Freeze/Source Code Question?
debl.nospamm at world.std.com
Fri May 5 19:03:52 CEST 2000
Thanks Tim (and also Quinn) for setting me straight on Freeze. I was
browsing books on Python and I believe it was a thick one on Annotated
Python (?) that I thought said something about making the byte code
secure. But perhaps I misread it, because it was a just a quick
Yes, I understand that anything can be reverse engineered if you take
Python looks really cool, but I am just at the "hello world" level right
Tim Peters wrote:
> [David Lees]
> > I am taking an initial look at Python (total novice) and am puzzled
> > about the existence of Freeze. If you do not wish to show your source
> > code to the world, I gather the byte code in the form of *.pyc files can
> > be executed.
> Disguising source is not the purpose of freeze tools.
> > If the Freeze stuff, just embeds the byte code into a C program
> > (interpreter?) what is the difference from the viewpoint of
> > hiding the code?
> > I assume the C might be easier to run, because everything is in one
> > executable,
> Bingo. It's a convenience for the end user.
> > but is the byte code still not easily viewed with an octal or hex
> > dump, just as in the .pyc files?
> The standard library module "dis" supplies a symbolic disassembler for
> Python bytecode -- no need for binary dumps.
> > Are there really good decompilers that translate byte code into source
> > for Python, so that nothing is really hidden?
> "dis" is a start, and others have built fancier disassemblers on top of it.
> I don't know what "really good" means to you. Certainly good enough to
> extract whatever it is you hope to hide, but see below.
> > If so, is it really much different that Java or Visual Basic, where
> > presumably the same thing can be done?
> Very different: Python code works <wink>.
> BTW, if you think you're more secure distributing, for example, compiled C
> or Fortran code in binary form, you're mistaken: if my machine can execute
> it, I can trace the machine instructions, and they tell me everything your
> program does as well as how it does it. Python bytecode is less work to
> decipher, but a reasonably talented hacker can effectively "reverse compile"
> you-accept-without-reading<wink>-ly y'rs - tim
More information about the Python-list