Need advice for obfuscating Python code
brueckd at tbye.com
brueckd at tbye.com
Tue Feb 26 18:28:19 EST 2002
On Tue, 26 Feb 2002, Sandeep Gupta wrote:
> I've written a product in Python and I wanted to find out how best to
> obfuscate the code. I want the distributed files to be moderately hard to
> reverse engineer.
>
> One option is to compile the code and distribute the .pyo files. Are there
> any better alternatives?
Decompyle can take bytecode and produce Python source that is really close
to the original, so a good software license might give you better results.
That being said, you can store the bytecode encrypted/compressed in a
bundle like this (untested):
import os, rotor, marshal
key = "ILovePurplePantsDon'tYou?"
archiveName = 'msc21.dll' # Use a name nobody will suspect
dict = {}
for file in filesToArchive: # list of .py/.pyc filenames
data = open(file, 'rb').read()
base, ext = os.path.splitext(file)
if ext == '.py':
dict[base] = (1, data)
else:
dict[base] = (0, data[8:]) # beware the voodoo! (8=size of .pyc hdr)
rot = rotor.newrotor(key)
open(archiveName, 'wb').write(rot.encrypt(marshal.dumps(dict)))
With your archive in place, you can have Python use it for imports:
import imputil, marshal, rotor,sys
imputil.ImportManager().install()
sys.path.insert(0, imputil.BuiltinImporter())
class ArcImp(imputil.Importer):
def __init__(self, key, arcFile):
rot = rotor.newrotor(key)
data = rotor.decrypt(open(arcFile, 'rb').read())
self.arcDict = marshal.load(data)
def get_code(self, parent, name, fqname):
try:
isSrc, data = self.arcDict[fqname]
if isSrc:
return 0, compile(data, fqname, 'exec'), {}
else:
return 0, marshal.loads(data), {}
except KeyError:
pass # Let default importing happen
sys.path.insert(0, ArcImp(key, arcFile))
That should work. Of course, since the code that decrypts and loads your
code will be visible, you probably want to use a long key (or another form
of encryption) and install the customer importer from a C program that
runs an embedded interpreter (installs the importer and then runs the rest
of your program).
-Dave
More information about the Python-list
mailing list