hide python code !

[Bayazee]

hi
can we hide a python code ?
if i want to write a commercial software can i hide my source code from
users access ?
we can conver it to pyc but this file can decompiled ... so ...!!
do you have any idea about this ...?

 

[John Machin]

hi
can we hide a python code ?
if i want to write a commercial software can i hide my source code from

^^^^^^^^^^^^^^^^^^^^^^^^[1]

users access ?
we can conver it to pyc but this file can decompiled ... so ...!!
do you have any idea about this ...?

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^[2]


[1] and [2] don't seem to be compatible.

Really the only way to keep your code secret is not to distribute it --
provide the functionality from a web server.

If you want to distribute obfuscated code, consider writing it in perl

 

[Bayazee]

hi
in compiled languages when we compile a code to an executable file it
convert to a machine code so now we cant access to source ...
but in python we easily open the program executable(ascii) file and
read source ....
i meen than any way to protect my code or convert it to executable
witch can not be decompiled (python code)....

 

[John Machin]

hi
in compiled languages when we compile a code to an executable file it
convert to a machine code so now we cant access to source ...
but in python we easily open the program executable(ascii) file and
read source ....
i meen than any way to protect my code or convert it to executable
witch can not be decompiled (python code)....

I know what you mean.

However consider this: There is no such thing as an executable which
cannot be decompiled; if the code can be executed, then anybody with
read access to the code can disassemble/decompile/whatever it -- there
is no theoretical difference between disassembling an .exe file and
decompiling a .pyc file. What's in a .pyc file is just the machine code
for a virtual machine ...

Consider changing your business plan: write crappy software, charge
heaps for support -- it's not a novel idea

 

[Steven D'Aprano]

hi
in compiled languages when we compile a code to an executable file it
convert to a machine code so now we cant access to source ...

There are disassemblers for machine code. If somebody really wants to see
how your code works, they can do it.

but in python we easily open the program executable(ascii) file and read
source ....

Yes. That is by design.

i meen than any way to protect my code or convert it to executable witch
can not be decompiled (python code)....

In your first email, you wrote:

"First Iranian Open Source Community : www.python.ir"

Hiding source code is incompatible with Open Source software. You can hide
code, or be Open Source, but not both.

What makes you think that your code is so special that it is worth
stealing? Do you have incredible secret algorithms that nobody has ever
seen before? Or are you just so ashamed of it that you don't want people
to see it?

Or maybe you've copied other people's code, and you don't want them to see
that? What are you hiding?

Whatever your reasons for hiding the source code, there are things which
you can do to obfuscate Python code which will make it difficult for
people to get to the source code. Google for "python obfuscate" for links.
But I'm guessing that, if you hide your source code, most people will
wonder what you are hiding and avoid your program.

If you really want something which compiles to machine code, then Python
is not the language for you. Use another language.

 

[enigmadude]

I don't think you're the first person that has wondered about this. But
you might have some options:

1. If you are running it on Windows only, use py2exe to wrap it up as
an executable.
2. I've never done this, but you might be able to encrypt or otherwise
turn you modules into binary form, and then use a clever import hook. I
know zipimport in the standard lib gives you more control over
importing zip files, but I don't think it can handle encrypted ones.
3. Write a custom module importer in C using Python's API so you can
encrypt your modules any way you want as long as you know how to use C
to decrypt them again.

There's probably a thousand other ways if you're clever enough (e.g.
write it in Jython and package it as .jar files). As long as your
program sticks closer to pure Python, the easier it will be. If you're
using a lot of open source modules to help you out, you might want to
double-check their licensing to see if what you're doing is allowed
anyway.

 

[Cameron Laird]

There are disassemblers for machine code. If somebody really wants to see
how your code works, they can do it.


Yes. That is by design.


In your first email, you wrote:

"First Iranian Open Source Community : www.python.ir"

Hiding source code is incompatible with Open Source software. You can hide
code, or be Open Source, but not both.

What makes you think that your code is so special that it is worth
stealing? Do you have incredible secret algorithms that nobody has ever
seen before? Or are you just so ashamed of it that you don't want people
to see it?

Or maybe you've copied other people's code, and you don't want them to see
that? What are you hiding?

Whatever your reasons for hiding the source code, there are things which
you can do to obfuscate Python code which will make it difficult for
people to get to the source code. Google for "python obfuscate" for links.
But I'm guessing that, if you hide your source code, most people will
wonder what you are hiding and avoid your program.

If you really want something which compiles to machine code, then Python
is not the language for you. Use another language.

.
.
.
Oh, Pyrex <URL:
http://www.cosc.canterbury.ac.nz/greg.ewing/python/Pyrex/version/Doc/About.html >
on you.

I'll be more explicit. If Bayazee or others *truly* want to write in
Python, or something very close to it, and end up with machine code,
there *are* existing techniques, and I recommend Pyrex among them.

I also disagree with your characterization of Open Source. On the
other hand, your conclusion that Python probably will never make the
we-want-obfuscation-without-much-understanding-of-what-it-is crowd
happy probably is correct.

