Geek Answers Handbook

How to prevent decompilation or code checking in Python?

Suppose there is a large commercial project (aka project) that uses Python under the hood to manage plugins to configure new control surfaces that Project can connect to and use.

There was a slight information leak. Some part of the Project Python API leaked into publicly available information, and people were able to write Python scripts that were called by the underlying Python implementation as part of the Project plugin's loading mechanism.

Next, using the inspect module and raw __dict__ , people were able to find out the main part of Project, the underlying Python implementation.

Is there a way to hide Python secret codes?

A quick look at the Python documentation showed a way to save the import of the inspect module as follows:

 import sys sys.modules['inspect'] = None

Does it completely solve the problem?

+4
source share
4 answers

No, this does not solve the problem. Someone might just rename the validation module to something else and import it.

What you are trying to do is impossible. The python interpreter should be able to take your bytecode and execute it. Someone will always be able to decompile the bytecode. They will always be able to create ASTs and view the code stream with variable and class names.

Note that this process can also be performed using compiled language code; the difference is that you get the assembly. Some tools can take the C structure out of the assembly, but I don't have enough experience to comment on the details.

What specific information are you trying to hide? Could you save the server of the algorithm server and make your software a client that concerns your web service? Saving code to the computer you are managing is the only way to really control the code. You canโ€™t give someone a locked cell, keys to a mailbox and donโ€™t open a window when they need to open it to start it. This is for the same reason that DRM does not work.

All that has been said can still be made difficult to reverse engineer, but it will never be impossible when the client has an executable file.

+9
source

It is not possible to keep the application code completely secret.

Honestly, if a group of dedicated and determined hackers (in a good way, not in a derogatory way) can crack the code signing security model for the PlayStation, then your application will not have a chance. Once you put your application in the hands of someone outside of your company, it can be redesigned.

Now, if you want to make some effort to complicate it, you can compile your built-in python executable file, cut out unnecessary modules, obfuscate the compiled python bytecode and wrap it in some malware rootkits that refuse to run your application if the debugger is running.

But you really have to think about your business model. If you see people who are passionate about your product as a threat, if you see people who are willing to take the time and effort to customize your product to personalize their experience as a danger, you may need to rethink your approach to security, Assuming If youโ€™re not in the DRM business or have a similar model that includes squeezing money from reluctant consumers, consider developing an approach that includes sharing information with your users and sharing work with your product.

+7
source

Is there a way to hide Python secret codes?

No. No.

Python is especially easy to reverse engineer, but other languages, even compiled ones, are pretty easy to undo.

+4
source

You cannot completely prevent reverse engineering of the software โ€” if it comes to it, you can always analyze the assembler instructions that make up your program.

However, you can greatly complicate the process, for example, messing around with Python internal components. However, before moving on to how to do this, I would suggest that you evaluate and do this. As a rule, it is more difficult to "steal" your code (you need to fully understand them in order to be able to expand them, after all) than the code itself. However, the clean, indelible interface of the Python plugin can be vital for creating an entire ecosystem around your program, far outweighing the potential flaws so that someone looks into your possibly not-designed coding internals.

+1
source

More articles:


All Articles