Python obfuscation

Ben Sizer kylotan at gmail.com
Thu Nov 10 17:40:17 CET 2005


Alex Martelli wrote:
> If you have valuable code, and
> distribute it, people WILL crack it -- just check the warez sites for
> experimental proof... EVERYTHING that people are really interested in
> DOES get cracked, no matter what tricky machine-code the "protections"
> are coded in.

That is very black and white thinking. It may be true that everything
gets cracked, but there are different degrees to which it might harm
your business model. On top of that, some users may be reluctant to
install binary cracks from obviously disreputable sources. Who knows
what spyware or viruses you could catch? Compare that to the simplicity
and safety of someone posting instructions to "open secure.py in
notepad, and change the 'if license_found:' line to 'if 1:'", for
example. No risk and even less effort than applying a patch.

If someone wants to break into your house, they will get in. But it's
still worth taking some precautions (locks, alarms, whatever) to reduce
the probability.

> There's ONE way to have uncrackable code -- don't distribute it, but
> rather put it up on the net on a well-secured machine under your
> control, available as (say) a webservice (subscription-only, pay per
> use, or whatever business model you want).

This is all well and good when:
- web access is free (it's not if you're on dialup, or on a portable
device/phone)
- web access is fast enough (it's not if you're working with certain
types of real-time games or multimedia)
- web access is convenient (it's not if you're behind a restrictive
firewall, or your country/area is poorly connected)

For example, I'd like to write a game in Python. I'd like to give the
game away free and charge for extra content. In C++ I can make it
difficult for users to share content with others who haven't paid for
it, with cryptographic hashes and the like. No, not impossible, but
difficult enough to deter most people. In Python it's much harder, when
the end user can open up the relevant file and quickly remove the
license check. No doubt this is another of the reasons why Python isn't
catching on quickly for game development, sadly.

(I'm not saying this is a deficiency of Python as such. It's just a
comment on the situation.)

> This is (a minor) one of the many reasons that make webservices the way
> of the future (hey, even *MSFT* noticed that recently, it seems...).

But they are not suitable for all applications, and probably never will
be.

-- 
Ben Sizer




More information about the Python-list mailing list