Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #96621 > unrolled thread

Pyarmor, guard your python scripts

Back to article view | Back to comp.lang.python

Contents

  Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-15 02:21 -0700
    Re: Pyarmor, guard your python scripts Ben Finney <ben+python@benfinney.id.au> - 2015-09-15 19:36 +1000
      Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-17 18:58 -0700
        Re: Pyarmor, guard your python scripts Chris Angelico <rosuav@gmail.com> - 2015-09-18 12:05 +1000
          Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-17 19:51 -0700
        Re: Pyarmor, guard your python scripts Ben Finney <ben+python@benfinney.id.au> - 2015-09-18 12:27 +1000
          Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-17 19:59 -0700
            Re: Pyarmor, guard your python scripts Ben Finney <ben+python@benfinney.id.au> - 2015-09-18 13:06 +1000
              Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-17 22:55 -0700
                Re: Pyarmor, guard your python scripts Chris Angelico <rosuav@gmail.com> - 2015-09-18 17:27 +1000
                  Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-18 01:05 -0700
                    Re: Pyarmor, guard your python scripts Chris Angelico <rosuav@gmail.com> - 2015-09-18 18:16 +1000
                Re: Pyarmor, guard your python scripts sohcahtoa82@gmail.com - 2015-10-05 12:44 -0700
    Re: Pyarmor, guard your python scripts Chris Angelico <rosuav@gmail.com> - 2015-09-15 19:48 +1000
      Re: Pyarmor, guard your python scripts Grant Edwards <invalid@invalid.invalid> - 2015-09-15 13:16 +0000
        Re: Pyarmor, guard your python scripts Chris Angelico <rosuav@gmail.com> - 2015-09-15 23:29 +1000
          Re: Pyarmor, guard your python scripts Grant Edwards <invalid@invalid.invalid> - 2015-09-15 16:20 +0000
            Re: Pyarmor, guard your python scripts Chris Angelico <rosuav@gmail.com> - 2015-09-16 02:29 +1000
              Re: Pyarmor, guard your python scripts Grant Edwards <invalid@invalid.invalid> - 2015-09-15 16:40 +0000
                Re: Pyarmor, guard your python scripts Chris Angelico <rosuav@gmail.com> - 2015-09-16 02:59 +1000
      Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-17 19:40 -0700
        Re: Pyarmor, guard your python scripts Chris Angelico <rosuav@gmail.com> - 2015-09-18 15:01 +1000
          Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-17 22:38 -0700
            Re: Pyarmor, guard your python scripts alister <alister.nospam.ware@ntlworld.com> - 2015-09-18 08:08 +0000
              Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-18 01:31 -0700
                Re: Pyarmor, guard your python scripts alister <alister.nospam.ware@ntlworld.com> - 2015-09-18 10:06 +0000
                  Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-18 04:41 -0700
                    Re: Pyarmor, guard your python scripts Ben Finney <ben+python@benfinney.id.au> - 2015-09-18 21:52 +1000
                    Re: Pyarmor, guard your python scripts Lorenzo Sutton <lorenzofsutton@gmail.com> - 2015-09-18 15:07 +0200
                      Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-18 06:57 -0700
                        Re: Pyarmor, guard your python scripts Josef Pktd <josef.pktd@gmail.com> - 2015-10-05 08:55 -0700
                          Re: Pyarmor, guard your python scripts Ben Finney <ben+python@benfinney.id.au> - 2015-10-06 09:25 +1100
                          Re: Pyarmor, guard your python scripts Josef Pktd <josef.pktd@gmail.com> - 2015-10-06 07:35 -0700

Page 2 of 2 — ← Prev page 1 [2]

#96795

On Tuesday, September 15, 2015 at 5:49:15 PM UTC+8, Chris Angelico wrote:
> On Tue, Sep 15, 2015 at 7:21 PM, Jondy Zhao <jondy.zhao@gmail.com> wrote:
> > Pyarmor is dedicated to users who create their applications, components, scripts or any file with the help of the Python programming language. You may use this application to encrypt the files, in order to protect their content and your intellectual property, by encoding the scripts.
> >
> >
> > The program allows you to encrypt files, but to also open and run them as if no protection was applied.
> 
> If they can be run as if no protection had been applied, that
> presumably means the loader is capable of decrypting them, right? So
> what's to stop anyone from reading the loader, using it to decrypt the
> actual code, and running it?
> 
> ChrisA

The loader only can see the compiled scripts as ast nodes, even if the load some tools could dump the separated ast node to bytecode and de-compile it, think of one script is divided into thousands of pieces, it's not easy to assemble them again.

