Hide the python-script from user

Re: Hide the python-script from user

On Apr 6, 3:19 pm, hlubenow <hluben...@gmx. netwrote:Interesting - thanks

Re: Hide the python-script from user

ts-dev wrote:
Well, testing it, it doesn't seem to work very well ...

It seems, Python-code is rather difficult to obfuscate, probably because of
its clear syntax and indentations. Here's yet another approach:



H.

Re: Hide the python-script from user

hlubenow wrote:
http://pythonhacker.is-a-geek.net/my...e-0.1.zip/viewThat didn't work very well either :(.

Ok, but now I can offer a real secure solution:

You can have real encryption in Python using this modules:




and



Below I post a code-example that I've written some time ago. With it,
encrypting text is rather easy.

Then you have to program a start-script, that reads in your script and the
decryption-key. The decryption-key must be encrypted too. Such a encrypted
key can be generated by the modules if you don't pass a password to my
function "doEncrypt( ). The decryption-key must then be hidden somewhere
within the encrypted program-script. That's because, if the user knows
where to find the key, he can decrypt the program-script.

If your start-script is written, everything should work automatically, one
shouldn't nearly notice the decryption-process.

Ok, here's my example code, how to encrypt and decrypt some text with the
modules:

----------------------------------------------------------------------------

#!/usr/bin/env python

import os
import sys
import base64

from yawPyCrypto.Cip her import DecryptCipher, EncryptCipher
from yawPyCrypto.Cip her import ZipDecryptCiphe r, ZipEncryptCiphe r
from yawPyCrypto.Con stants import CIPHER_BLOWFISH , MODE_CBC


def doEncrypt(text, passw = None):

e = EncryptCipher(p assw, CIPHER_BLOWFISH , MODE_CBC)
e.feed(text)
e.finish()
encryptedtext = e.data

if passw != None:
passwr = passw
else:
passwr = e.password

a = (encryptedtext, passwr)
return a


def doDecrypt(encry ptedtext, passw):
d = DecryptCipher(p assw)
d.feed(encrypte dtext)
d.finish()
decoded = (d.data)
return decoded


# Calling the encryption routine.
# If you just pass the text to encrypt, a password is generated:

a = doEncrypt("For your eyes only !", "Melina")


# Just trying to clean the screen:

if sys.platform == "win32":
os.system("cls" )
else:
os.system("clea r")

print
print "Hello !"
print
print "I just encrypted some text. It looks like this now:"
print

print base64.b64encod e(a[0])

print
print 'Please notice, that I just encoded the text once more using
"base64.b64enco de()" to make it printable.'
print
print "The password for decryption is: "
print
print base64.b64encod e(a[1])
print
print "Let's decrypt again (the original password must be passed without
b64encoding):"
print
print doDecrypt(a[0], a[1])
print

----------------------------------------------------------------------------

See you

H.

Re: Hide the python-script from user

On Sat, 07 Apr 2007 00:19:20 +0200, hlubenow wrote:

Wearing my developer hat, I can tell you that there's nothing I love more
than getting error reports from my users that look like this:

Traceback (most recent call last):
File "myapp.py", line 36, in ?
print i1I1Iiii1111 ( )
File "myapp.py", line 33, in i1I1Iiii1111
return IiiIII111iI ( )
File "myapp.py", line 24, in IiiIII111iI
O0oo0OO0 = IiII + I1i1iiI1 ( iI1Ii11111iIi ) + i1i1II [ 2 ] - Oo ( )
File "myapp.py", line 18, in Oo
raise iI1 ( "a problem happened" )
__main__.iI1: a problem happened


I love a challenge!



--
Steven.

Re: Hide the python-script from user

hlubenow wrote:
http://pythonhacker.is-a-geek.net/my...e-0.1.zip/view----------------------------------------------------------------------------"base64.b64enco de()" to make it printable.'b64encoding):"----------------------------------------------------------------------------This still has a problem: The start-script has to know how to decrypt the
main-script and the start-script is visible, so the user can see how it
does it.
Perhaps one could obfuscate the start-script or write a C extension, that
does decrypting instead of the start-script.
This is getting rather complicated ...

H.

Re: Hide the python-script from user

hlubenow <hlubenow2@gmx. netwrites:
Nope.

[snip]
That is to say, for the user to be able to run your program, they must
have the key. They don't have to know they have the key, but they
have to have it. This isn't really secure, it's just obscure. It
depends on the user not finding the key, and on no one telling them
where it is. A determined and technically savvy user will surely find
the key (not least by debugging the start-script).

Basically, this doesn't work for the same reason that DRM doesn't
work.

--
+-----------------------------------------------------------+
| Jason F. McBrayer jmcbray@carcosa .net |
| If someone conquers a thousand times a thousand others in |
| battle, and someone else conquers himself, the latter one |
| is the greatest of all conquerors. --- The Dhammapada |

Re: Hide the python-script from user

jmcbray-usenet@carcosa. net (Jason F. McBrayer) writes:
.... and then write a patch that disables the key, and distribute that to
a few million of his not so determined or savvy friends.
That reason being, it only needs to be cracked once. The odds are heavily
stacked in the crackers' favor.

sherm--

--
Web Hosting by West Virginians, for West Virginians: http://wv-www.net
Cocoa programming in Perl: http://camelbones.sourceforge.net