Securely distributing python source code as an application?
sturlamolden
sturlamolden at yahoo.no
Fri Dec 7 23:04:10 EST 2007
So for example one could:
1. Put all the compiled Python bytecode in an encrypted binary file.
2. Build a small binary executable (.exe file) that:
2a. Reads the binary file.
2b. Decrypts it to conventional Python byte code.
2c. Embeds a Python interpreter.
2d. Executes the bytecode with the embedded Python.
3. Link the executable with a licence manager such as flexlm.
I think that should be rather safe (but I could be wrong).
A really malicious customer/cracker could e.g. look in the exe-file
and extract the crypto key. Then he (or less likely she) could guess
which crypto algorithm you have used, and decrypt the bytecode. The
cracker could then decompile the bytecode to Python VM opcodes, and
use that to reverse engineer your program. One could make it more
difficult for the cracker by asking each customer for a hardware hash
and use that for crypto. That way the key would not be (completely)
visible in the exe file. But history has shown that one can never
safeguard a program 100% against humans with malicious intent. I know
of no DRM system that has never been circumvented.
More information about the Python-list
mailing list