The final solution is to distribute the loader with encrypted scripts, only my own loader can run the encrypted scripts.
Besides,

[toc] | [prev] | [next] | [standalone]

#96799

On Fri, Sep 18, 2015 at 12:40 PM, Jondy Zhao <jondy.zhao@gmail.com> wrote:
> The loader only can see the compiled scripts as ast nodes, even if the load some tools could dump the separated ast node to bytecode and de-compile it, think of one script is divided into thousands of pieces, it's not easy to assemble them again.
>
> The final solution is to distribute the loader with encrypted scripts, only my own loader can run the encrypted scripts.

So anyone who's going to run your program needs your loader. If
someone wants to redistribute your code, s/he can simply distribute
the loader as well - and you're right back where you started. You have
still achieved nothing in terms of preventing redistribution.

Please do not do this. Not only are you not achieving the goal you
think you are, you're making a mess for people to have to deal with.

ChrisA

[toc] | [prev] | [next] | [standalone]

#96800

On Friday, September 18, 2015 at 1:02:09 PM UTC+8, Chris Angelico wrote:
> On Fri, Sep 18, 2015 at 12:40 PM, Jondy Zhao <jondy.zhao@gmail.com> wrote:
> > The loader only can see the compiled scripts as ast nodes, even if the load some tools could dump the separated ast node to bytecode and de-compile it, think of one script is divided into thousands of pieces, it's not easy to assemble them again.
> >
> > The final solution is to distribute the loader with encrypted scripts, only my own loader can run the encrypted scripts.
> 
> So anyone who's going to run your program needs your loader. If
> someone wants to redistribute your code, s/he can simply distribute
> the loader as well - and you're right back where you started. You have
> still achieved nothing in terms of preventing redistribution.
> 
> Please do not do this. Not only are you not achieving the goal you
> think you are, you're making a mess for people to have to deal with.
> 
> ChrisA

But the loader and the encrypted scripts could be bind to one fixed computer when I distribute them to end users, so the end users can't redistribute them to any other machines. Actually this is what some commercial software does.

[toc] | [prev] | [next] | [standalone]

#96808

On Thu, 17 Sep 2015 22:38:32 -0700, Jondy Zhao wrote:

> On Friday, September 18, 2015 at 1:02:09 PM UTC+8, Chris Angelico wrote:
>> On Fri, Sep 18, 2015 at 12:40 PM, Jondy Zhao <jondy.zhao@gmail.com>
>> wrote:
>> > The loader only can see the compiled scripts as ast nodes, even if
>> > the load some tools could dump the separated ast node to bytecode and
>> > de-compile it, think of one script is divided into thousands of
>> > pieces, it's not easy to assemble them again.
>> >
>> > The final solution is to distribute the loader with encrypted
>> > scripts, only my own loader can run the encrypted scripts.
>> 
>> So anyone who's going to run your program needs your loader. If someone
>> wants to redistribute your code, s/he can simply distribute the loader
>> as well - and you're right back where you started. You have still
>> achieved nothing in terms of preventing redistribution.
>> 
>> Please do not do this. Not only are you not achieving the goal you
>> think you are, you're making a mess for people to have to deal with.
>> 
>> ChrisA
> 
> But the loader and the encrypted scripts could be bind to one fixed
> computer when I distribute them to end users, so the end users can't
> redistribute them to any other machines. Actually this is what some
> commercial software does.

Making life difficult for legitimate users whilst causing Pirates minor 
difficulties at best (crack once distribute many)..

Copyright legislation is what provides you with protection if you need it

Commercial users do not risk running unlicensed software because of the 
damage a piracy case against them would cause to their business, not 
because they cant get it!
 

