Skip to content

Latest commit

 

History

History
82 lines (60 loc) · 3.37 KB

security_review_python_code_protector.md

File metadata and controls

82 lines (60 loc) · 3.37 KB

Python code protection via obfuscation or compilation

Top tools tested and reviewed.

TL;DR The winner

Winner by a wide margin is pyarmor

It is able to obfuscate large codebase with complex dependencies like scipy, gensim, cython, scikit-learn.
Supports latest python3 syntax and std library.
Runtime performance remains unaffected or not by a visible margin.
All project .py files contents unreadable:

__pyarmor__(__name__, __file__, b'\x50\x59\x41\x52\x4d\x4f\x52\x00\x00\........
Example usage with docker distribution

Build docker image with your source code been obfuscated during build.Assuming entry point to your microservice is the main.py

Dockerfile
FROM python:3

COPY . /code/

# protect source code with pyarmor
RUN pip3 install pyarmor==5.6.6 \
    && pyarmor obfuscate /code/main.py \
    && rm -rf /code/ && mv dist /code

# cleanup unused files
RUN cd /code && rm -rf Dockerfile *.pyc *.pyo *.pye *.md

Don't forget to quash docker layers to remove "deleted" files in intermediate layers (unobfuscated python sources, dockerfiles, .py etc)

docker build --squash .

Other cryptors tested

Weak obfuscators

Compile to protect and gain 2-10x runtime speedup

Because .pyc is not enough..

Python bytecode decompilers.

REFERENCE