Avoid reading .py files

Question

Avoid reading .py files

Navigation

#1 by (1 votes)
#2 by (0 votes)
#3 by (0 votes)

0

In the company we are developing a project with python using a raspberry. The program is already done and it is intended to market the service that makes the code so we require that you can not read or edit the file. It starts automatically through a crontab. My question is: Can you make a code in python or some command in the Linux shell to prevent it from being seen / edited?

python python-2.7 raspberry-pi raspbian

asked by Juan Trinidad Mayo 14.03.2018 в 22:59

source

3 answers

Problem when migrating tables with Laravel (Foreign key constraint is incorrectly formed) Error = tuple index out of range ... problem with postgresql and python

score 1 · Answer 1

As the task is in crontab, I guess it is running root, the normal thing so that nobody can modify that file is that you put the owner as root and that only he has permissions on the file

chown root:root tuprograma.py
chmod 700 tuprograma.py

In this way, only root will be able to use this file.

score 0 · Answer 2

Changing the permissions as indicated by Sergio would be enough if you do not have physical access to the RPi (it would be enough to read the memory card from another computer with root access to access your code).

You will need to obfuscate the code so that no one can read / edit it.

Unfortunately, Python is not the ideal language to obfuscate the code, since its philosophy is that everything is an open source code.

You could try to precompile all the code in bytecode, delete the .py and distribute the .pyc. To precompile the code, you can use:

python -m compileall .

Even so, it would not be complicated to decompile the code, but it is one more barrier.

A more effective solution may be to use Cython to convert the Python code to C and then compile it with gcc, and thus create dynamic libraries that can be used as importable modules. Take a look at your documentation .

score 0 · Answer 3

The answer to your question depends on several factors:

Do you have access to the machine where the software will run, and your client does not have root rights instead? In that case it may be sufficient to remove the read permissions of the file to all the users except the one who will execute the script (typically root), which is what you have been proposed in other answers.
Do you have to provide the program to the client and he will install it? In that case you can not avoid reading it, but there are several mechanisms that I will detail later so that what you read does not make sense for him.
What level of knowledge does your client have? If your level is very basic, the solution can be as simple as supplying a .pyc or .pyo instead of a .py . These are "compiled" versions in which the source code lines have been converted to bytecodes. If you try to open that file with an editor you will not see the source, but a chaos of symbols (among which you can occasionally read the strings used by your program). However, there are tools to get source code again from .pyc . You will not get your original code (comments do not appear, some names will be changed), but in general what you get is quite readable.
Is your client legal? In that case the simplest solution (and the one that is really used in the Open Source world) is not to worry about being able to read the source, but to include with the program a license that clearly states what you can do with it. If the license prohibits you from modifying or copying it, or using it for other purposes, the client should comply with the terms of the license (otherwise it would be a crime).

If you do not trust that the client is legal and you want to avoid accessing the source, you can try one of the following solutions:

Obfuscate the code. That is, rename functions, variables, etc. so that their names have no meaning. Although you can continue reading the code, it will be very difficult to understand what it does, and therefore you can copy it and use it in another project. The pyminifier tool can do this. In the end, once passed through this tool, your program can look like this:
```
import zlib, base64

exec(zlib.decompress(base64.b64decode('eJx1kcFOwzAMhu95ClMO66apu0/KAQEbE5eJC+IUpa27haVJ5Ljb+vakLYJx4JAoiT/7/+3c3626SKvSuBW6M4Sej96Jq9y1wRM/E3kSexnIOBZObrSNKI7Sl59YsWDq1wLMiEKNrenoYCqB1woDwzXF9nn2rskZd1jDh+9mhOD8DVvAQ8WdtrZfwg74aNwp7ZpnMXHUaltk878ybR/ZNKbSjP8JPWk6wdn72ntodQ8lQucIrdGlxaHgq3QgKqtjhCY/zlN6jQ0oZZxhpfKItlkuNB3icrE4XYbDwEBICRP6NjG1rri3YyzK356CtsGwZuNd/o0kYitvrBd18qgmj3kcwoTckYPtJPAyCVzSKPCMNErs85+rMINdp1tUSspMqVYbp1Q2DWKTJpcGURRDr9DIJs8wJFlKq+qzZRaQ4lAnVRuJgjFynj36Ol7SX/iQXr8ANfezCw==')))
```
Be clear, however, that if you propose it and you have the necessary technical skills, you can obtain, if not your original code, something similar enough to be useful to you.
Use cryptography to encode the executable. The problem with cryptography is that in order to execute it you have to decrypt it again, so the decryption key has to be part of some form of the "executable".

The pyconcrete tool offers an ingenious solution. You give it a key (or allow it to generate one randomly), and he creates an encrypted version of your code, plus a specific executable to be able to run that encrypted version. You provide the client with both. The decryption key is hidden in the executable with advanced techniques. But as in the previous case, a hacker that proposes it may find it, as has been demonstrated on countless occasions with all the DRM methods that have been invented.

Ultimately, the safest way is to force it "by law", by means of the license, because although you will not avoid that if the client proposes to you, he can access the source, at least you can take legal action against him if make. You can combine all the previous mechanisms, including the legal ones: -)