This article mainly introduces three encryption schemes for Python code deployment, including code obfuscation, code compilation, and code packaging, which have certain reference value. If you are interested, you can find out
foreword
Recently, we need to deploy a project with source code, so we explore ways to protect source code, which can be summarized into the following three categories from simple to complex:
- Code confusion: mainly to change some function names and variable names
- Code packaging: the idea is to package the Python code into an .exe executable file
- Code compilation: The idea is to compile the Python code into C, and then compile it into a dynamic link library file (.so for linux, .dll for windows)
1. Code obfuscation
Code obfuscation is mainly to change some function names and variable names. Oxyry can be used to obfuscate the key source code, the effect is as follows:
This kind of code only reduces the readability of the code, and it is not considered encryption in the strict sense, but it is enough to deal with more than half of Party A (hahaha)
2. Code packaging
You can use py2exe or Nuitka to package the code into an exe file, but it can only be run from the windows system, and it can also be packaged with pyinstaller, but it is easy to be broken. It does not meet my needs, so this method sets the flag first, and then wait until it is used.
3. Code Compilation
This is done using PyArmor . This tool can encrypt Python scripts, and can also expire, bind encrypted scripts to hardware devices such as hard disks and network cards (the trial version can be used for free).
Official Documentation: https://pyarmor.readthedocs.io
Installation: pip install pyarmor
Upgrade: pip install --upgrade pyarmor
View Version: pyarmor -v
Basic Syntax:pyarmor [command] [options]
3.1 Quick use of pyarmor
Code encryption : Execute pyarmor obfuscate server.py, it will server.py encrypt the py file in the same directory as the entry function into ./dist the folder (if the py file in the subdirectory is recursively encrypted, it can be executed pyarmor obfuscate --recursive server.py ). The code of the encryption backend looks like this:
For different operating systems, dynamic link library files in different formats will be compiled and generated:
The contents of the generated dist directory are as follows:
Run the script : cd to ./dist the folder and execute normally python server.py (it is used to run the encrypted script pytransform, but it does not need to be installed pyarmor ).
3.2 Advanced use of pyarmor
Set the expiration time: Execute the code pyarmor licenses --expired 2022-01-01 r001, and generate a licenses folder in the current directory of the same level as dist:
In addition, if you want to bind a mac address or a hard disk, you can execute pyarmor hdinfo to view hardware information, and then execute pyarmor licenses --bind-disk "xxxxxx" --bind-mac "xx:xx:xx:xx:xx:xx" r002 to generate a certificate.
After generating the certificate, bring the licenses and execute the encryption command: pyarmor obfuscate --with-license licenses/r001/license.lic server.py, after generating the dist, cd into it and execute again. If the time expires (or the hardware is wrong), an error will be reported (even if you delete the licenses folder at this time, it is useless).
This concludes this article on three encryption schemes for Python code deployment.
Click to get
50G+ learning video tutorials
100+Python elementary, intermediate and advanced e-books