not-kennethreitz/convore.json
1
0
Fork 0
mirror of https://github.com/not-kennethreitz/convore.json.git synced 2026-06-05 23:20:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
convore.json/groups/python/obfuscation-of-python-code/messages.json
T
Kenneth Reitz add958b068 shuffle things around a bit
2012-02-21 01:15:00 -05:00

1 line
9.5 KiB
JSON
Raw Permalink Blame History

[{"user_id": 12963, "stars": [], "topic_id": 41443, "date_created": 1310112901.2489281, "message": "What obfuscation options are there for making it difficult for average competency developers to easily reverse-engineer commercially sensitive algorithms written in Python code? Is the only realistic option to not write them in Python code?", "group_id": 292, "id": 1591105}, {"user_id": 12963, "stars": [], "topic_id": 41443, "date_created": 1310114600.5153661, "message": "Am thinking the only real solution is to not use Python on the client and limit its use to server-side code. Seems commercially sensitive client-side code is not really a Python use-case.", "group_id": 292, "id": 1591196}, {"user_id": 2810, "stars": [], "topic_id": 41443, "date_created": 1310115495.185627, "message": "Thought about exporting your compiled files without the source code?", "group_id": 292, "id": 1591238}, {"user_id": 257, "stars": [], "topic_id": 41443, "date_created": 1310116455.0606871, "message": "name me one obfuscation technique there isn't a detailed tutorial on how to reverse, or even an automatic tool to do it for you", "group_id": 292, "id": 1591294}, {"user_id": 257, "stars": [], "topic_id": 41443, "date_created": 1310115814.1807799, "message": "I don't see how 'compiled' languages are any harder to reverse engineer", "group_id": 292, "id": 1591261}, {"user_id": 257, "stars": [], "topic_id": 41443, "date_created": 1310115861.9014881, "message": "there are probably less tools available to read *.pyc files", "group_id": 292, "id": 1591265}, {"user_id": 257, "stars": [], "topic_id": 41443, "date_created": 1310116066.796598, "message": "can write the sensitive parts in C and write an extension module in Python... But reverse engineering is not terribly hard, obfuscation just makes it more of a challenge", "group_id": 292, "id": 1591273}, {"user_id": 257, "stars": [], "topic_id": 41443, "date_created": 1310116152.040009, "message": "name me one obfuscation technique there isn't a detailed tutorial on how to reverse, or even an automatic tool to do it for you", "group_id": 292, "id": 1591278}, {"user_id": 26925, "stars": [], "topic_id": 41443, "date_created": 1310124729.5760939, "message": "And I think you can use similar techniques for Python.", "group_id": 292, "id": 1591999}, {"user_id": 26925, "stars": [{"date_created": 1310362552.942941, "user_id": 5778}], "topic_id": 41443, "date_created": 1310124693.9546161, "message": "Stefan Esser has shown in 2008 how different PHP (bytecode-)encryptions work, how the original bytecode can be recovered, how vulnerability discovery can still be performed with only the bytecode available and how feasible PHP bytecode decompilation is. http://chaosradio.ccc.de/25c3_m4v_2678.html", "group_id": 292, "id": 1591995}, {"user_id": 35203, "stars": [], "topic_id": 41443, "date_created": 1310124789.382237, "message": "Sending as .pyc files is all I've ever seen, really. You might also try compiling your code as .pyo files, then diffing as text to see if there's much of a difference between the binaries.", "group_id": 292, "id": 1592009}, {"user_id": 26925, "stars": [], "topic_id": 41443, "date_created": 1310125331.0849209, "message": "There is a commercial product called ByteCoat, but I've never used it. Saw it at a conference in 2009. http://coremountains.com/products/bytecoat/", "group_id": 292, "id": 1592052}, {"user_id": 35203, "stars": [], "topic_id": 41443, "date_created": 1310125018.425879, "message": "You may be screwed if you're sending this to someone determined though.", "group_id": 292, "id": 1592034}, {"user_id": 13325, "stars": [{"date_created": 1310307486.7830851, "user_id": 1243}], "topic_id": 41443, "date_created": 1310129561.639998, "message": "Pretty sure I remember seeing Java reversed also. They all can be reversed. You should have a license, copyright, and trademarks to protect you. Any technical hurdle is only a small one for anyone determined to break it.", "group_id": 292, "id": 1592576}, {"user_id": 29716, "stars": [{"date_created": 1310168549.2802529, "user_id": 22109}, {"date_created": 1310362627.0969639, "user_id": 5778}], "topic_id": 41443, "date_created": 1310131862.0305409, "message": "Is your product (which includes your support, QA and overall responsiveness to customers' needs) so brittle as to require obfuscation to protect you from competition?", "group_id": 292, "id": 1592819}, {"user_id": 12963, "stars": [], "topic_id": 41443, "date_created": 1310164288.616977, "message": "@keimlink @rossir Thanks for actually answering the question! I was clear that it is intended to prevent code being ***easily*** reversed-engineered. The inevitable \"anything can be reversed\" responses (yawn) are so predictable.", "group_id": 292, "id": 1596502}, {"user_id": 12963, "stars": [], "topic_id": 41443, "date_created": 1310163830.8109181, "message": "@dogwynn rofl :)", "group_id": 292, "id": 1596473}, {"user_id": 20981, "stars": [], "topic_id": 41443, "date_created": 1310172836.9790239, "message": "Ship your code as .pyc or .pyo files. Problem solved. Dropbox does it with their flagship product. CCP does it with Eve Online. If they can have multi-million dollar businesses based on shipping Python bytecode, I don't think you have much to worry about.", "group_id": 292, "id": 1596913}, {"user_id": 1930, "stars": [], "topic_id": 41443, "date_created": 1310223671.375082, "message": "I don't know of any tool like that for python, although I imagine it would technically be feasable to produce such a source-level obfuscator.", "group_id": 292, "id": 1599099}, {"user_id": 8391, "stars": [], "topic_id": 41443, "date_created": 1310222967.384516, "message": "@jathanism: both of those companies obfuscate the code as well. \"Decompiling\" bytecode is extremely easy.", "group_id": 292, "id": 1599062}, {"user_id": 8391, "stars": [], "topic_id": 41443, "date_created": 1310223106.273047, "message": "Obfuscation is quite common practice in all corners of the industry. Most .NET applications you run are bytecode as well.", "group_id": 292, "id": 1599076}, {"user_id": 1930, "stars": [], "topic_id": 41443, "date_created": 1310223627.3636191, "message": "@kennethreitz - yes, but obfuscation is more than just compiling... gimpel software famously distributes a portable project / product of theirs in obfuscated source form (c code), with many compilation / loop optimizations, and other shrowdings applied at the source level. You don't need to de-compile that (and it does compile nicely) yet you can't really get the underlying algorithms, patterns, etc. - i.e. you can't usefully extend nor reuse it.", "group_id": 292, "id": 1599093}, {"user_id": 8391, "stars": [], "topic_id": 41443, "date_created": 1310230324.0160561, "message": "@yarkot of course, that's what I'm saying. All kinds of software is distributed as bytecode, and people protect their code with obfuscation all the time. It's not nearly as unique of a problem as people seem to think. There are many tools to do it with Python. Both Dropbox and EVE Online use obfuscation prior to bytecode compiling.", "group_id": 292, "id": 1599596}, {"user_id": 8391, "stars": [], "topic_id": 41443, "date_created": 1310230455.4879799, "message": "(nothing nearly as advanced as the gimpel example that I know of)", "group_id": 292, "id": 1599609}, {"user_id": 21520, "stars": [], "topic_id": 41443, "date_created": 1310256521.8649399, "message": "there is one tool that can be used for that : cython. The recipe is nearly as simple as : turn all your .py to .pyx and then use the cythonise function in your setup.py to build your app. You will only ship Python extension modules ... Making it more user friendly could be quiet easy.", "group_id": 292, "id": 1601608}, {"user_id": 34986, "stars": [{"date_created": 1310319817.362035, "user_id": 8391}, {"date_created": 1310362716.1714499, "user_id": 24931}], "topic_id": 41443, "date_created": 1310282127.8907671, "message": "pyc/pyo files can be converted to py files using http://sourceforge.net/projects/decompyle/", "group_id": 292, "id": 1603499}, {"user_id": 1930, "stars": [], "topic_id": 41443, "date_created": 1310317884.3120711, "message": "One would be variable and class names: If you could reliably mask all the names (sub-names) you use, you would be one big step to shrouding. For example, only using variable names that just conform to naming, and randomly assigning them in a [alpha][digit]+ format.", "group_id": 292, "id": 1605384}, {"user_id": 1930, "stars": [], "topic_id": 41443, "date_created": 1310317779.233417, "message": "@dpinte - that probably does something, but your code now requires static compiling per platforms, so depending on what your doing, that may not be useful. But, as @baijum points out, the interesting and original question is about shrouding at the source level, and I'd sort of like to get _back_ to that (rather than skirting, avoiding) since once you talk about what you can do at that level, all other \"back end\" things just add to it. The interesting discussion to have is \"what useful things can you apply at the source level to shroud python code?\"", "group_id": 292, "id": 1605370}, {"user_id": 1930, "stars": [], "topic_id": 41443, "date_created": 1310318662.527087, "message": "This also mentions C, Perl, Ruby, and php obfuscation contests, efforts: http://en.wikipedia.org/wiki/Obfuscated_code", "group_id": 292, "id": 1605439}, {"user_id": 1930, "stars": [], "topic_id": 41443, "date_created": 1310318183.375551, "message": "See for example some of the items discussed in the various resources at http://www.cs.arizona.edu/~collberg/Research/Obfuscation/", "group_id": 292, "id": 1605403}]
Reference in New Issue View Git Blame Copy Permalink