Protecting your code

[kashifrazzaqui]

Hi,
How can one protect the Python source code in a commercially deployed SIS?

[JOM]

How can one protect the Python source code in a commercially deployed SIS?

You cannot do that.

You can compile your script.py to script.pyc using python 2.2.2 or 2.2.3 in your desktop. This automatically means that you must create a readable file.py to launch your compiled script.pyc in phone and release both together.

Furthermore you can first run your python code through obfuscator. The only one I ever checked could handle only a single file, though. Few commercial quality sw are writted in one single file. Sure, it can and has been done

After all of this anyone can open your SIS archive and decompile the python byte code back to readable format. It's not exactly same source code that you wrote originally, but it does reveal algorithms and procedures.

One thing, which I haven't checked, but which might be worth investigation is storing your (obfuscated) sources in some kind of encrypted archive and run from there:

http://docs.python.org/lib/module-zipimport.html

Problems with this are that you still need to store ZIP file archive password inside your py/pyc/some file. Also encrypted ZIP archives can be broken with time etc. Most of all, this is a 2.3 feature and thus not available...

Won't be easy,

--jouni

[kashifrazzaqui]

Thanks Jouni, so basically PyS60 is only good for proto-typing. All commercial development must happen in C++. Sigh..

[JOM]

You CAN use python for commercial sw development, it's very common on other platforms!

You just cannot "protect" your source code. Even C++ can be decompiled and reverse engineered. Some companies are offering automated software to do such. The question is how much do you need to protect your code: for example anything related to security or monetary transfers might not be good python programs. Games, utilities, anything not using network connection should be ok.

Python source code protection can be made as safe as java, which really isn't much. Still there are thousands of commercial java applications.

Basically using obfuscators and pre-compilation is good enough to stop curious individuals. Determined professionals you can never stop, no matter what you do. Microchips can be reverse engineeded, too, if someone really wants to do it.

Btw you just asked about source code protection. Making a "commercial" release is another nice question

Cheers,

--jouni

[kashifrazzaqui]

Hey Jouni,
A penny for your thoughts on commercialization...

[JOM]

A penny for your thoughts on commercialization...

It's not worth that much - and it's not a pretty thought. Please check this thread: http://discussion.forum.nokia.com/fo...d.php?t=131180

Since pyS60 world is fragmented (backwards compatibility, hw features, 3rd party extensions), future is unknown (no public roadmap), doesn't come built-in with phones (main cause of problems), requires using extensions for too many hot features (LBS, BT, advanced UI), doesn't offer all basic UI features, then developing commercial sw which would sell enough/lot will require a lot of work.

Using pyS60 for development is ok, I've used worse systems. You can write something quickly and badly (just check some sample code ), but with normal sw dev disciplines pyS60 sw can be powerful. It makes doing some things really easy and fast.

I wouldn't do any big project with current pyS60. The main reason is that after sales support would be too much trouble. More trouble than what you need for J2ME or native sw, which also require quite a lot of support.

However I have, am doing and will continue to do small projects with pyS60, for example games and utilities. Just can't imagine making any mass distribution... but won't give up the hope.

Sorry,

--jouni

[kashifrazzaqui]

Thanks a ton...