[toc] | [prev] | [next] | [standalone]

#96810

On Friday, September 18, 2015 at 4:08:57 PM UTC+8, alister wrote:
> On Thu, 17 Sep 2015 22:38:32 -0700, Jondy Zhao wrote:
> 
> > On Friday, September 18, 2015 at 1:02:09 PM UTC+8, Chris Angelico wrote:
> >> On Fri, Sep 18, 2015 at 12:40 PM, Jondy Zhao <jondy.zhao@gmail.com>
> >> wrote:
> >> > The loader only can see the compiled scripts as ast nodes, even if
> >> > the load some tools could dump the separated ast node to bytecode and
> >> > de-compile it, think of one script is divided into thousands of
> >> > pieces, it's not easy to assemble them again.
> >> >
> >> > The final solution is to distribute the loader with encrypted
> >> > scripts, only my own loader can run the encrypted scripts.
> >> 
> >> So anyone who's going to run your program needs your loader. If someone
> >> wants to redistribute your code, s/he can simply distribute the loader
> >> as well - and you're right back where you started. You have still
> >> achieved nothing in terms of preventing redistribution.
> >> 
> >> Please do not do this. Not only are you not achieving the goal you
> >> think you are, you're making a mess for people to have to deal with.
> >> 
> >> ChrisA
> > 
> > But the loader and the encrypted scripts could be bind to one fixed
> > computer when I distribute them to end users, so the end users can't
> > redistribute them to any other machines. Actually this is what some
> > commercial software does.
> 
> Making life difficult for legitimate users whilst causing Pirates minor 
> difficulties at best (crack once distribute many)..
> 
> Copyright legislation is what provides you with protection if you need it
> 
> Commercial users do not risk running unlicensed software because of the 
> damage a piracy case against them would cause to their business, not 
> because they cant get it!

I agree with you absolutely. Maybe I can show you the purpose of Pyarmor by the following case:

When we express a box, we can close this box with a lock, this equals encrypted scripts, or we just close the box without a lock. Pyarmor is just as this lock, it make the box more security, but it can not protect the box completely.

[toc] | [prev] | [next] | [standalone]

#96814

On Fri, 18 Sep 2015 01:31:50 -0700, Jondy Zhao wrote:

> On Friday, September 18, 2015 at 4:08:57 PM UTC+8, alister wrote:
>> On Thu, 17 Sep 2015 22:38:32 -0700, Jondy Zhao wrote:
>> 
>> > On Friday, September 18, 2015 at 1:02:09 PM UTC+8, Chris Angelico
>> > wrote:
>> >> On Fri, Sep 18, 2015 at 12:40 PM, Jondy Zhao <jondy.zhao@gmail.com>
>> >> wrote:
>> >> > The loader only can see the compiled scripts as ast nodes, even if
>> >> > the load some tools could dump the separated ast node to bytecode
>> >> > and de-compile it, think of one script is divided into thousands
>> >> > of pieces, it's not easy to assemble them again.
>> >> >
>> >> > The final solution is to distribute the loader with encrypted
>> >> > scripts, only my own loader can run the encrypted scripts.
>> >> 
>> >> So anyone who's going to run your program needs your loader. If
>> >> someone wants to redistribute your code, s/he can simply distribute
>> >> the loader as well - and you're right back where you started. You
>> >> have still achieved nothing in terms of preventing redistribution.
>> >> 
>> >> Please do not do this. Not only are you not achieving the goal you
>> >> think you are, you're making a mess for people to have to deal with.
>> >> 
>> >> ChrisA
>> > 
>> > But the loader and the encrypted scripts could be bind to one fixed
>> > computer when I distribute them to end users, so the end users can't
>> > redistribute them to any other machines. Actually this is what some
>> > commercial software does.
>> 
>> Making life difficult for legitimate users whilst causing Pirates minor
>> difficulties at best (crack once distribute many)..
>> 
>> Copyright legislation is what provides you with protection if you need
>> it
>> 
>> Commercial users do not risk running unlicensed software because of the
>> damage a piracy case against them would cause to their business, not
>> because they cant get it!
> 
> I agree with you absolutely. Maybe I can show you the purpose of Pyarmor
> by the following case:
> 
> When we express a box, we can close this box with a lock, this equals
> encrypted scripts, or we just close the box without a lock. Pyarmor is
> just as this lock, it make the box more security, but it can not protect
> the box completely.

