Protecting Python source

Nick Coghlan ncoghlan at email.com
Fri Nov 26 16:38:00 CET 2004


Alan Sheehan wrote:
> Hi pythonistas,
> 
> I am looking for methods of deploying applications with end users so
> that the python code is tamper proof. What are my options ?
> 
> I understand I can supply .pyc or .pyo files but they can easily be
> reverse engineered I am told.

If all you want to prevent is casual user tinkering, just shipping compiled 
bytecode is probably enough. (yes it *can* be decompiled, but a casual user 
isn't going to bother, any more than they bother disassembling standard binaries).

For slightly greater obfuscation, push the key parts you wish to obscure into a 
C/C++ extension module.

There's nothing to be done to stop the determined cracker, though, as anyone who 
can effectively reverse engineer pure C++ programs is going to be able to figure 
out how to interpret .pyc files pretty quickly.

> Is it possible to load the scripts from zip files where the zip files
> are password protected ?

Since the interpreter needs to read your zipfile, there are potential problems 
with that. I believe it could be done, though. You'd need a C extension module 
which knew the password and installed a custom import hook to handle opening the 
  zip file. And disassembling the extension module would also give an attacker 
the password, thus allowing them access to the zipfile.

So, as Gerhard said, it really depends on what you mean by "tamper proof".

Cheers,
Nick.



More information about the Python-list mailing list