Freeze/Source Code Question?

David Lees debl.nospamm at world.std.com
Fri May 5 13:03:52 EDT 2000 

Thanks Tim (and also Quinn) for setting me straight on Freeze.  I was
browsing books on Python and I believe it was a thick one on Annotated
Python (?) that I thought said something about making the byte code
secure.  But perhaps I misread it, because it was a just a quick
bookstore browse.

Yes, I understand that anything can be reverse engineered if you take
the trouble.

Python looks really cool, but I am just at the "hello world" level right
now.

David Lees


Tim Peters wrote:
> 
> [David Lees]
> > I am taking an initial look at Python (total novice) and am puzzled
> > about the existence of Freeze.  If you do not wish to show your source
> > code to the world, I gather the byte code in the form of *.pyc files can
> > be executed.
> 
> Disguising source is not the purpose of freeze tools.
> 
> > If the Freeze stuff, just embeds the byte code into a C program
> > (interpreter?) what is the difference from the viewpoint of
> > hiding the code?
> 
> None.
> 
> > I assume the C might be easier to run, because everything is in one
> > executable,
> 
> Bingo.  It's a convenience for the end user.
> 
> > but is the byte code still not easily viewed with an octal or hex
> > dump, just as in the .pyc files?
> 
> The standard library module "dis" supplies a symbolic disassembler for
> Python bytecode -- no need for binary dumps.
> 
> > Are there really good decompilers that translate byte code into source
> > for Python, so that nothing is really hidden?
> 
> "dis" is a start, and others have built fancier disassemblers on top of it.
> I don't know what "really good" means to you.  Certainly good enough to
> extract whatever it is you hope to hide, but see below.
> 
> > If so, is it really much different that Java or Visual Basic, where
> > presumably the same thing can be done?
> 
> Very different:  Python code works <wink>.
> 
> BTW, if you think you're more secure distributing, for example, compiled C
> or Fortran code in binary form, you're mistaken:  if my machine can execute
> it, I can trace the machine instructions, and they tell me everything your
> program does as well as how it does it.  Python bytecode is less work to
> decipher, but a reasonably talented hacker can effectively "reverse compile"
> anything.
> 
> hence-the-restriction-against-doing-that-in-all-the-software-licenses-
>     you-accept-without-reading<wink>-ly y'rs  - tim

More information about the Python-list mailing list