Menu
we have a business-critical program implemented in Python. Our boss don't want others, especially our rivals to know how it is designed and implemented. So I have to find a way to encrypt it. I first thought of pyc and pyo, but soon I found that they are likely to be disassembled. I wanna encrypt our source codes, but i don't know how to do it? Could you guys please help me with this? Any guidance would be highly appreciated.
752
There is no effective way to obfuscate python such that it can not be trivially converted back to human readable. If you have code that valuable, convert it to C, or keep it on a server.
I would suggest you go back into thinking about this, considering:
Firstly, Python was not designed to be obfuscated. Every aspect of the language is free and accessible to anybody who wants to inspect or modify it. Being a bytecode language makes it difficult to lock down, and Python bytecode is easy to understand. If you want to build something you can't see inside, you will have to use another tool.
Secondly, everything (literally) can be reverse-engineered eventually, so do not assume you'll be able to fully protect any piece of code. You must be able to understand the tradeoff between the importance of hiding a piece of code (for an estimate amount X of resources) versus how useful hiding it actually is (also in terms of effort). Try and realistically evaluate how important your "design and implementation" really is, to justify all this.
Consider having legal requirements. If you expect people will misuse your code, maybe it would be more useful if you could easily discover the ones that do and turn this into a legal issue.
112
separate confidential functionality in C functions and develop SWIG wrappers. If you are using C++, you can consider boost python.
41
Anything can be reverse engineered. It is not possible to give a user's machine information without the possibility for the user to examine that information. All you can do is make it take more effort.
Python is particularly bad if you have this requirement, because Python bytecode is much easier to read than fully assembled machine code. Ultimately whatever you do to make it more obfuscated, the user's computer will have to be able to de-obfuscate it to turn it into normal Python bytecode in order for the Python interpreter to exectute it. Therefore a motivated user is going to be able to de-obfuscate whatever you give them into Python bytecode as well.
If you really have rivals who are likely to want to figure out how your programs work, you must assume that any code you release to end users in any form will be fully understood by your rivals. There is no possible way to absolutely guard against this.
The only way you can get around this is to not give your users this code either, if you can run your code on a server under your control, and only give your users a dumb program that makes requests to your server for the real work.
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
