6

Is there any existing python code obfuscating tool for Python3?

Please do not try to teach me that Python isn't the right choice if I want to hide/obfuscate my code. Or that correct licenses should protect the code instead of obfuscation...

Update: This question does not duplicate issue How do I protect Python code?: I simply ask if there is a tool to obfuscate Python. Nothing more and nothing less. (If there is none I wonder why I get so much feedback...)

Community
  • 1
  • 1
gecco
  • 17,969
  • 11
  • 51
  • 68

6 Answers6

7

No matter what you do, at some point the Python interpreter is going to be reading in unobfuscated Python byte-code. From that it is dead easy to get back to your source code (minus comments and non-obvious layout). This is why everybody says it's pretty much impossible to obfuscate Python. The fact that it's pretty much impossible to obfuscate Python implies that there are no good tools for doing so. I'm afraid it's just wishful thinking to say "I know this can't be done very effectively, but are there any tools for doing it?"

Probably the best you can do will be to encrypt your code with standard encryption tools, and write a little wrapper program in some other language that just decrypts your Python and runs your program, then deletes the unencrypted code when it's done. If you want to put way too much effort in you could probably do something with the C API and embedding the Python interpreter in a C program to feed your unencrypted Python to the interpreter only in memory, rather than files on disk.

Note that these schemes will still be relatively easy to get around, and don't work at all if what you want is to provide importable Python modules (rather than whole programs). Which is why I wouldn't expect to find anyone's already written a tool for you to do it.

Ben
  • 68,572
  • 20
  • 126
  • 174
  • +1 for the answer even if it does not provide the name/link of an existing tool – gecco Nov 10 '11 at 08:25
  • A good obfuscator will create an unreadable mess of the source while maintaining the program logic in a way that decompiling it won't help much. – Amnon Apr 13 '23 at 09:30
  • @Amnon And it's really hard to do that to Python in any significant way. You can scramble all the local variable names and introduce a bunch of redundant code that doesn't do anything significant. But it takes **really good** whole program analysis to tell what global names and attribute names are safe to scramble, because they can all be accessed dynamically and non-locally using runtime strings, rather than identifiers visible in the code. Most programs don't do very much of that, but it's nearly impossible to *prove* by static analysis that a given name cannot ever be accessed that way. – Ben Apr 13 '23 at 09:41
5

I wouldn't go the obfuscating approach if I were you and rather investigate alternative ways to ship executable binary files instead of (byte)-code.

Tools that are known to me (there are probably a few others):

I don't know how hack-proof any of those tools are, but I think it's worth taking a look.

Edit: Damnit, missed the Python 3 part. It's a little hard to help because you don't write anything about the product itself (OS, GUI, etc). If it can be also Python 2 code but you have written all your code in Python 3 already, I suggest 3to2.

Fabian
  • 4,160
  • 20
  • 32
  • The page you give for py2c shows no evidence that I can find of the project actually existing and working, and to the best of my knowledge a *fully general* Python-to-C converter **can't** exist in any menaingful sense. I believe all the others just bundle up a Python interpreter with Python bytecode in a single executable file, which would be only marginally more of a hurdle to recovering the source code than just shipping the .pyc files. – Ben Nov 10 '11 at 11:23
3

I'd recommend using pyarmor. It converts code to binary form. Only drawback would be, you need to obfuscate code for every OS separately.

mamur
  • 371
  • 4
  • 19
  • 1
    Its also commercial, its free licence, cant be used in a commercial app, and is very limitted. – Hossein Jul 19 '20 at 09:24
1

Pyminifier is a Python code minifier, obfuscator, and compressor.

This tool works on Python 3

Update: This project has been discontinued.

gecco
  • 17,969
  • 11
  • 51
  • 68
1

There is no way to obfuscate Python code in any useful manner, and no reason why you would want to. You seem to want to obfuscate the code to protect it. That is completely pointless, as you can instead ship only the .pyc files, meaning you don't ship the source code at all. Not that shipping only .pyc files will help you, as there are uncompilers for .pyc-files.

If your program is reasonably simple and well-coded, creating executables with cx-freeze, py2exe et al, means that the .pyc files end up inside the executable file, and hence are marginally harder to find, and it's also less obvious that you use Python, so that might be help. But more importantly, it might make installation simpler for your users. They like that.

If you really want to obfuscate your code in a useful way, convert all of it to use Cython, which will create C-files you can compile. This will also speed up the program. Cython is however not fully Python compatible, so you will probably have to make changes.

And I know you don't want to hear this, but I'll say it for the benefit of others:

All of this is of course stupid and misguided. Open source is good for you. Really. You shouldn't protect your code, you should get as many eyes and hands on it as possible.

Trust me on this: Your main worry should be about getting more users, not less pirates. And you get more users by making your software better, not worse. And open source will help in that.

Lennart Regebro
  • 167,292
  • 41
  • 224
  • 251
  • 4
    I totally agree with everything you say... if your software targets open source community and/or private users. But this is not true for commercial applications distributed to a KNOWN customer base... – gecco Nov 17 '11 at 09:04
  • @gecco: Yes, it is just as true for commercial applications. I wrote the answer with commercial applications in mind. It's in fact *very true* for applications distributed to a known customer base, as you then know who has copies, so that you have a smaller set of who it could be that made copies in the first place, thereby making it easier to find the culprit. In any case, obfuscating the code will not help protect your application from pirates. – Lennart Regebro Nov 17 '11 at 10:39
  • [In biicode blog](http://blog.biicode.com/bii-internals-compiling-your-python-application-with-cython/) there is a tutorial in how to do it with Cython as @LennartRegebro suggested – hithwen May 13 '14 at 14:25
  • 1
    Open source is not such a good idea when the target market is China. – WestCoastProjects Oct 29 '19 at 14:43
  • This only applies in developed countries where 1.copy right is respected, 2.the judicial system is not corrupt. pretty much all the countries that do not meet these two creterion are hells for such idea! in these countries, you do your best to protect your intelectual property at all cost. – Hossein Jul 19 '20 at 09:33
  • Obfuscating the code doesn't stop people from running it. It's entirely useless for copyright protection. – Lennart Regebro Jul 20 '20 at 20:48
  • What if a I have a client that uses my software and I don't want him to know the internals? The sentence "and no reason why you would want to" is not very wise – 4lberto Apr 21 '21 at 09:37
  • @4lberto You can't stop them from knowing the internals. At some point the processor needs instructions. And if the processor can read the instructions, so can you. Even if it's compiled, you can decompile it. Even if it's encrypted, since the processor can decrypt it, you also can. – Lennart Regebro Apr 21 '21 at 13:57
0

The best way to hide your code is to not release it.

Advertise a service - you receive their data then return the processed data. Transmissions can be via the web, email, DHL, pigeon, telephone, graviton pulse, ...

Paddy3118
  • 4,704
  • 27
  • 38
  • I would admit to a sliding scale of practicality. Are you saying the trade-off between SAS and code security leads you to prefer not to go down the SAS route at this time? – Paddy3118 Nov 18 '11 at 07:01