to prevent reveres engineering for Python
Adam Tauno Williams
awilliam at whitemice.org
Tue May 25 16:43:34 EDT 2010
On Wed, 2010-05-26 at 05:40 +1000, Lie Ryan wrote:
> On 05/26/10 01:09, Adam Tauno Williams wrote:
> > On Tue, 2010-05-25 at 18:49 +0500, Sandy Ydnas wrote:
> >> Agree, reveres engineering is crucial issuer for programming
> >> language
> >> but every executable file can be cracked, for example by using
> >> disassembler!!!
> >> For each weapon there is antiweapon, so
> >> is it possible to prevent reveres engineering when customer have
> >> access to executable made from Python code???
> > No. But you can make it hard.
> > Store a GPG encrypted blob in your program that contains you secret
> > sauce, is decrypted to memory, executed, and then discarded. Setup
> > some kind of license manager like dongle or application to perform the
> > key management.
> That merely gives a false sense of security.
There is no "true" sense of security. There is only degrees of
obfuscation, hence the first sentence: "No. But you can make it hard"
> If the program is decrypted
> in memory, you can easily make a memory dump
Easily? Really? You vastly over estimate the majority of computer
users. If someone who knows how to read the memory of a running process
wants your secret sauce - they are going to get it.
> to get the unencrypted
> program. If I am a competitor that can make economic advantage by
> cracking your secret sauce, it wouldn't be difficult for me to do that.
True. That is pretty much always true. The only effective solution is
to have your app call a web service [or some kind of RPC] to a server
where you keep the secret sauce hidden away.
More information about the Python-list
mailing list