How to

Safeguard Your Python Scripts Against Reverse Engineering With Pyarmor

#image_title

Python is highly readable and has widespread usage. While this readability encourages collaboration, it increases the risk of unauthorized access and misuse. Your competitors or malicious actors can replicate your algorithms and proprietary logic without proper safeguards. This will negatively affect your software’s integrity and your users’ trust.


Implementing robust security measures, such as obfuscation and license verification, fortifies your software against potential threats. Safeguarding Python scripts is not just a practice; it is a critical strategy to ensure the confidentiality of your innovations and maintain the trust of your users in the digital landscape.


Understanding Pyarmor

Pyarmor is a command line library. It helps protect and obfuscate Python scripts and packages. It transforms the original Python code into a form that is harder to understand while maintaining its functionality. The obfuscation process renames variables, functions, and classes to non-descriptive names. It also removes comments and restructures the code. This makes the code difficult to reverse-engineer, tamper with, or copy.

Pyarmor can secure individual Python scripts, and entire packages and even add license verification to your code.

Installing the Pyarmor Library

Pyarmor is listed on the Python Package Index (PyPI). Use pip to install it by running the following command:

 pip install pyarmor

It is not a must for you to install Pyarmor in the same directory that hosts your project. You can install it anywhere on your computer and be able to secure any Python scripts from any directory.

However, if you want to run the secured scripts without having to install Pyarmor on the target machine, you need to install it in the same directory that hosts your project. This is because the secured scripts will contain references to the Pyarmor runtime, which will need to be present in order to run the scripts.

Securing Individual Python Scripts

Securing individual scripts using Pyarmor is simple. The following script that adds two numbers will serve as an example.

 def add_numbers(num1, num2):
   result = num1 + num2
   print("The sum of {} and {} is: {}".format(num1, num2, result))

num1 = float(input("Enter the first number: "))
num2 = float(input("Enter the second number: "))
add_numbers(num1, num2)

Use the command line to navigate to the directory in which you have installed Pyarmor. Then run the following command to encrypt and obfuscate your script. Replace main.py with the name of your script.

 pyarmor gen --output dist main.py

After running the command, Pyarmor creates a new folder named dist. Inside it resides your secured script.

Output showing a new folder created by PyArmor on an IDE

Open the secured script to see its contents.

Contents of an encrypted script with PyArmor

The above screenshot shows the output after Pyarmor obfuscates and encrypts the simple addition script. You now can’t tell what the script does by just looking at it.

To run the secured script, open your terminal or command prompt and navigate to the location that contains the dist directory. Then use the following command to run the script:

 python dist/main.py

Replace main.py with your script’s name. The script should run as it would without obfuscation. Test it thoroughly to make sure all the functions are working as you expect.

Safeguarding Entire Python Packages

Packages can contain a few modules or hundreds of modules depending on their purpose. Safeguarding each module separately can be tiresome. Luckily, Pyarmor has the ability to secure an entire package without you having to specify each module separately.

Assume you have a simple Python package named sample_package with the following structure:

 sample_package/
|-- __init__.py
|-- module1.py
|-- module2.py

You can create as many modules as you would like.

To encrypt and obfuscate the package, open the terminal or command prompt and navigate to the directory in which your package resides. Then run the following command:

 pyarmor gen -O dist -r -i sample_package

Replace sample_package with the name of your package. This command will encrypt and obfuscate your package directory and save the protected output to the dist directory. Use the protected package as you would for any other Python package.

For example. To use the above sample package, create a new script inside the dist directory:

 from my_package import module1, module2
module1.say_hello()
module2.do_something()

When you run the code, the package should function as it would before securing it.

Controlling Access to Your Script

You may want to limit the time a user runs your script. For example during the trial period.

To limit the amount of time that the script runs, use the following command when obfuscating your script.

 pyarmor gen -O dist -e 30 main.py

Replace 30 with the number of days you would like the script to be active. You can also replace it with an exact date. After the days are over the script will expire.

You can test this functionality by setting a past date. This should make running the script throw an error. Use the following command to obfuscate the script with an expired date:

 pyarmor gen -O dist -e 2022-01-01 main.py

Then run the secured script.

PyArmor license key expired error

The error shows that the license key is expired hence the script cannot run.

Balancing Security and Efficiency

While Pyarmor offers robust obfuscation mechanisms to enhance the security of your code, it is important to balance between security measures and maintaining the efficiency and performance of your software. You can achieve this by:

  • Evaluating the need for obfuscation: If your software involves proprietary algorithms, sensitive data, or unique business logic, obfuscation is highly beneficial. However, for open-source scripts with minimal intellectual property concerns, the trade-off between security and performance leans more toward efficiency.
  • Assessing performance impact: Obfuscation introduces additional runtime overhead due to the extra operations and transformations applied to the code. This impact is negligible for small scripts but becomes more noticeable for larger projects. You should carefully assess the performance implications of obfuscation and conduct testing to ensure that your software remains responsive and efficient.
  • Conducting regular updates and maintenance: Regularly update your obfuscated code, licenses, and security mechanisms to stay ahead of potential vulnerabilities. Balance this with the need to minimize disruptions for your users.

Can Someone Crack the Obfuscated Code?

Software cracking refers to the act of removing the copy protection or licensing mechanisms of a software application. In order to gain unauthorized access to its full functionality without paying for it. It is important to note that obfuscating your software does not completely protect it from crackers.

With enough determination and resources the obfuscated code can be cracked. This is the reason you should aim at conducting regular updates and maintenance to patch any suspected loopholes.

Leave a Reply

Your email address will not be published. Required fields are marked *