I wanted to know that how much easy is to decompile python byte code. I have made an application in python whose source I want to be secure. I am using py2exe which basically relies on python compiled files.
Does that secure the code?
+2
A:
Compiling .pyc does not secure the code. They are easily read. See http://stackoverflow.com/questions/261638/how-do-i-protect-python-code
Ned Batchelder
2010-08-12 02:23:24
+4
A:
Depends on your definition of "fully" (in "fully decompile")...;-). You won't easily get back the original Python source -- but getting the bytecode is easy, and standard library module dis exists exactly to make bytecode easily readable (though it's still bytecode, not full Python source code;-).
Alex Martelli
2010-08-12 02:29:42
Well there are C++ decompilers too but they are just useless. They dont get the original source code but just some assembly level instructions. SO by full decompiable i mean which *actually* generate the *actual* source code.
Shubham
2010-08-12 02:34:04
You won't get the "actual source code". Comments will be gone. But variable names, method names, constants, strings, and all the logic that you apply to them, will be readable by someone interested enough.
Ned Batchelder
2010-08-12 02:39:07
@Shubham, yep, @Ned is right: Python bytecode is much closer to Python source, than assembly language is to the C++ source it was made from. Any Python expert worth his or her salt will be able to reconstruct the source's logic precisely from the bytecode, and without taking forever about it either (not that doing it from assembly code is that much harder -- look how long it takes for every new silly "copy protection" scheme for a game to be disassembled, understood and broken...;-).
Alex Martelli
2010-08-12 03:09:32
A:
If you search online you can find decompilers for Python bytecode: there's a free version for downloading but which only handles bytecode up to Python 2.3, and an online service which will decompile up to version 2.6.
There don't appear to be any decompilers yet for more recent versions of Python bytecode, but that's almost certainly just because nobody has felt the need to write one rather than any fundamental difficulty with the bytecode itself.
Some people have tried to protect Python bytecode by modifying the interpreter: there's no particular reason why you can't compile your own interpreter with the different values used for the bytecode: that will prevent simple examination of the code with import dis, but won't stand up long to any determined attack and it all costs money that code be better put into improving the program itself.
In short, if you want to protect your program then use the law to do it: use an appropriate software license and prosecute those who ignore it. Code is expensive to write, but the end result is rarely the valuable part of a software package: data is much more valuable.
Duncan
2010-08-12 08:14:41