By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
457,761 Members | 1,190 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 457,761 IT Pros & Developers. It's quick & easy.

Re: Any reliable obfurscator for Python 2.5

P: n/a
Banibrata Dutta wrote:
>

On 4/20/08, *Gabriel Genellina* <ga*******@yahoo.com.ar
<mailto:ga*******@yahoo.com.ar>wrote:

En Sun, 20 Apr 2008 01:55:51 -0300, Banibrata Dutta
<ba*************@gmail.com <mailto:ba*************@gmail.com>escribió:
Wanted to check if there is any known, reliable, FOSS/Libre --
Obfurscator
for Python 2.5 code.

Why do you want to do that in the first place?
I need to do to retain the confidentiality for certain core components,
which are not supposed to be open. While I do have the option of
implementing them in C/C++, I'm trying to see if I can avoid that for 2
reasons --
1. Its a fairly large and complex set of components, and doing it in
C/C++ 'might' take significantly longer.
2. I'd try to avoid having mix of languages if possible. It makes the
developement easier to maintain/manage over a period of time.

There is very few you can do to obfuscate Python code. You can't
rename classes nor methods nor global variables nor argument names
due to the dynamic nature of Python. All you can safely do is to
remove comments and join simple statements using ;
I do not understand the nuances of dynamic languages completely, so this
might be a foolish assumption, but if i make a complete, self-contained
Python application (collection of modules), then just before shipping a
production copy, why can't I replace 'all' symbols i.e. classes,
methods, variables etc ? Esply if I'm compiling the source ?

If you remove docstrings, some things may break. Even renaming local
variables isn't safe in all cases.
Hmmm... but I'm aware of atleast 2 Obfuscators one commercial and one
FOSS, that seem to exist for Python. The commercial one is what I might
try if I don't find anything FOSS. The FOSS one seems to be a dead
project. If they are (or have been) there, I guess obfuscation is a
doable thing, no ?
The Python world isn't particularly paranoid about obfuscation. It's
quite easy to publish compiled code only (.pyc and/or .pyo files), and
that offers enough protection for most.

The sad fact is that there seems to be an almost direct inverse
correlation between the worth of the code and the authors' desire to
protect it from piracy.

regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC http://www.holdenweb.com/

Jun 27 '08 #1
Share this Question
Share on Google+
9 Replies


P: n/a
Banibrata Dutta wrote:
>>Wanted to check if there is any known, reliable, FOSS/Libre -- Obfurscator
for Python 2.5 code.
No, sadly, there is not. There are a number of applications I would be
working on if it were possible to obfuscate pyc files. About the best
you can do as of 2008/04 is use Jython to compile into Java bytecode and
obfuscate that using Proguard.

Steve 'not an economics major' Holden wrote:
>The Python world isn't particularly paranoid about obfuscation. It's
quite easy to publish compiled code only (.pyc and/or .pyo files), and
that offers enough protection for most.
Curious Steve, how do you pay the rent and by what authority do you
speak for "The Python world"? Your opinion couldn't be more wrong for
programmers like myself who live by the code they write (as opposed to
its support).

Steve 'not a software consultant' Holden wrote:
>The sad fact is that there seems to be an almost direct inverse
correlation between the worth of the code and the authors' desire to
protect it from piracy.
Would love to see some evidence to that effect.

JB
Jun 27 '08 #2

P: n/a
On Apr 20, 5:28 pm, JB Stern <notform...@sonic.netwrote:
Curious Steve, how do you pay the rent and by what authority do you
speak for "The Python world"? Your opinion couldn't be more wrong for
programmers like myself who live by the code they write (as opposed to
its support).

Are you afraid to show the code to your customer? Are you afraid it
will give you a bad reputatio? Are you worried about loosing future
contracts? Is your code really that bad? Then you better keep it
hidden from sight.

If this is the case, my advice to you would be to find a different
profession. Perhaps flipping burgers at McDonald's fits your talent?





