Python Application Obfuscate And Licensing
Hi everyone, In this blog “ I am going to explain about the python obfuscate and also licensing the python application”.First, we look that the python obfuscates then we go for valid Licensing the application for a certain period or permanent which is code by me.
In python, there is a couple of both obfuscate and licensing libraries, I will explain will free methods.
Paid Service
- Pyarmor -both obfuscates and licensing
- cryptolen — both obfuscate and licensing
Now we let start the free methods for obfuscate.
- SourceDefender -It is a python library and contains obfuscate and also we set the file lifetime period, The lifetime period is not mostly viable for the product, but the obfuscate is very good, and also we can use it in Windows, Mac, and Ubuntu system. This python library is converted to .so for ubuntu and .pyd for windows so we can’t modify this library. I recommend this source defended.
OS Supported: It is a python library so we do not want to compile, just install pip install sourcedefender, Windows(Tested), Ubuntu(Tested),Mac
Obfuscate: Very good
Licensing: This is not viable in my point of view.
Disadvantage: Initialise Loading Time is Slow Because it decrypts the file when we run the file and don't worry it won't save the __pycache__ .pyc file. If the file is not running continuous or non-live means it is not viable due to slow loading.
Recommendation: I definitely recommend, if you want to file to work on all the os system and also if the file lives like Server-based application.
- Shared Object(.so)-There are some couple methods to convert the python file into .so file, I recommend using cython to convert it to the shared object. It is fast compared to the old python file and also you can mimic the logic of python to pure cython code(.pyx) so that the execution time is very much faster compare to python convert .so file and it’s like a module so we can easily import in python or language.
Os supported: Linux, Ubuntu, Android
Obfuscate: Actual it is converting the file to Dynamic link shared file like dll in windows. So it very difficult to retrieve back or as per my knowledge, there is no solution outside the internet.
Licensing: NIL
Disadvantage: When we compiling, In some situations, we can get some error, but it is solvable.
Recommendation: I recommend, If the application is only for the Linux system and also if you want the application to execute much faster.
- Python Extension Module(PYD): It is similar to shared object.so or dll file, which works only in the windows system. Other then it is similar to .so
Os supported: Windows
Obfuscate: Similar to Shared Object
Licensing: NIL
Disadvantage: The compilation process will be difficult for some people and if you import in vscode it will suggest the function name which is make it vulnerable and if an error is thrown, it will be displayed. but, In the above sourcedefender that these cases.
Recommend: I recommend, If the application is only for the Window system and also if you want the application to execute much faster.
- Nuitka: It is a huge library, It has so many features, I also have to read this library much more about it. Above .so and .pyd compilation is like a module, So it cant invoke itself, and also you have to install required Python library if you imported in python file which before conversion file. But In this Nuitka there is a standalone feature that converts the application into the standalone application which means if you have given this application to the client, the client does not want to install the required python library and also python. So you can directly start the application without any installation.
OS Supported: Individual we have to compile to support Windows, Ubuntu or Linux, Mac
Obfuscate: It is difficult to decompile as a readable format.
Licensing: NIL
Disadvantage: The compilation process is very difficult and also handling error is difficult, if the library does not support for other libraries or plugins.
Recommend: I recommend to go and check it if want more feature.
There are other libraries for windows like pyinstaller, py2exe they are not obfuscated, but it difficult to decompile the file.
Licensing Application and Add Expiry Date:
I have created this Licensing Application and I explain this to briefly.
First I used RSA Key for encryption using pycrptodemo python library then, I created a license file that is embedded with license detail with my own format and I encrypted the license detail and save it as license.bin file. Then I add the license file reading code in an application python file source code which main invokes the function and also I added check_time function which will check the client system time and send it to your server which will verify the exact time, So if the client system time is not the valid time it will stop the application and also if the license DateTime is over it stops the application. After the application python file modification, convert the python file into .so or .pyd or sourcedefender encrypted file.that’s it then give the encrypted python file license and private key to the client.
Please transfer encrypted data between the client and server to check the Timing of the system otherwise, people can mimic the server request format and hack the license expire date.
Note: With non-encrypted python, the license is useless because they can modify it, and also In the example code I used my own license format string for an example. So please change the license format otherwise if other people see this format in this blog, there is a possibility to be get hacked and also dont give the passphrase password to any client.
That’s it, Thanks and Please give a clap if you like it.
Note: I planned to release the code, but due to security purposes I am not releasing the code, so make use of the above content.
Update: After converting the python code to .pye or .so etc., please check the Obfuscate code with python inspect library using getmember and getsource and also avoid using global variable and global import which can be accessed using getmember using inspect library even though code is obfuscated, So please go with oops concept and also import inside the __init__ function like
dont do like below # obfuscated code
import os - easily accessable
variable = 'string' -easily accessabledef function(): - not accessable
print(variable)
os.system(...)use oops concept # obfuscated codeclass Module: - not accesable
def __init__(self): -not accessable
import os - not accessble
self.__os = os - not accessable
self.__variable = 'string' - not accessable
def function(self): - not accessable
print(self.__variable) - not accessable
self.__os.system(...) - not accessableThis code class mod cant be accessed using inspect library,If you obfuscated the code, otherwise it will accessiable in normal function or also in oops concept.
