PY v PYO
293 views
Skip to first unread message
T500
Sep 13, 2012, 10:26:52 AM9/13/12
to kivy-...@googlegroups.com
Hi, I know PYO is reversible but I'm to generally obscure a crypto method from plain view. When I looked as the Touchtracer APK after install the main was a PYO. Yet Showcase APK is main.py ????
Then I found on Stackoverflow http://stackoverflow.com/questions/12179456/encode-source-code-for-a-kivy-distribution-apk Tito mentions "The .py is not shipped into the apk an the end, only the .pyo (Python Bytecode, optimized version, no docstring). Still, bytecode can be reversed."
So I generated an APK from my own app and it installed as PY ?
The I tried creating a PYO and used Kivy-launcher... did run!
But Touchtracer does ???
OKay Enstiens what blundering step did I miss D)
So how do you generate a kivy "main.pyo" ???
Many thanks
Thomas Hansen
Sep 13, 2012, 11:40:47 AM9/13/12
to kivy-...@googlegroups.com
run python with the -O flag to enable optimization and it will write
pyo (optimized python bytecode) files instead of pyc (python bytecode
files). I think the only difference is that it will remove assert
statements. Also, depending on system/setup python will usually only
compile any imported python modules/files, and not the __main__ module
(the actual script file you pass to python as an argument).
you can also use the py_compile or compile all moule to compile
specific files without executing them, see:
http://docs.python.org/library/py_compile.html#module-py_compile
http://docs.python.org/library/compileall.html
--
Thomas
> --
>
>
>
pyo (optimized python bytecode) files instead of pyc (python bytecode
files). I think the only difference is that it will remove assert
statements. Also, depending on system/setup python will usually only
compile any imported python modules/files, and not the __main__ module
(the actual script file you pass to python as an argument).
you can also use the py_compile or compile all moule to compile
specific files without executing them, see:
http://docs.python.org/library/py_compile.html#module-py_compile
http://docs.python.org/library/compileall.html
--
Thomas
>
>
>
T500
Sep 13, 2012, 7:48:39 PM9/13/12
to kivy-...@googlegroups.com
Cheers Thomas, got it working a treat. For anyone looking here's what I used...
"comp.py"
# File: main.py to PYO
import py_compile
# explicitly compile this module
py_compile.compile("main.py")
Then python -OO comp.py
Using -O1, -O2 doesn't work with python 2v7 and is not applicable apparently.
Thanks again
Eric
Sep 14, 2012, 6:11:41 PM9/14/12
to kivy-...@googlegroups.com
I'm not sure how critical your crypto method is, and as you allude to, almost anything is reversible given enough effort. However, have you thought about just putting that method in a separate module and compiling it to a Cython library file? Might be a little more secure than leaving it in bytecode, and wouldn't take much more effort. Plus, if there's any computationally heavy code in there, you could also optimize it with Cython typing. Code protection is not the reason for Cython, but it's not a bad side effect. And you've already got access to Cython since Kivy uses it.
If you're not already familiar with Cython, it's easy to compile it into a shared library on the command line. If you're using Linux (maybe OSX, too), try:
1) Make a test.py file
#test.py
SECRET_CODE = "secret code from Cython file"
2) Then compile it with Cython and gcc on the command line
cython test.py
gcc -shared -pthread -fPIC -fwrapv -O2 -Wall -fno-strict-aliasing -I/usr/include/python2.7 -o test.so test.c
3) Delete or move test.py
rm test.py
4) Create a python file main.py
#main.py
from test import SECRET_CODE
print SECRET_CODE
So you are left with a compiled test.so file, which you can import just like test.py, but which is much more difficult to decompile than regular Python bytecode (though far from impossible to reverse engineer). Just be sure to delete or move your test.py file (whatever the equivalent is) from your directory before you compile, so that only test.so is left (although Python for Android would do it automatically).
Eric
Sep 14, 2012, 6:28:22 PM9/14/12
to kivy-...@googlegroups.com
And to follow up with an additional clarification just for anyone out there not familiar with Cython or cross-compiling. You'll obviously need to re-compile the c file you generate in Cython for whatever platform you're porting your Kivy app to. There are easier ways to use Cython across platforms, but if your goal is protect code, I think pre-compiling is the best option. Otherwise, you'd need to leave your py/pyx file in the package to be compiled in the device.
But the Kivy core devs would be the real experts on using Cython across platforms.
T500
Sep 15, 2012, 8:43:29 AM9/15/12
to kivy-...@googlegroups.com
Thanks Eric, your example did exactly what it says on the tin!
My brain went in to full gimbal lock trying to extract the string from the so file.
Its really good idea, but no idea how this can be dont yet for android.
For now pyo suites the purpose as its all low level private info. But you are right in as much as developers should be more mindful about how low level privacy is handled.
Not even Guido van Rossum could make sense in plain english what I'm trying to code LOL But thanks again Eric I like that and will file it away in the "Really handy routines" folder. Cheers
Reply all
Reply to author
Forward
0 new messages