Protecting Python source
Nick Coghlan
ncoghlan at email.com
Fri Nov 26 10:38:00 EST 2004
Alan Sheehan wrote:
> Hi pythonistas,
>
> I am looking for methods of deploying applications with end users so
> that the python code is tamper proof. What are my options ?
>
> I understand I can supply .pyc or .pyo files but they can easily be
> reverse engineered I am told.
If all you want to prevent is casual user tinkering, just shipping compiled
bytecode is probably enough. (yes it *can* be decompiled, but a casual user
isn't going to bother, any more than they bother disassembling standard binaries).
For slightly greater obfuscation, push the key parts you wish to obscure into a
C/C++ extension module.
There's nothing to be done to stop the determined cracker, though, as anyone who
can effectively reverse engineer pure C++ programs is going to be able to figure
out how to interpret .pyc files pretty quickly.
> Is it possible to load the scripts from zip files where the zip files
> are password protected ?
Since the interpreter needs to read your zipfile, there are potential problems
with that. I believe it could be done, though. You'd need a C extension module
which knew the password and installed a custom import hook to handle opening the
zip file. And disassembling the extension module would also give an attacker
the password, thus allowing them access to the zipfile.
So, as Gerhard said, it really depends on what you mean by "tamper proof".
Cheers,
Nick.
More information about the Python-list
mailing list