Python source code protection from read

Is this for a commercial project? How imperative is it that either the source or the binary are encrypted? What are you concerned about protecting against? IP theft/cloning? Vulnerabilities? Something else?

There are commercial products like IAR Embedded Trust that provide application encryption and other security measures. And other services that encrypt binaries. Of course, those aren't FOSS..

brotherjoons•1/18/24, 7:01 AM

Thanks @techielew . As additional info on the context of the use case. The Python code runs on a RasPi to provide entertainment. The RasPi is integrated to another machine that is a wellness product. The purpose of the encryption is for IP protection (against copying or cloning)

brotherjoons•1/18/24, 7:06 AM

For ease of use and quick deployments, I am inclined to avail myself of paid tools such as Sourcedefender and Secupy. Minimal changes would be done to the existing code and there would be no noticeable effect or non at all on performance (as they advertise).

For obfuscating the source codes using free tools, I am inclined to use Cython. Here the Python files are converted to C and compiled into machine code, which cannot easily be reversed and should be enough to thwart undetermined attempters. However, this would involve a cycle of testing/retesting to ensure that there are no regressions on functionality or bad effects on the performance.

I would like to seek the community's inputs on the best practices how to approach this. Thanks.

techielewOP•1/18/24, 7:11 AM

Yeah interesting question. Let’s hear what the @Software Integration members have to say. Hopefully they can find their way into the thread but if not I’ll pop it out into a forum post.

brotherjoons•1/18/24, 7:12 AM

Thanks @techielew

nour_oud•1/18/24, 10:22 AM

@brotherjoons I think the best tools are:
pyconcrete: It works by compiling Python scripts into bytecode and then encrypting the bytecode. The decryption happens at runtime.
codeclose: It renames variable and function names to make the code less readable.
sourcedefender: It works by encrypting the source code and then decrypting it at runtime.

But you should know that the effectiveness of such tools depends on the level of security you need. Keep in mind that no solution is entirely foolproof.

And about the best practices, you need :

Regular Updates

Thoroughly test obfuscated code to make sure it works as expected.

Always keep a secure copy of the original code. In case there are issues or if you need to update the code.

nour_oud•1/18/24, 10:28 AM

Balancing security with usability and performance is key, and regular reviews of your protection strategies can help ensure the ongoing effectiveness of your IP protection measures.

brotherjoons•1/18/24, 12:25 PM

Thanks for the insights @nour_huda

techielewOP•1/19/24, 6:57 AM

@tahenan, @Marvee Amasi not sure if you have any insights or experience in this domain but though i'd flag this..