And if the person at the other end looses the key it causes a great deal 
of trouble.

Alternatively the highway man that holds up the delivery truck simply 
takes a pair of bolt cutters to the lock...

yes it stops a casual snooper but that is all




-- 
A statesman is a politician who's been dead 10 or 15 years.
		-- Harry S. Truman

[toc] | [prev] | [next] | [standalone]

#96815

On Friday, September 18, 2015 at 6:06:51 PM UTC+8, alister wrote:
> On Fri, 18 Sep 2015 01:31:50 -0700, Jondy Zhao wrote:
> 
> > On Friday, September 18, 2015 at 4:08:57 PM UTC+8, alister wrote:
> >> On Thu, 17 Sep 2015 22:38:32 -0700, Jondy Zhao wrote:
> >> 
> >> > On Friday, September 18, 2015 at 1:02:09 PM UTC+8, Chris Angelico
> >> > wrote:
> >> >> On Fri, Sep 18, 2015 at 12:40 PM, Jondy Zhao <jondy.zhao@gmail.com>
> >> >> wrote:
> >> >> > The loader only can see the compiled scripts as ast nodes, even if
> >> >> > the load some tools could dump the separated ast node to bytecode
> >> >> > and de-compile it, think of one script is divided into thousands
> >> >> > of pieces, it's not easy to assemble them again.
> >> >> >
> >> >> > The final solution is to distribute the loader with encrypted
> >> >> > scripts, only my own loader can run the encrypted scripts.
> >> >> 
> >> >> So anyone who's going to run your program needs your loader. If
> >> >> someone wants to redistribute your code, s/he can simply distribute
> >> >> the loader as well - and you're right back where you started. You
> >> >> have still achieved nothing in terms of preventing redistribution.
> >> >> 
> >> >> Please do not do this. Not only are you not achieving the goal you
> >> >> think you are, you're making a mess for people to have to deal with.
> >> >> 
> >> >> ChrisA
> >> > 
> >> > But the loader and the encrypted scripts could be bind to one fixed
> >> > computer when I distribute them to end users, so the end users can't
> >> > redistribute them to any other machines. Actually this is what some
> >> > commercial software does.
> >> 
> >> Making life difficult for legitimate users whilst causing Pirates minor
> >> difficulties at best (crack once distribute many)..
> >> 
> >> Copyright legislation is what provides you with protection if you need
> >> it
> >> 
> >> Commercial users do not risk running unlicensed software because of the
> >> damage a piracy case against them would cause to their business, not
> >> because they cant get it!
> > 
> > I agree with you absolutely. Maybe I can show you the purpose of Pyarmor
> > by the following case:
> > 
> > When we express a box, we can close this box with a lock, this equals
> > encrypted scripts, or we just close the box without a lock. Pyarmor is
> > just as this lock, it make the box more security, but it can not protect
> > the box completely.
> 
> And if the person at the other end looses the key it causes a great deal 
> of trouble.
> 
> Alternatively the highway man that holds up the delivery truck simply 
> takes a pair of bolt cutters to the lock...
> 
> yes it stops a casual snooper but that is all
> 
> 
In reality, when we leave the house, we lock the door, even the lock could not make sure the safe of our property. It's just make it difficult. It's same in the software world. Someone need the lock in both of the world. 

And if the highway man need leave the trunk for many days, whether they lock the truck or ask someone to take care of it or not.

> 
> 
> -- 
> A statesman is a politician who's been dead 10 or 15 years.
> 		-- Harry S. Truman

[toc] | [prev] | [next] | [standalone]

#96816

Jondy Zhao <jondy.zhao@gmail.com> writes:

> In reality, when we leave the house, we lock the door, even the lock
> could not make sure the safe of our property. It's just make it
> difficult. It's same in the software world. Someone need the lock in
> both of the world.

