How to obfuscate Python code effectively?

ByMartin

How to obfuscate Python code effectively?

This is only a limited, first-level obfuscation solution, but it is built-in: Python has a compiler to byte-code:

python -OO -m py_compile <your program.py>

produces a .pyo file that contains byte-code, and where docstrings are removed, etc. You can rename the .pyo file with a .py extension, and python <your program.py> runs like your program but does not contain your source code.

PS: the limited level of obfuscation that you get is such that one can recover the code (with some of the variable names, but without comments and docstrings). See the first comment, for how to do it. However, in some cases, this level of obfuscation might be deemed sufficient.

PPS: If your program imports modules obfuscated like this, then you need to rename them with a .pyc suffix instead (Im not sure this wont break one day), or you can work with the .pyo and run them with python -O ….pyo (the imports should work). This will allow Python to find your modules (otherwise, Python looks for .py modules).

so that it isnt human-readable?

i mean all the file is encoded !! when you open it you cant understand anything .. ! that what i want

As maximum, you can compile your sources into bytecode and then distribute only bytecode. But even this is reversible. Bytecode can be decompiled into semi-readable sources.

Base64 is trivial to decode for anyone, so it cannot serve as actual protection and will hide sources only from complete PC illiterates. Moreover, if you plan to actually run that code by any means, you would have to include decoder right into the script (or another script in your distribution, which would needed to be run by legitimate user), and that would immediately give away your encoding/encryption.

Obfuscation techniques usually involve comments/docs stripping, name mangling, trash code insertion, and so on, so even if you decompile bytecode, you get not very readable sources. But they will be Python sources nevertheless and Python is not good at becoming unreadable mess.

If you absolutely need to protect some functionality, Id suggest going with compiled languages, like C or C++, compiling and distributing .so/.dll, and then using Python bindings to protected code.

How to obfuscate Python code effectively?

You can use the base64 module to encode strings to stop shoulder surfing, but its not going to stop someone finding your code if they have access to your files.

You can then use the compile() function and the eval() function to execute your code once youve decoded it.

>>> import base64
>>> mycode = print Hello World!
>>> secret = base64.b64encode(mycode)
>>> secret
cHJpbnQgJ2hlbGxvIFdvcmxkICEn
>>> mydecode = base64.b64decode(secret)
>>> eval(compile(mydecode,<string>,exec))
Hello World!

So if you have 30 lines of code youll probably want to encrypt it doing something like this:

>>> f = open(myscript.py)
>>> encoded = base64.b64encode(f.read())

Youd then need to write a second script that does the compile() and eval() which would probably include the encoded script as a string literal encased in triple quotes. So it would look something like this:

import base64
myscript = IyBUaGlzIGlzIGEgc2FtcGxlIFB5d
              GhvbiBzY3JpcHQKcHJpbnQgIkhlbG
              xvIiwKcHJpbnQgIldvcmxkISIK
eval(compile(base64.b64decode(myscript),<string>,exec))

Leave a Reply

Your email address will not be published. Required fields are marked *