Myself, I just marvel at the different worlds in which we live. *My*
experience has to do with how tough it is to deploy and maintain
correct, working stuff, even with teams of seasoned pros. The thought
that users will routinely reverse-engineer our applications, and ...
well, I marvel.

 

[Simon Forman]

hi
in compiled languages when we compile a code to an executable file it
convert to a machine code so now we cant access to source ...

It can still be disassembled and reverse engineered.

but in python we easily open the program executable(ascii) file and
read source ....
i meen than any way to protect my code or convert it to executable
witch can not be decompiled (python code)....

How do you reconcile this desire with being part of "First Iranian Open
Source Community"?

I am not hostile, just curious.


BTW, John Machin's suggestion of presenting your code as a web service
is a good one.

Peace,
~Simon

 

[Ben Finney]

can we hide a python code ?

Sure; don't distribute it to anyone. Then they can't run the program
or inspect it or anything.

if i want to write a commercial software can i hide my source code
from users access ?

You can write commercial software and sell it without hiding the
source code.

we can conver it to pyc but this file can decompiled ... so ...!!

Indeed. So?

 

[Bruno Desthuilliers]

hi
can we hide a python code ?
if i want to write a commercial software can i hide my source code from
users access ?
we can conver it to pyc but this file can decompiled ... so ...!!

It's just the same with java byte-code or machine code. FWIW, I had a
cracked (and localised) copy of Steinberg's Cubase midi sequencer v1.1
*before* v1.0 was publicly available in France... And believe me, they
had made their best to protect the software (dongle etc...).

The only secure way to protect "critical" code is to not distribute it -
make it run on your own server, and require the application to access
the server.

 

[Bruno Desthuilliers]

Steven D'Aprano wrote:
(snip)

If you really want something which compiles to machine code, then Python
is not the language for you. Use another language.

But that won't protect your software from piracy anyway.

 

[Rob Wolfe]

If you want to distribute obfuscated code, consider writing it in perl

LOL

That's really strong protection. Machine code is too easy
to reverse engineer.

Regards,
Rob

 

[Slawomir Nowaczyk]

On Thu, 10 Aug 2006 17:35:27 -0700

#> 2. I've never done this, but you might be able to encrypt or otherwise
#> turn you modules into binary form, and then use a clever import
#> hook.

Please observe that whatever the "clever import hook" is, it actually
needs to know the way to *decrypt* the module (secret key or
whatever). It means that if somebody decompiles the importing code, he
can just as well decompile the "hidden" one.

--
Best wishes,
Slawomir Nowaczyk
( (e-mail address removed) )

Children are natural mimics, who act like their parents despite
every effort to teach them good manners.

 

[Paul Boddie]

Hiding source code is incompatible with Open Source software. You can hide
code, or be Open Source, but not both.

[...]

I also disagree with your characterization of Open Source.

I don't know which part of the open source movement would tolerate the
hiding of source code whilst simultaneously calling the resulting
software "open source", but I'd imagine they'd have a hard time
justifying their "open source" label. Of course, it is possible to be
the "First Iranian Open Source Community" in terms of consuming open
source software rather than producing it, so perhaps that's what the
questioner intended to communicate in their signature.

[...]

Myself, I just marvel at the different worlds in which we live. *My*
experience has to do with how tough it is to deploy and maintain
correct, working stuff, even with teams of seasoned pros. The thought
that users will routinely reverse-engineer our applications, and ...
well, I marvel.

I've previously mentioned a very interesting paper which not only
described the reverse engineering of the Skype protocol and software
but also described how to make interoperating Skype clients. Given that
the well-financed developers spent a lot of time introducing various
protection measures (encryption, verification, etc.) and yet someone
can write the aforementioned stuff up in a paper, I'd recommend an
upgrade to any business plan which relies on obfuscation to prevent
"unauthorised" use or modification. Indeed, I'd recommend that any such
entrepreneur think twice about starting a traditional proprietary
software business in this day and age.

Paul

 

[Fuzzyman]

hi
can we hide a python code ?
if i want to write a commercial software can i hide my source code from
users access ?
we can conver it to pyc but this file can decompiled ... so ...!!
do you have any idea about this ...?

You can distribute the compiled byte-code files (*.pyc) which are
harder to turn back into source code.

There was a product called decompyle which could do it, but although
there is a version floating around which works for Python 2.4 I've
never heard of anyone getting it to work.

Import hooks and encrypted source are a good option.

Py2exe embeds the byte-code file for your main script into the
executable which is also pretty good.

All of these make it hard enough to deter most people who will ever
want to abuse your source code. Until you have *lots* of users this is
probably enough.

I never understand the knee-jerk reaction on this mailing list to
answer people who ask this question by telling them they don't really
want to do it...

Fuzzyman
http://www.voidspace.org.uk/python/index.shtml

 

[Fuzzyman]

Paul Boddie wrote:
[snip..]

