How to protect P/Cython Code against Reverse Engineering / Decompilation

[consuli]

Hello!

Is it possible to protect P/Cython code against reverse engineering / decompilation?

What are probed countermeasures?

Consuli

[camp0]

Hi,

If you can decompile something, you can understand the code. Im sure you can do things to obfuscate the code, however, I consider more useful to make good software if you know what I mean. Would you mind to specify a bit your project or code?

[ichabod801]

Python is not built to handle this sort of thing. You might be able to do something with Cython, but I expect it would be rather limited.

[snippsat]

There are way like Software as a service (SaaS)
Perhaps the most reliable way of concealing source code is not to distribute your programs at all.
Companies such as Google use a lot Python and have no difficulty in concealing their source code from outsiders.

Freeze code using libraries like PyInstaller(can encrypt bytecode to),CxFreeze,Py2exe,pynsist,Nuitka,Cython.
These tools offer an additional layer of obfuscation over merely supplying bytecode files.

That said Python strive to be as open as possible,we as coder should also follow this philosophy.
Do also some tough choosing a good license.

We see new company like Sentry that has all code open on GitHub.
They do not hide anything,what they earn money on is providing hosting and easier use of there product.

[Larz60+]

Dedicated hackers can pretty much reverse engineer anything (including the Beale ciphers, which were deciphered this January (2017),
the treasure found was worth $43 million, Interested? see: https://en.wikipedia.org/wiki/Beale_ciphers)
Question is, if the thing being reverse engineered is worth the effort.

Actually, this one hasn't been deciphered yet, I thought it had. My mistake. So there you go, a challenge for any taker!

[llanitedave]

Dedicated hackers can pretty much reverse engineer anything (including the Beale ciphers, which were deciphered this January (2017),
the treasure found was worth $43 million, Interested? see: https://en.wikipedia.org/wiki/Beale_ciphers)
Question is, if the thing being reverse engineered is worth the effort.

Actually, this one hasn't been deciphered yet, I thought it had. My mistake. So there you go, a challenge for any taker!

Or, for a challenge on a real undeciphered script, there's always Linear A.

[Larz60+]

Linear A looks interesting

[nilamo]

Hello!

Is it possible to protect P/Cython code against reverse engineering / decompilation?

What are probed countermeasures?

Consuli

Any answer to that question that looked like a "yes" would just lead you into a false sense of security.

Even if python compiled into assembly, people could still look at that assembly to see how it works.  The problem isn't that python can't be decompiled, the problem is that if you're afraid of decompiling, you'll never finish a project.

[consuli]

Hi,

If you can decompile something, you can understand the code. Im sure you can do things to obfuscate the code, however, I consider more useful to make good software if you know what I mean. Would you mind to specify a bit your project or code?

Sure. It is a full automatic regression automat. There are hundreds of possibilities to build a statistical model. And my regression automat tests them all through and suggests you an scientificly appropriate model, whose model qualiity is close to a neural network. I want to sell this as an licensed python extension with limited lifetime.

[wizzardx]

Depends on how effective you need it to be. eg, against casual browsing of source code, or a determined hacker/reverse engineer. eg, even the most secure DRM schemes for AAA games or DVD or blueray or your console will be broken sooner or later by determined hackers, especially if your software is very popular.

For casual people browsing thorough their folders and encountering your code, pyc is probably fine, even though you get reverse engineer software for that, most casual end-users won't really bother.

For less casual people trying to reverse engineer, you may find software like this effective (disclaimer, haven't tested it myself):

https://github.com/Falldog/pyconcrete

If your software is distributed with a python executable, then you can alter the bytecode coding and decoding inside the python binary, so that it's a bit harder to reverse engineer with regular tools.

I think that's how dropbox protects their client-side source code with a few layers, eg:

http://blog.codepainters.com/2012/09/17/...opbox-way/

You may also find this article interesting:

http://bits.citrusbyte.com/protecting-a-...-codebase/

Compiling through Cython is probably a good all-rounder.

Alternately, use your Python code as a prototype, and then port from that to another programming language (eg Go Lang), and then compile and distribute that.