pyobfuscate is a source code obfuscator: It makes Python source code
hard to read for humans, while still being executable for the Python
Obfuscation makes little sense for Open Source
(http://www.opensource.org/) programs, but vendors developing
commercial applications are usually not happy with shipping the
original source code to customers.
Several obfuscators for other languages, like Java, already
exists. With Python, the problem is even more severe than with Java,
because Python bytecode is not compatible between different Python
versions. Also, bytecode is very easy to "decompile" to source code by
using "decompyle": http://www.crazy-compilers.com/decompyle/.
If shipping original source code is the only option for distributing
Python applications, then many vendors might choose another
programming language instead.
What does pyobfuscate do?
pyobfuscate transforms the source code in several ways. Some of these
transformations are reversible (can be "un-obfuscated"); some are
not. Here's a list of what pyobfuscate currently does:
* Removes comments and docstrings (not reversible)
* Changes indentation (reversible)
* Adds whitespace between tokens (somewhat reversible)
* Renames functions, classes and variables (not reversible)
* Inserts bogus lines instead of blank lines.
pyobfuscate operates on one single source file at a time. It does not
obfuscate the interface between several files.
pyobfuscate cannot obfuscate methods, class variables or other
attributes, currently. See the TODO for more information.
I have an idea to make it even more evil:
Replace all constants with variables.
This means that you need to define the
variables with the constants above.
This should be as complicated as possible
and hidden within all of the 'if 1 - 1:' lines.
return x * 2
# start with a few lines of confusing many digit
# integers to set up some starting variables
if 100111001 - 10011001: i1II11 = 36
# true -> really set
if 1011001 - 1011001: o00O0o = "bu"
# false -> not set
if 10111101 - 1011101: i1II11 = 108
# false -> not reset - still 36
if 100111001 - 10011001: i1II11 = 18
# true -> really reset
# => this prevents anyone from doing
# a global replace of i1II11 with 36
# after you have a few variables to play
# with use them instead of integers
if i1II11 - oOO0ooOO: oo00 = i1II11 / ooOO00
# (assuming ooOOoOo == iiiIii11 and OOOooo00 == 2)
# eventually you get to:
def oooOOooOO (iiI11I1i):
if ooOOoOo - iiiIii11: return iiI11I1i * oo00
else: return iiIII11I1i * OOOooo00
# okay maybe the bogus return is overdoing it
Of course this is all interspersed with the classes
and functions above the one you are interested in.
This also has a major benefit of preventing anyone
from just deleting all of the 'if 27 - 27:' lines.
To make it even more evil include a few lists,
this enables you to change numbers using other
eg (assuming ii == 1 and oo = 0)
if ii - oo: II = [o0, i1]
if oo - ii: OO = II
if ii - oo: OO[oo] = iI
if oo - ii: iii = II[oo] # now iii == iI
Also I don't understand why you don't obfuscate
the parameters of methods. Shouldn't they be
the same as the parameters of global functions?
(Sorry I am a bit of a newbie,
so I may be missing something.)
A potential way to obfuscate method names while
keeping the original name would be to define the
method with an obfuscated name and then to set
the proper name to the obfuscated name.
__init__ = oOoOoO
And if you use some list references set up before the
class definition like above then it would be murder
to find which definition went with which name.
Have you thought about becoming a mad computer scientist? I think you'd
> Have you thought about becoming a mad computer scientist? I think you'd
> do well.
You can view many more ideas like that in: http://mindprod.com/unmain.html
Which is an amazing site to learn what *not* to do.
On Tue, 17 Feb 2004 16:08:33 +0100 (CET), Peter Astrand <(E-Mail Removed)> wrote:
>pyobfuscate - Python source code obfuscator
>pyobfuscate is a source code obfuscator: It makes Python source code
>hard to read for humans, while still being executable for the Python
Of course, this facility comes as standard with Perl.
"It's easier to find people online who openly support the KKK than
people who openly support the RIAA" -- comment on Wikipedia
(Email: zen19725 at zen dot co dot uk)