I've previously mentioned a very interesting paper which not only
described the reverse engineering of the Skype protocol and software
but also described how to make interoperating Skype clients. Given that
the well-financed developers spent a lot of time introducing various
protection measures (encryption, verification, etc.) and yet someone
can write the aforementioned stuff up in a paper, I'd recommend an
upgrade to any business plan which relies on obfuscation to prevent
"unauthorised" use or modification. Indeed, I'd recommend that any such
entrepreneur think twice about starting a traditional proprietary
software business in this day and age.

How many users did skype have before that happened...

Several orders of magnitude above what is required to earn a living
from selling a few programs I suspect.

Fuzzyman
http://www.voidspace.org.uk/python/index.shtml

 

[Paul Boddie]

can we hide a python code ?
if i want to write a commercial software can i hide my source code from
users access ?
we can conver it to pyc but this file can decompiled ... so ...!!

[...]

You can distribute the compiled byte-code files (*.pyc) which are
harder to turn back into source code.

As the man said, and I've seen various proprietary software companies
do just that.

There was a product called decompyle which could do it, but although
there is a version floating around which works for Python 2.4 I've
never heard of anyone getting it to work.

I've got decompyle to work in the recent past (about a year or so ago)
- the trick was to find the Debian package and to make some minor
adjustments to the code to work with whatever breakage the 2.3 -> 2.4
upgrade caused.

[...]

I never understand the knee-jerk reaction on this mailing list to
answer people who ask this question by telling them they don't really
want to do it...

Well, given the pace of technological development and the disregard in
some environments for perpetual backward compatibility, how much of
your infrastructure would you implement in vendor-supplied binaries,
especially when the vendor is a one man plus dog operation? When the
binaries don't work on your newly-upgraded system and the vendor is on
holiday (possibly for good), it doesn't look like a knee-jerk reaction
any more.

Paul

 

[Tim Chase]

can we hide a python code ?

All of these make it hard enough to deter most people who will ever
want to abuse your source code. Until you have *lots* of users this is
probably enough.

I never understand the knee-jerk reaction on this mailing list to
answer people who ask this question by telling them they don't really
want to do it...

I think the reaction is based mostly in reality...an honest
answer: If you give people the program, then you also give them
the ability to reverse engineer it. It's as simple as that.

No matter how dongled, obfuscated, compiled, encrypted, etc. At
some point the code actually has to be executed/interpreted, and
at that point, it can be intercepted. Thus, "by telling them
that they don't really want to do it", the list is conveying the
futility of attempting to strive for the goal. Obfuscation may
be a shallow speedbump, and for some folks, better than nothing.
However, it's better to have a good relationship with your
customers and know that they will adhere to licensing conditions,
rather than to try and strong-arm them into behaving a particular
way.

My "%s%0.2f" % (currency_marker, 0.02) on the matter.

-tkc

 

[Fuzzyman]

can we hide a python code ?
if i want to write a commercial software can i hide my source code from
users access ?
we can conver it to pyc but this file can decompiled ... so ...!!

[...]

You can distribute the compiled byte-code files (*.pyc) which are
harder to turn back into source code.

As the man said, and I've seen various proprietary software companies
do just that.

There was a product called decompyle which could do it, but although
there is a version floating around which works for Python 2.4 I've
never heard of anyone getting it to work.

I've got decompyle to work in the recent past (about a year or so ago)
- the trick was to find the Debian package and to make some minor
adjustments to the code to work with whatever breakage the 2.3 -> 2.4
upgrade caused.

[...]

I never understand the knee-jerk reaction on this mailing list to
answer people who ask this question by telling them they don't really
want to do it...

Well, given the pace of technological development and the disregard in
some environments for perpetual backward compatibility, how much of
your infrastructure would you implement in vendor-supplied binaries,
especially when the vendor is a one man plus dog operation? When the
binaries don't work on your newly-upgraded system and the vendor is on
holiday (possibly for good), it doesn't look like a knee-jerk reaction
any more.

If you distribute applications with py2exe then your application is no
longer dependent on the installed version of Python.

The question keeps getting asked because a lot of new programmers are
looking to create programs that they will sell. A lot of these will be
good programmers, and some of the software will be successful. Telling
them 'you can't do that with Python', does no good to Python itself.

In fact what you can do with Python is not a lot worse than most other
languages, and almost certainly *good enough* for this sort of thing.

Fuzzyman
http://www.voidspace.org.uk/python/index.shtml

 

[Fuzzyman]

All of these make it hard enough to deter most people who will ever
want to abuse your source code. Until you have *lots* of users this is
probably enough.

I never understand the knee-jerk reaction on this mailing list to
answer people who ask this question by telling them they don't really
want to do it...

I think the reaction is based mostly in reality...an honest
answer: If you give people the program, then you also give them
the ability to reverse engineer it. It's as simple as that.
[snip..]

But until your number of users gets beyond quite a high level, it's
just extremely likely that any of your individual users will have that
sort of ability - or anyone else will have the motivation to do it.

What you can do with Python is almost certainly *good enough* for most
people who ask this question - and that fact never seems to be included
in the 'reality' propogated by the knee jerk reactionists...


Fuzzyman
http://www.voidspace.org.uk/python/index.shtml