[Announce] pyobfuscate

[Peter Astrand]

I've written a Python source code obfuscator. The project home page is
http://www.lysator.liu.se/~astrand/projects/pyobfuscate/. I'm including a
copy of the README file below.



pyobfuscate - Python source code obfuscator
===========================================

pyobfuscate is a source code obfuscator: It makes Python source code
hard to read for humans, while still being executable for the Python
interpreter.


Why obfuscate?
--------------

Obfuscation makes little sense for Open Source
(http://www.opensource.org/) programs, but vendors developing
commercial applications are usually not happy with shipping the
original source code to customers.

Several obfuscators for other languages, like Java, already
exists. With Python, the problem is even more severe than with Java,
because Python bytecode is not compatible between different Python
versions. Also, bytecode is very easy to "decompile" to source code by
using "decompyle": http://www.crazy-compilers.com/decompyle/.

If shipping original source code is the only option for distributing
Python applications, then many vendors might choose another
programming language instead.


What does pyobfuscate do?
-------------------------

pyobfuscate transforms the source code in several ways. Some of these
transformations are reversible (can be "un-obfuscated"); some are
not. Here's a list of what pyobfuscate currently does:

* Removes comments and docstrings (not reversible)

* Changes indentation (reversible)

* Adds whitespace between tokens (somewhat reversible)

* Renames functions, classes and variables (not reversible)

* Inserts bogus lines instead of blank lines.


Limitations
-----------

pyobfuscate operates on one single source file at a time. It does not
obfuscate the interface between several files.

pyobfuscate cannot obfuscate methods, class variables or other
attributes, currently. See the TODO for more information.

 

[steve]

I've written a Python source code obfuscator. The project home page is
http://www.lysator.liu.se/~astrand/projects/pyobfuscate/. I'm including a
copy of the README file below.

<snip>

I love pyobfuscate!!!! Well done.

I have an idea to make it even more evil:
Replace all constants with variables.
This means that you need to define the
variables with the constants above.
This should be as complicated as possible
and hidden within all of the 'if 1 - 1:' lines.

eg
def double_x(x):
return x * 2

becomes:

# start with a few lines of confusing many digit
# integers to set up some starting variables
if 100111001 - 10011001: i1II11 = 36
# true -> really set
if 1011001 - 1011001: o00O0o = "bu"
# false -> not set
if 10111101 - 1011101: i1II11 = 108
# false -> not reset - still 36
if 100111001 - 10011001: i1II11 = 18
# true -> really reset
# => this prevents anyone from doing
# a global replace of i1II11 with 36

# after you have a few variables to play
# with use them instead of integers
if i1II11 - oOO0ooOO: oo00 = i1II11 / ooOO00

# (assuming ooOOoOo == iiiIii11 and OOOooo00 == 2)
# eventually you get to:
def oooOOooOO (iiI11I1i):
if ooOOoOo - iiiIii11: return iiI11I1i * oo00
else: return iiIII11I1i * OOOooo00
# okay maybe the bogus return is overdoing it

Of course this is all interspersed with the classes
and functions above the one you are interested in.
This also has a major benefit of preventing anyone
from just deleting all of the 'if 27 - 27:' lines.

To make it even more evil include a few lists,
this enables you to change numbers using other
references.
eg (assuming ii == 1 and oo = 0)

if ii - oo: II = [o0, i1]
....
if oo - ii: OO = II
....
if ii - oo: OO[oo] = iI
....
if oo - ii: iii = II[oo] # now iii == iI

Also I don't understand why you don't obfuscate
the parameters of methods. Shouldn't they be
the same as the parameters of global functions?
(Sorry I am a bit of a newbie,
so I may be missing something.)

A potential way to obfuscate method names while
keeping the original name would be to define the
method with an obfuscated name and then to set
the proper name to the obfuscated name.
eg

class a:
def __init__():
pass

becomes

class iIiIiI:
def oOoOoO(ii111II):
pass
__init__ = oOoOoO

And if you use some list references set up before the
class definition like above then it would be murder
to find which definition went with which name.

class iIiIiI:
def oOoOoO(ii111II):
pass
OO[ii] = oOoOoO
__init__ = II[ii]

Ah, this has got so much potential...

Steve

 

[Josiah Carlson]

Have you thought about becoming a mad computer scientist? I think you'd
do well.

- Josiah

 

[Miki Tebeka]

Hello Josiah,

Have you thought about becoming a mad computer scientist? I think you'd
do well.

You can view many more ideas like that in:
http://mindprod.com/unmain.html

Which is an amazing site to learn what *not* to do.

Miki

 

[phil hunt]

pyobfuscate - Python source code obfuscator
===========================================

pyobfuscate is a source code obfuscator: It makes Python source code
hard to read for humans, while still being executable for the Python
interpreter.

Of course, this facility comes as standard with Perl.