Dave Mandelin wrote: > Ken Seehart wrote: > > Math wrote: > > > Hello, > > I encypted the bytecode of a few important functions with a key based on > > information required from the user. Without the key, these functions > > can't be decrypted. This is somewhat more secure than just testing the > > key with an "if" statement since the latter could easily be bypassed by > > a hacker. > > That's a really good idea. I have a couple more questions, if you don't > mind: I am going to distribute an app using py2exe. Is it reasonably > easy to apply this technique to bytecode stored inside the library.zip > file, or should I just include the encrypted Python files as separate > files? > > Second, I hear that in general it is very difficult to make a > time-limited demo, because the code has to be all there, so all a > cracker has to do is bypass the "if". It seems that even this method > won't work for that. Do you know of any way to make time limiting > secure? >
If an attacker is determined to 'decompile' your application then it will be possible. Although decompiling python byte-code (even from py2exe wrapped programs) is easy, it's probably a less practised art than breaking C code. (Although I guess such dissasembly is usually done on an assembler level). The obvious way to make it more secure is to include several checks. Unless you are going to be writing a program used by tens of thousands of users, it is likely that it is not worth the effort of the hackers to bother. I'd release the early versions using simple protection mechanisms, and develop your protectionas your userbase grows. Again - there are commercial tools available that will handle this for you, if you want a higher degree of protectoin (although by no means infallible) immediately. Fuzzyman http://www.voidspace.org.uk/python/index.shtml > Thanks. > > -- > Want to play tabletop RPGs online? > Check out RPZen: http://koboldsoft.com -- http://mail.python.org/mailman/listinfo/python-list
