0

I'm rather new to Python, though hope to use it for both programming and scripting. I've written basic scripts, and did some digging for compiling. I'm currently using py2exe (With a different setup.py script someone else made) so that it becomes ONE simple .exe, without dependencies (python DLL, etc.)

You're probably wondering what my problem is. Well, I decided to check the security of the executable, and view it in Resource Hacker. I was able to view all the parts of the script I DIDN'T want people to be able to find out. (Ex: Password inputs).

Can anyone give me a simple, working method, for converting PYTHON code to a STANDALONE executable that CANNOT allow viewing of the original python script via something like Resource Hacker?

  • I am not thoroughly knowledgeable in the field.. I'm also not developing commercially (Yet), I just want to make things for myself, that I may also make for other people.. Though I might freelance for random people online doing things. Anyways point being, if I had a script where it prompted you for a password, and if you got it correct it continued, else, it cancelled and exited.... then once I make it a .exe, opening in Resource Hacker, and viewing the "Python Script", I scroll to the bottom, and bam! It shows the passwords. Now when I say I'm new, I mean, really REALLY new. Anyways, if you don't mind explaining, "Encryptions", "Hash's", etc... I would prefer to be enlightened towards these subjects.'

Your help is appreciated.

user3207604
  • 1
  • 2
  • 3
    Check out [this question](http://stackoverflow.com/questions/261638/how-do-i-protect-python-code) – wnnmaw Jan 17 '14 at 17:22
  • 1
    If you have passwords in the program, anyone with a debugger can find them as your program runs. Encrypting them helps somwhat (i.e. against casual inspection of the binary), but nothing will help when the program is running. Usually, once does not store a PASSWORD but rather some kind of API TOKEN which can be changed if compromised. – Macke Jan 17 '14 at 17:47
  • 1
    You're currently considering "security by obscurity". If you have a network service that someone can connect to through a public program, then they can also (technically) connect otherwise and do the same things, because you publicly disclose any secrets needed for access. – Kos Jan 17 '14 at 18:37
  • What's the problem? That users can read *the code* or that they can read *the passwords*? If it's the latter you should really put the passwords into an encrypted file. Even better: just put the hash of the passwords. You can then ship the code as you please. If it's the code: why is this important? Which license are you using for your program? – Bakuriu Jan 17 '14 at 19:13

1 Answers1

0

Here are the simple steps (with freeze)-

  1. You will need to use a python installation which has all its modules installed as shared libraries

  2. freeze.py usually resides under <python_install>/Tools/freeze/freeze.py

    e.g: Python-2.4.2/linux/Tools/freeze/freeze.py

  3. Now to integrate freeze a very simple program, which does not have dependency on any custom python module you will just need to call freeze in this fashion:

e.g:

cat hello.py

#!/usr/bin/env python
print "Testing"

To Freeze:

a. Python-2.4.2/linux/Tools/freeze/freeze.py hello.py
b. make

you will see there is a executable hello.

file hello
hello: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.4.0, dynamically linked (uses shared libs), not stripped

that's it: now invoke hello will produce:

[0:22:47]% ./hello
Testing
Arovit
  • 3,579
  • 5
  • 20
  • 24