at that first hurdle.

There are things you can do, but I'm always keenly aware that very few
users of a program have both the skills and the inclination to rip off
the code even when the source is distributed as part of the product.
Personally I've never bothered with obfuscation, and prefer to rely on
copyright when I deliver code to customers.


As you said, if you have some novel features, you will need obfuscation.
Copyright doesn't protect the process and patents may take a while. In
the meanwhile, good obfuscation is reasonable protection, imho.

But I think you failed to note that it may not be a novel feature or
useful functionality. In fact, it might be the opposite: a function the
users want removed. A typical example would be a shareware registration
or nag screen. When the users have to start paying, they might then feel
inclied to "rip off the code", or in this case, rip out the code.
Nov 9 '05 #6
"bo****@gmail.c om" <bo****@gmail.c om> writes:
How effective can it be when python is designed to make writing this
kind of code hard(hopefully impossible) ? The most effective would be
renaming function and may be variables but if the functions are kept
short, they would at most looks like haskell ;-)


I haven't looked at obfuscator, so I have *no idea* how it works. The
following is how I'd do it.

Step one: globally replace all names in all python module withb names
that are composed of long strings of l, 1, 0 and 0. Fixing
cross-module references should be fun. Don't just make them random -
make them all start with the same sequence, and end with the same
sequence, having differences only in the middle.

Step two: repeat this process for the contents of binary modules, not
neglecting __builtins__. In this case, you probably can't remove the
old names, but you can add new things to the module, and make sure you
only reference those.

I'm not sure how to go about fixing things that are referenced by name
in binary modules. Maybe you'll have to leave those names in the
modules. But you an make sure that all references in Python source use
the new, binary-like names.

<mike

--
Mike Meyer <mw*@mired.or g> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
Nov 9 '05 #7
Yu-Xi Lim wrote:
Steve Holden wrote:
Before adding complex protection mechanisms to your code you first need
some code worth protecting, which is to say it should have some novel
features or represent a lot of work that offers useful integrated
functionality for a task or a skill area.

Most inquiries of this nature appear to fall at that first hurdle.

There are things you can do, but I'm always keenly aware that very few
users of a program have both the skills and the inclination to rip off
the code even when the source is distributed as part of the product.
Personally I've never bothered with obfuscation, and prefer to rely on
copyright when I deliver code to customers.


As you said, if you have some novel features, you will need obfuscation.
Copyright doesn't protect the process and patents may take a while. In
the meanwhile, good obfuscation is reasonable protection, imho.

But I think you failed to note that it may not be a novel feature or
useful functionality. In fact, it might be the opposite: a function the
users want removed. A typical example would be a shareware registration
or nag screen. When the users have to start paying, they might then feel
inclied to "rip off the code", or in this case, rip out the code.


This is what I am talking about. If you look at programs written in C,
or others that compile into native binaries, there are many protection
schemes which are mainly used not to protect some novel process but to
ensure that their commercial software remains marketable.

People who download cracks/serial numbers rarely care about copyright.
So when python is used in more commercial software some sort of high
grade obfuscation may be needed. These packers sometimes also have an
embedded compression so that it can decompress the code 'on the fly'
reducing filesizes

http://petantik.blogsome.com - A Lucid Look at Reality

Nov 9 '05 #8
Mike Meyer wrote:
Step one: globally replace all names in all python module withb names
that are composed of long strings of l, 1, 0 and 0. Fixing
cross-module references should be fun. Don't just make them random -
make them all start with the same sequence, and end with the same
sequence, having differences only in the middle.


Eliminating the original variable names may be useful in obfuscation,
but this doesn't seem to buy much over just replacing with random
strings; it's trivial to do a similar replacement to go from "10Oll10"
strings to "firstVariable" , "secondVariable ", etc strings.

Nov 9 '05 #9
I dont know much !! But if somebody asks me this question my answer
would be to convert some of the meat inside my programs to C/C++ and
then provide the interface to those novel ideas to Python using swig.
And for another level of protection maybe use these offuscator on the
remaining Python source. What do you think ?

Anand S Bisen

petantik wrote:
Are there any commercial, or otherwise obfuscators for python source
code or byte code and what are their relative advantages or
disadvantages. I wonder because there are some byte code protection
available for java and .NET, although from what i've read these seem to
be not comprehensive as protection schemes



http://petantik.blogsome.com - Telling it like it is

Nov 9 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

46
6206
by: Jon Perez | last post by:
Can one run a 1.5 .pyc file with the 2.x version interpreters and vice versa? How about running a 2.x .pyc using a 2.y interpreter?
13
2093
by: vincent | last post by:
I made the suggestion "Need built in obfuscation support in C# compiler" to Microsoft. Anyone here agree with me? If yes, please cast your vote on this suggestion to raise its priority.
17
19637
by: seberino | last post by:
How can a proprietary software developer protect their Python code? People often ask me about obfuscating Python bytecode. They don't want people to easily decompile their proprietary Python app. I suppose another idea is to rewrite entire Python app in C if compiled C code is harder to decompile. Any ideas?
10
2181
by: John T. | last post by:
Hi all Figure this scenario: - My Company develops an assembly (a controls DLL) - Since an obfuscation software is too expensive, my Company engages a consultant and delegates him the assembly obfuscation process - The consultant uses his (regulary purchased and licensed) obfuscation software for obfuscate my Company's assembly - My...
0
1255
by: Gabriel Genellina | last post by:
QOTW: "Template engines are amongst the things that seem easy enough to look at the available software and say 'bah, I'll write my own in a day', but are complex enough to keep them growing over years until they become as huge and inaccessible as all the other implementations. Then it's time for someone else to look at it and say 'bah, I'll...
9
1368
by: Steve Holden | last post by:
Banibrata Dutta wrote: The Python world isn't particularly paranoid about obfuscation. It's quite easy to publish compiled code only (.pyc and/or .pyo files), and that offers enough protection for most. The sad fact is that there seems to be an almost direct inverse correlation between the worth of the code and the authors' desire to...
0
7451
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
7960
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
0
7812
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
6048
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
1
5372
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
5089
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3501
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3483
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1944
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.