How do I protect Python code? [closed]

Answer 1

Long story short:

1. Encrypt your source code
2. Write your own python module loader to decrypt your code when importing
3. Implement the module loader in C/C++
4. You can add more features to the module loader, for example anti-debugger, license control, hardware fingerprint binding, etc.

For more detail, look this answer.

If you are interested in the topic, this project will help you - pyprotect.

Answer 2

I was surprised in not seeing pyconcrete in any answer. Maybe because it's newer than the question?

It could be exactly what you need(ed).

Instead of obfuscating the code, it encrypts it and decrypts at load time.

From pypi page:

Protect python script work flow

• your_script.py import pyconcrete
• pyconcrete will hook import module
• when your script do import MODULE, pyconcrete import hook will try to find MODULE.pye first and then decrypt MODULE.pye via _pyconcrete.pyd and execute decrypted data (as .pyc content)
• encrypt & decrypt secret key record in _pyconcrete.pyd (like DLL or SO) the secret key would be hide in binary code, can’t see it directly in HEX view

Answer 3

Another attempt to make your code harder to steal is to use jython and then use java obfuscator.

This should work pretty well as jythonc translate python code to java and then java is compiled to bytecode. So ounce you obfuscate the classes it will be really hard to understand what is going on after decompilation, not to mention recovering the actual code.

The only problem with jython is that you can't use python modules written in c.

Answer 4

It is possible to have the py2exe byte-code in a crypted resource for a C launcher that loads and executes it in memory. Some ideas here and here.

Some have also thought of a self modifying program to make reverse engineering expensive.

You can also find tutorials for preventing debuggers, make the disassembler fail, set false debugger breakpoints and protect your code with checksums. Search for ["crypted code" execute "in memory"] for more links.

But as others already said, if your code is worth it, reverse engineers will succeed in the end.