I have created one python file recently and then I added login system in it with date validation.
I obfuscate it by using pyarmor pyarmor obfuscate foo.py and given to my paid users.
They run my file and they got one foo.pyc file and then they opened it and they got my all code in binary digits but they can bypass my login system and they can use my file for lifetime. What can I do to hide my python file and foo.pyc? If i will use pyarmor pack foo.py it will converted into .exe file so they can get my source code? they will get .pyc file?
When I try to convert obfuscated python file to exe using pyarmor it shows an error DO NOT pack the obfuscated script, please pack the original script directly if I will try to obfuscate original file directly it will come in decrypted pattern or encrypted pattern?
Use pyarmor pack foo.py but I am not sure that they can wether decrypt or not.
Related
You know that a python file converted to an exe file can be deciphered and its codes can be displayed.
What is the way to prevent this decryption event? I don't want to people see the codes.
You can use Nuitka to convert .py file into a C-based standalone executable. Then, pass a resulting .exe file through VMProtect to obfuscate the binaries.
For example, I have a Python file like this:
print("Hello World")
Now I am converting it to an .exe file using pyinstaller.
But I found a method to convert it back:
Use pyinstxtractor.py:
python pyinstxtractor.py yourFileName.exe
This will extract .exe and create a folder named yourFileName.exe_extracted.
Inside the yourFileName.exe_extracted folder, find the file without
any extension.
Edit it with HxD editor and from any pycache file created with the
same version of Python, copy the first row and insert it into your
file.
Save and Rename the file with .pyc extension.
Decompile the compiled bytecode (.pyc) to .py using any online tool,
like https://www.toolnb.com/tools-lang-en/pyc.html
Is there any way to prevent converting the .exe file converting back to his .py file?
Thanks.
You can use an obfuscation tool such as PyArmor and add at-least some level of code-protection to your original python script.
The official documentation of PyArmor has more info on this here https://pyarmor.readthedocs.io/en/latest/advanced.html#bundle-obfuscated-scripts-to-one-executable-file
What happens when you turn a python file into an executable? Does it get encrypted? What happens to the imported files? Can you revert it back into a normal .py file?
So I have this python file, let's call this main.py. I also have another file, let's call it scrambler.py. The scrambler.py is an encryptor/decryptor file. So, I imported it to main.py. Then I will turn it into an executable file. Now, we don't want people to see the enryptor/decryptor file. So, can people who doesn't have the source code get the source code of the imported file? Because, from searching, I saw that some people can get the source code of the main code using pyinstxtractor.py. I haven't tried it yet, but can you also get the source code of the imported file? (also do comments get included? I mean they are useless to the program). So that's why, the ultimate question: What happens when you turn a python file into an executable?
The file that I use to turn a python file into an .exe is Pyinstaller and is it different for every converter?
I hope this is a valid question. Thanks in advance.
Pyinstaller essentially bundles a python interpreter along with your python code in a folder. This folder can be put into an installer (using something like inno setup) to be distributed so end users can use it like a normal exe program. It doesn't compile to another language or anything. So no, your code is not private and while you can make it difficult to find certain bits, it is not impossible.
As described here, it is possible to convert to C and to machine code, but pyinstaller won't do that by default for you. Also note that the python bytecode files, while not legible, are not completely uncrackable.
See: https://pyinstaller.readthedocs.io/en/stable/operating-mode.html
See here for more about the encryption option: PyInstaller Encryption --key
I converted my .py file into an executable program and after trying to run it I got a virus alert from Avast that says that the program is infected with Win32:Malware-gen.
The program works well when I disable Avast but that will not work in the long run.
Also when I try to email the program through Gmail it blocks the attachment with another virus warning.
The program is a simple python database made with tkinter.
Here is the code I used to convert it:
pyinstaller --onefile --windowed
Is there another code that I can use to convert it that would work better?
Why do I get the alert?
Thank you
This is a known issues and could be various reasons which makes your Virus Program think this is a virus.Check this out: https://github.com/pyinstaller/pyinstaller/issues/603
For now, your only other option would be to try out other converters like py2exe.
Each have their own pros and cons, you can refer: https://docs.python-guide.org/shipping/freezing/ for a beautiful comparison of them all.
Use the jar method
Basically, instead of converting your .py file(s) into an exe file, you instead convert it into a jar file.
Follow this answer:
https://stackoverflow.com/a/1255113/7123519
or
https://wiki.python.org/jython/JythonFaq/DistributingJythonScripts
I understand how we can package an .exe by pointing PyInstaller to a file. Such like:
c:\Python25\python c:\Users\Mike\Desktop\pyinstaller-1.4\Makespec.py -F -w sampleApp.py
However is there a way to create an .exe with only a string [and not a file]? Such as:
string="""
print "Hello world"
"""
buildApplication(string) #Function Does not exist
To the best of my knowledge, I am afraid you won't be able to work around the need to create a temporary file with any of the existing standalone executable creation tools (py2exe, PyInstaller and cxFreeze).
What I see as the most viable solution is a bit of security through obscurity, combining the following two techniques:
Create a byte-code compiled file (.pyc) directly, instead of the plaintext .py file, from the generated code string, using the __builtin__.compile function (you can find on the source code of the py_compile module how to achieve this. A byte-compiled file will be significantly less useful to prying eyes than the source file.
A temporary file with an obscure name and location created using the tempfile module. This file will be relatively short lived, but obviously, a sufficiently determined user will be able to find it and copy it while it existes to be consumed by the executable creation tool.