1

I would like to create a finite state machine that my users cannot see, but can import as a module; or possibly as an encrypted text file to be decrypted and eval(); or ??? I'm open to suggestion as I'm really unsure how to proceed.

  • It must be able to handle NumPy arrays.
  • The remainder of the script must be open source to the user.
  • Use of the machine would eventually expire.

The state machine must remain NATURAL INTELLECTUAL PROPERTY; 100% secure hidden.

How would I go about this? Here is a sample of what I'm looking to do:

import random
import time
import numpy as np

def state_machine(a,b,c):
    # This machine should be hidden from users
    expiration = 1500000000
    if time.time() < expiration:
        state = 0
        if a[-1]>b[-1]<c[-1]:
            state = 1
        elif a[-1]<b[-1]<c[-1]:
            state = -1
        return state
    else:
        return 'subscription expired'

def generate_3_random():
    # Generate some random data for testing purposes
    a = np.random.random(2)
    b = np.random.random(2)
    c = np.random.random(2)
    return a,b,c

a,b,c = generate_3_random()
print [a,b,c]
state = state_machine(a,b,c)
print state

Sample output

>>>[array([ 0.320481  ,  0.83016095]), array([ 0.15776184,  0.35658263]), array([ 0.96922252,  0.78727468])]
3

Taking a module path, the user version would then look like this:

import my_encrypted_machine
import random
import time
import numpy as np

def generate_3_random():

    # Generate some random data for testing purposes
    a = np.random.random(2)
    b = np.random.random(2)
    c = np.random.random(2)
    return a,b,c

a,b,c = generate_3_random()

print [a,b,c]

state = my_encrypted_machine.state_machine(a,b,c)

print state

Output would then be in the same format as the non protected version above.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
litepresence
  • 3,109
  • 1
  • 27
  • 35
  • 4
    If the user can run the code, they can also read the code. All you can do is make it slightly harder. – SLaks Mar 07 '17 at 16:40
  • 1
    Related: http://security.stackexchange.com/a/4639/8715 – jwodder Mar 07 '17 at 17:24
  • 3
    There are various Python code obfuscators, but if it is really important to you, don't use Python. Use a compiled language and keep the source closed. – John Coleman Mar 07 '17 at 17:27
  • 1
    Intellectual property protections are not dependent on whether you can obfuscate your code. – pvg Mar 07 '17 at 17:28

1 Answers1

4

Depending on what you're trying to achieve, you could do a few things:

Completely hide the inner workings of the state machine

If you really don't want them to be able to see the code, put it on a server, and give them a remote API (REST or so) to access it over the network. (and secure the server!) Then unless they hack into your box, they won't be able to see your code.

Temporarily prevent your users from figuring out how it works / prevent casual hackers from seeing your code

Obfuscate the code. See How do I protect Python code? or how to encrypt python source code? for thoughts on this topic. TLDR; it's not easy. Use something else than python :)

What you're describing with an encrypted textfile would require you to provide the user with a decryption key, which probably means they can decrypt themselves.

Laurent S
  • 4,106
  • 3
  • 26
  • 50
  • thanks to all that contributed this morning with quick responses. "how to encrypt python source code?" was an excellent read which demonstrated the impossibility of my request. I will be taking the client/server api approach. – litepresence Mar 07 '17 at 18:27