Yes I know this topic is quite pale and weak - personally i believe for most python users, the major problem is to find more users rather than less pirates. And generally you will get more and more users by making your product much better, not worse, and apparently the open source community can help with that big time. But for some particular situation - such as what we have right now with current customer and potential teammates/competitors, we have the need to protect our source code in an aggressive manner so that it can take the pirates relatively some large effort to achieve their goal, and hoping that it is large enough to stop them from trying.
1.Options
Obfuscation
The general idea is to remove any comments, and obfuscate the class names, method names, globals or even local variables in the code to make it less readable to human.
Binarization
With proper 3rd party tools or libraries and support functions, a python application, in theory, can be embedded in another application such as a c++/c application or java application.
Details in https://docs.python.org/2/extending/embedding.html
Encryption
Ideally, since python is an interpreted language, we can encrypt the whole project or at least all the source codes with a proper cipher to prevent others from getting access to the codes from the wheel package.
pyo or pyc files
Since pyo or pyc files can be easily uncompiled with maybe just one line command, it is not so meaningful here.
2.Candidates and Decision
I personally found and tried below tools/apps from the internet that i can have access to
pyminifier
https://pypi.org/project/pyminifier/
http://liftoff.github.io/pyminifier/
opy
https://pypi.org/project/Opy/
https://github.com/QQuick/Opy
pyobfuscate
https://github.com/astrand/pyobfuscate
Nuitka
https://www.nuitka.net/pages/overview.html
pyarmor
https://pypi.org/project/pyarmor/
https://pyarmor.readthedocs.io/en/latest/index.html
The results by far are:
pyminifier, opy and pyobfuscate are 3 traditional obfuscation tool that cannot support such a complex project that we have here, they cannot deal with external references, constants and comments so well, and output results cannot even be started with our project codes
Nuitka is a tool based on c++/c and is able to build python application into an executable and it supports both Windows and Linux platforms or Mac OS, thinking about the wider dependencies it ll bring in i just passed it for now and jump to the encryption methods with pyarmor
pyarmor is a command line tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts. It protects Python scripts by the following ways:
Obfuscate code object to protect constants and literal strings.
Obfuscate co_code of each function (code object) in runtime.
Clear f_locals of frame as soon as code object completed execution.
Verify the license file of obfuscated scripts while running it.
3.Procedures
- In the virtual env, pip install pyarmor
- Go to your project’s root folder and run
pyarmor obfuscate --recursive ./__init__.py
if lucky it ll transform all the py files without any error
- Add the _pytransform.so, pytransform.key and pytransform.py files into the manifest
- Build and package your project files into a tar or whl file for releasing
4.Outcome
All the original py files will be now wrapped by the pyarmor function and they will not be human-readable again
5.Miscellaneous
Tried and verified the progress under 64-bit ubuntu 18.04 LTS and everything worked as expected, source files encrypted and can be run and started fine
If working under Windows 10, and there are some un-ANSI formatted files in your source code, you might need something like this to scan the whole directory of your project and convert everything into ANSI format at one click. Or there will be format issue when you try to run the project.
https://www.nuitka.net/pages/download.html
https://pypi.org/project/Opy/
https://github.com/QQuick/Opy
https://pypi.org/project/pyminifier/
http://liftoff.github.io/pyminifier/
https://pypi.org/project/pyarmor/
https://pyarmor.readthedocs.io/en/latest/index.html
https://github.com/dashingsoft/pyarmor