Jun 27 '08 #3

P: n/a
JB "My first post on c.l.py" Stern wrote:
Banibrata Dutta wrote:
>>Wanted to check if there is any known, reliable, FOSS/Libre -- Obfurscator
for Python 2.5 code.

No, sadly, there is not. There are a number of applications I would be
working on if it were possible to obfuscate pyc files. About the best
you can do as of 2008/04 is use Jython to compile into Java bytecode and
obfuscate that using Proguard.

Steve 'not an economics major' Holden wrote:
>The Python world isn't particularly paranoid about obfuscation. It's
quite easy to publish compiled code only (.pyc and/or .pyo files), and
that offers enough protection for most.

Curious Steve, how do you pay the rent and by what authority do you
speak for "The Python world"? Your opinion couldn't be more wrong for
programmers like myself who live by the code they write (as opposed to
its support).
I pay the mortgage by creating software systems, though not usually
packaged systems for shrink-wrap sale. I don't claim to speak *for* the
whole Python world, but as chairman of the Python Software Foundation
and a long-time member of this mailing list I can probably claim to be
more closely in touch with it than many--yourself included, apparently.

If it's important to you to be able to obfuscate your code then you have
made an inapposite choice of language.
Steve 'not a software consultant' Holden wrote:
>The sad fact is that there seems to be an almost direct inverse
correlation between the worth of the code and the authors' desire to
protect it from piracy.

Would love to see some evidence to that effect.
That is just an observation based on the many similar posts that have
been made on this list, not one of them coming from the author of a
recognized software package, plus forty years experience in the software
industry. The ripping of of source code is far less frequent that novice
programmers believe.

The code that novice programmers write is almost always less valuable
than they believe.

regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC http://www.holdenweb.com/
Jun 27 '08 #4

P: n/a
JB "My first post on c.l.py" Stern wrote:
Banibrata Dutta wrote:
>>Wanted to check if there is any known, reliable, FOSS/Libre -- Obfurscator
for Python 2.5 code.

No, sadly, there is not. There are a number of applications I would be
working on if it were possible to obfuscate pyc files. About the best
you can do as of 2008/04 is use Jython to compile into Java bytecode and
obfuscate that using Proguard.

Steve 'not an economics major' Holden wrote:
>The Python world isn't particularly paranoid about obfuscation. It's
quite easy to publish compiled code only (.pyc and/or .pyo files), and
that offers enough protection for most.

Curious Steve, how do you pay the rent and by what authority do you
speak for "The Python world"? Your opinion couldn't be more wrong for
programmers like myself who live by the code they write (as opposed to
its support).
I pay the mortgage by creating software systems, though not usually
packaged systems for shrink-wrap sale. I don't claim to speak *for* the
whole Python world, but as chairman of the Python Software Foundation
and a long-time member of this mailing list I can probably claim to be
more closely in touch with it than many--yourself included, apparently.

If it's important to you to be able to obfuscate your code then you have
made an inapposite choice of language.
Steve 'not a software consultant' Holden wrote:
>The sad fact is that there seems to be an almost direct inverse
correlation between the worth of the code and the authors' desire to
protect it from piracy.

Would love to see some evidence to that effect.
That is just an observation based on the many similar posts that have
been made on this list, not one of them coming from the author of a
recognized software package, plus forty years experience in the software
industry. The ripping of of source code is far less frequent that novice
programmers believe.

The code that novice programmers write is almost always less valuable
than they believe.

regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC http://www.holdenweb.com/

Jun 27 '08 #5

P: n/a
In article
<3e**********************************@26g2000hsk.g ooglegroups.com>,
sturlamolden <st**********@yahoo.nowrote:
On Apr 20, 5:28 pm, JB Stern <notform...@sonic.netwrote:
Curious Steve, how do you pay the rent and by what authority do you
speak for "The Python world"? Your opinion couldn't be more wrong for
programmers like myself who live by the code they write (as opposed to
its support).