Yes, please don't encourage authors to put locks into people's computers
that restrict those people's access to use them.

And we won't come to install a lock that restricts your access to your
house.

In other words: Please don't arrogate to anyone the presumed right to
restrict how people run programs on their own computers.

-- 
 \           “It ain't so much the things we don't know that get us in |
  `\    trouble. It's the things we know that ain't so.” —Artemus Ward |
_o__)                                     (1834–1867), U.S. journalist |
Ben Finney

[toc] | [prev] | [next] | [standalone]

#96819

On 18/09/2015 13:41, Jondy Zhao wrote:
[...]
> In reality, when we leave the house, we lock the door, even the lock could
> not make sure the safe of our property. It's just make it difficult.
> It's same in the software world. Someone need the lock in both of the world.

I think you meant "in the *proprietary* software world".

This discussion on the topic, and in particular this answer, on 
Stackoverflow are quite inspiring:

http://stackoverflow.com/questions/261638/how-do-i-protect-python-code/261727#261727

Lorenzo.

[toc] | [prev] | [next] | [standalone]

#96823

On Friday, September 18, 2015 at 9:08:27 PM UTC+8, Lorenzo Sutton wrote:
> On 18/09/2015 13:41, Jondy Zhao wrote:
> [...]
> > In reality, when we leave the house, we lock the door, even the lock could
> > not make sure the safe of our property. It's just make it difficult.
> > It's same in the software world. Someone need the lock in both of the world.
> 
> I think you meant "in the *proprietary* software world".
> 

Exactly.

> This discussion on the topic, and in particular this answer, on 
> Stackoverflow are quite inspiring:
> 
> http://stackoverflow.com/questions/261638/how-do-i-protect-python-code/261727#261727
> 
> Lorenzo.

[toc] | [prev] | [next] | [standalone]

#97418

related
https://youtu.be/wsczq6j3_bA?t=20m9s

Josef

[toc] | [prev] | [next] | [standalone]

#97427

Josef Pktd <josef.pktd@gmail.com> writes:

> related

Care to give us a summary of what that is, and describe what you think
is the relevant point?

-- 
 \          “The best way to get information on Usenet is not to ask a |
  `\               question, but to post the wrong information.” —Aahz |
_o__)                                                                  |
Ben Finney

[toc] | [prev] | [next] | [standalone]

#97446

On Monday, October 5, 2015 at 11:27:58 PM UTC-4, Ian wrote:
> On Oct 5, 2015 4:27 PM, "Ben Finney" <ben+p...@benfinney.id.au> wrote:
> 
> >
> 
> > Josef Pktd <josef...@gmail.com> writes:
> 
> >
> 
> > > related
> 
> >
> 
> > Care to give us a summary of what that is, and describe what you think
> 
> > is the relevant point?
> 
> Following the link reveals it to be the video of a talk on Python exe compilation from PyCon 2014.
> 
> If you're worried about the safety of the link, know that youtu.be is the official URL shortener for YouTube and only leads to YouTube videos.

The talk is by Brandon Rhodes that I found quite refreshing the first time I attended Pycon https://us.pycon.org/2014/schedule/presentation/201/
The approach is building an exe file, but the motivation is the same as here.

About the keys:

Consider it as price discrimination between "cheap" hackers and plain users.

When I was a student I wasn't very reluctant to install cracked versions, but as far as I remember, I haven't installed a cracked version of a program in 15 years or so. 
All the application and music on the ipads in my family are legitimate versions, either free minimal functionality versions or purchased on apps store or through itunes.

The python community in general seems to be a lot in favor of SaaS but not much in favor of selling (small) software products. When we got our first ipad, (I'm traditionally a Windows user) I was surprised how large the market for small and larger programs is and the opportunities that it provides for single developers or small groups of developers. In contrast, SaaS requires a much larger setup cost and larger scale.

I pretty much share Jondy Zhao's view.


That doesn't mean it's always a good idea. I have been working for many years on BSD licensed open source software.

Josef

[toc] | [prev] | [standalone]

Page 2 of 2 — ← Prev page 1 [2]

Back to top | Article view | comp.lang.python

csiph-web