Protect Python scripts against reverse engineering with Pyarmor

Python is easy to read and widely used. While this readability encourages collaboration, it increases the risk of unauthorized access and misuse. A competitor or malicious actor can copy your proprietary logic and algorithms without proper protection. This will negatively affect the integrity of the software and user trust.

Implement strong security measures, such as data obfuscation and license verification, fortifying your software against potential threats. Protecting Python scripts isn't just a matter of routine; it's an important strategy for ensuring the security of your innovations and maintaining user trust in the digital landscape.

What is Pyarmor?

Pyarmor is a command line library. It helps protect and obfuscate Python scripts and packages. It transforms the original Python code into a more obscure form while maintaining its functionality. Cloaking renames variables, functions, and classes to non-descriptive names. It also removes comments and refactors the code. This makes the code difficult to reverse, forge or copy.

Pyarmor can secure individual Python scripts and entire packages, and even add license validation to your code.

Install Pyarmor . library

Pyarmor is listed on the Python Package Index (PyPI). Use pip to install it by running the following command:

pip install pyarmor

You don't need to install Pyarmor in the same directory where your project is stored. You can install it anywhere on your computer and can secure any Python script from the desired directory.

However, if you want to run secured scripts without having to install Pyarmor on the target machine, you need to install it in the same directory where your project is stored. This is because secured scripts will contain references to the Pyarmor runtime. This is a required condition to run the scripts.

Secure each Python script

Securing each script with Pyarmor is pretty straightforward. Let's look at the script that adds the following two numbers:

def add_numbers(num1, num2): result = num1 + num2 print("The sum of {} and {} is: {}".format(num1, num2, result)) # Sử dụng num1 = float(input("Enter the first number: ")) num2 = float(input("Enter the second number: ")) add_numbers(num1, num2)

Use the command line to navigate to the directory where you installed Pyarmor. Then run the following command to navigate to the directory where you installed Pyarmor. Replace main.py with your script name.

pyarmor gen --output dist main.py

After running this command, Pyarmor creates a new directory named dist . Inside it contains your security script.

Open the security script to see its contents.

The above screenshot shows the result after Pyarmor obfuscate and encode a simple additional script. Now you can't tell what the script does just by looking at it.

To run a secured script, open a terminal or command prompt and navigate to the location where the dist folder is located . Then use the following command to run the script:

python dist/main.py

Replace main.py with the name of the script. The script will run as normal without any disturbance. Thoroughly test to make sure all functions work as you expect.

Protect the entire Python package

Package can contain several modules or hundreds of modules depending on their purpose. Protecting each module is exhausting. Fortunately, Pyarmor is capable of securing the entire package.

Suppose you have a simple Python package named sample_package with the following structure:

sample_package/ |-- __init__.py |-- module1.py |-- module2.py

You can create as many modules as you want.

To encrypt and shuffle a package, open a terminal or command prompt, and then navigate to the directory where your package is located. Then run the command:

pyarmor gen -O dist -r -i sample_package

Replace sample_package with the name of the package. This command will encrypt and obfuscate your packages directory and save the protected output to the dist directory . Use the protected package as you would for any other Python package.

For example, using the sample package above, create a new script inside the dist directory :

from my_package import module1, module2 module1.say_hello() module2.do_something()

When running this code, the package will work as it should before securing it.

Control access to scripts

You may want to limit how long the user runs the script, such as during a trial period. Use the following command after shuffling the script:

pyarmor gen -O dist -e 30 main.py

Replace 30 with the number of days you want the script to work. You can also replace it with an exact date. After that date, the script will expire.

You can test this feature by setting a date in the past. That will cause running the script to throw an error. Use the following command to shuffle a script with an expiration date:

pyarmor gen -O dist -e 2022-01-01 main.py

Then run the following security script:

The error says the license key has expired, so the script cannot run.

Above are the things you need to know about scripting security in Python using Pyarmor. Hope the article is useful to you.

Kareem Winters

Update 17 August 2023