Are you afraid to show the code to your customer? Are you afraid it
will give you a bad reputatio? Are you worried about loosing future
contracts? Is your code really that bad? Then you better keep it
hidden from sight.

If this is the case, my advice to you would be to find a different
profession. Perhaps flipping burgers at McDonald's fits your talent?
Even if this were worded in a less rude manner, it would be a silly
argument. For many businesses, keeping their source code secret is
important. Whether you agree with their reasons or not, they feel it is
important to them.

Hiding your source code is not easy (perhaps impossible) in Python, for
reasons which have been covered at length on a regular basis in this forum.
If you only ship .pyc or .pyo files, there is still enough information
recoverable in the field that most businesses which want to keep their
source code hidden would feel excessively exposed.

Producing software is all about using tools. Every tool has advantages and
disadvantages. The key to using tools effectively is understanding what
those are and how they impact your business. If you are lucky, you will
find a tool which meets your needs perfectly. More often, you have to
weigh all the factors and make the best compromise you can.

If keeping your source code secret is of critical importance to your
business, then Python is probably the wrong tool to be using to write an
application that you're going to ship to customers. If keeping your source
code secret is not important to you, that doesn't mean those who do
consider it important are stupid, or evil, or better suited for a career
spatially reorienting meat by-product patties at a popular restaurant
chain. They just have different needs than you do.
Jun 27 '08 #6

P: n/a
On Apr 20, 8:49 pm, Roy Smith <r...@panix.comwrote:
Hiding your source code is not easy (perhaps impossible) in Python, for
reasons which have been covered at length on a regular basis in this forum.
If you only ship .pyc or .pyo files, there is still enough information
recoverable in the field that most businesses which want to keep their
source code hidden would feel excessively exposed.
Every know and then, I see someone complaining you cannot sell
programs written i Python or Java, because the bytecodes are so easily
reverse engineered. The same guys usually have no problem with C#,
because the executable are called 'something.exe'. The fact that
a .NET executable also contain bytecodes, seems to be of little
significance.

It is very easy to obfuscate Python bytecodes beyond normal
comprehension. All that is required is to put the .pyc files in a
zipped folder and encrypt it. Then it's a matter of triviality to
produce a C program that decrypts the zipped folder, embeds a Python
interpreter, and runs the decrypted program. But even this scheme is
not foolproof against an extremely skilled and determined adversary.
Nothing really is. What measures to take depend on the threat.

If the threat prevents distribution of code in any form, one can
always provide critical parts as a web service and distribute nothing
except XML.




Jun 27 '08 #7

P: n/a

"Roy Smith" <ro*@panix.comwrote in message
news:ro***********************@70-1-84-166.area1.spcsdns.net...
| Even if this were worded in a less rude manner,

I agree that Stula's response was rude. But it also strikes me as rude for
people to whine about not getting free help hiding their code from the very
people that they want help from. So I politely suggested that the OP pay
for secret help.

Such requests happen about once a month or so. If all the code-hiders were
to have gotten together to openly share their obfuscation ideas and code, I
suspect there would have been something pretty good by now. But in 10
years of my watching, this does not seem to have happened ;-)

tjr

Jun 27 '08 #8

P: n/a
On Apr 20, 3:31*pm, Steve Holden <st...@holdenweb.comwrote:
JB "My first post on c.l.py" Stern wrote:
Curious Steve, how do you pay the rent and by what authority do you
speak for "The Python world"?
[snip]
I don't claim to speak *for* the
whole Python world, but as chairman of the Python Software Foundation
ROTFLMAO
Jun 27 '08 #9

P: n/a
Terry Reedy <tj*****@udel.eduwrote:
Such requests happen about once a month or so. If all the code-hiders were
to have gotten together to openly share their obfuscation ideas and code, I
suspect there would have been something pretty good by now. But in 10
years of my watching, this does not seem to have happened ;-)
I suppose that makes this a frequently asked question. So who maintains
the FAQ?

-M-
Jun 27 '08 #10

This discussion thread is closed

Replies have been disabled for this discussion.