Newbie needs to be set straight again ...

Jyrinx jyrinxat at mindspringdot.com
Tue Jan 22 02:00:05 EST 2002 

Last time I posted around here, it was certainly an outsider/newbie
question, and I was quickly set straight. Since I think I benefitted much
from the ensuing debate, I'm come to be wrong again :-)

Being a recent Python convert, I've still had a few reluctancies nagging
at me lately, the most major of which regards the concerns of
closed-source projects (which I believe to be a necessary, or at least
realistic, figure in the software world). It's the classic question of a
want of some sort of bytecode obfuscator to discourage reverse
engineering; I've been poking around in newsgroup searches, and most
people who ask about such a thing are told that such protections are
futile, and that any experienced hacker could break any scheme, all in a
day's work, and that the only real solution is social: a good license, and
a good lawyer. Certainly true.

What's bugging me is this: Isn't *some* level of protection reasonable?
Certainly, it's been shown that even machine code isn't safe, but then
again, Python represents the opposite extreme: a perfect decompiler (with
variable names and everything, no?) is included in the *standard*
*distribution.* It doesn't take a hacker to reverse-engineer it; it seems
that even *casual* reverse engineering is quite possible. Even Freezing
the code leaves it in the open, and I imagine a program to look for Python
bytecode embedded in a binary wouldn't be difficult.

I should think that, if I were working on a closed-source project in
Python, I would find it well worth the minimal effort to chug the bytecode
through a simple program that would scramble variable names and rearrange
stuff (as has been suggested). It would be much like the basic protections
on most game CD's - a joke to any serious effort, but enough to discourage
random morons from copying rampantly, and (I should think) requiring very
little effort on the part of the developer - in other words, being
cost-effective.

Anyway, as you can see, I'm speculating quite a bit; I'm sure I'm dead
wrong in some subset of the real world. Who wants to play Educate The
Confused, Wayward Newbie? :-)

Jyrinx
jyrinx at mindspring dot com

(In any case, I should think an obfuscator utility would be rather simple
(more newbie speculation ... ); wouldn't it be worth the effort to write
one, if only to get big, dumb companies to accept Python more readily,
reality be damned? You know, just to make them feel better? At the very
least, it'd be fun to sit back and make fun of the latest escapades from
the idiots at the top ... )

More information about the Python-list mailing list