= Pyarmor = Pyarmor is a command line tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts. It protects Python scripts by the following ways: * Obfuscate code object to protect constants and literal strings. * Obfuscate byte code of each code object. * Clear f_locals of frame as soon as code object completed execution. * Expired obfuscated scripts, or bind to fixed machine. Look at what happened after `foo.py` is obfuscated by Pyarmor. Here are the files list in the output path `dist` {{{ foo.py pytransform.py _pytransform.so, or _pytransform.dll in Windows, _pytransform.dylib in MacOS pyshield.key pyshield.lic product.key license.lic }}} `dist/foo.py` is obfuscated script, the content is {{{#!python from pytransfrom import pyarmor_runtime pyarmor_runtime() __pyarmor__(__name__, __file__, b'\x06\x0f...') }}} All the other extra files called `Runtime Files`, which are required to run or import obfuscated scripts. So long as runtime files are in any Python path, obfuscated script `dist/foo.py` can be used as normal Python script. That is to say, ```the original python scripts can be replaced with obfuscated scripts seamlessly.``` == Obfuscate Scripts == How to obfuscate python scripts by Pyarmor? First compile Python script to code object {{{#!c char *filename = "foo.py"; char *source = read_file( filename ); PyCodeObject *co = Py_CompileString( source, "", Py_file_input ); }}} Next change this code object as the following ways * Wrap byte code `co_code` within a `try...finally` block {{{ wrap header: LOAD_GLOBALS N (__armor_enter__) N = length of co_consts CALL_FUNCTION 0 POP_TOP SETUP_FINALLY X (jump to wrap footer) X = size of original byte code changed original byte code: Increase oparg of each absolute jump instruction by the size of wrap header Obfuscate original byte code ... wrap footer: LOAD_GLOBALS N + 1 (__armor_exit__) CALL_FUNCTION 0 POP_TOP END_FINALLY }}} * Append function names `__armor_enter`, `__armor_exit__` to `co_consts` * Increase `co_stacksize` to 4 if it's less than 4 * Set CO_OBFUSCAED (0x80000000) flag in `co_flags` * Change all code objects in the `co_consts` recursively Then serialize this reformed code object, obfuscate it to protect constants and literal strings {{{#!c char *string_code = marshal.dumps( co ); char *obfuscated_code = obfuscate_algorithm( string_code ); }}} Finally generate obfuscated script {{{#!c sprintf( buf, "__pyarmor__(__name__, __file__, b'%s')", obfuscated_code ); save_file( "dist/foo.py", buf ); }}} The obfuscated script is a normal Python script, it looks like this {{{#!python __pyarmor__(__name__, __file__, b'\x01\x0a...') }}} == Run Obfuscated Scripts == What happens to run obfuscated script `dist/foo.py` by Python Interpreter? The first 2 lines, which called `Bootstrap Code` {{{#!python from pytransfrom import pyarmor_runtime pyarmor_runtime() }}} It will fulfil the following tasks * Validate `dist/license.lic`, check whether it's expired or not etc. * Add 3 functions to module `builtins`: * `__pyarmor__` * `__armor_enter__` * `__armor_exit__` The next code line in `dist/foo.py` is {{{#!python ... __pyarmor__(__name__, __file__, b'\x01\x0a...') }}} `__pyarmor__` is called, it will import original module from obfuscated code {{{#!c static PyObject * __pyarmor__(char *name, char *pathname, unsigned char *obfuscated_code) { char *string_code = restore_obfuscated_code( obfuscated_code ); PyCodeObject *co = marshal.loads( string_code ); return PyImport_ExecCodeModuleEx( name, co, pathname ); } }}} After that, in the runtime of this python process * `__armor_enter__` is called as soon as any code object is executed, it will restore byte-code of this code object {{{#!c static PyObject * __armor_enter__(PyObject *self, PyObject *args) { // Got code object PyFrameObject *frame = PyEval_GetFrame(); PyCodeObject *f_code = frame->f_code; // Increase refcalls of this code object // Borrow co_names->ob_refcnt as call counter // Generally it will not increased by Python Interpreter PyObject *refcalls = f_code->co_names; refcalls->ob_refcnt ++; // Restore byte code if it's obfuscated if (IS_OBFUSCATED(f_code->co_flags)) { restore_byte_code(f_code->co_code); clear_obfuscated_flag(f_code); } Py_RETURN_NONE; } }}} * `__armor_exit__` is called so long as code object completed execution, it will obfuscate byte-code again {{{#!c static PyObject * __armor_exit__(PyObject *self, PyObject *args) { // Got code object PyFrameObject *frame = PyEval_GetFrame(); PyCodeObject *f_code = frame->f_code; // Decrease refcalls of this code object PyObject *refcalls = f_code->co_names; refcalls->ob_refcnt --; // Obfuscate byte code only if this code object isn't used by any function // In multi-threads or recursive call, one code object may be referenced // by many functions at the same time if (refcalls->ob_refcnt == 1) { obfuscate_byte_code(f_code->co_code); set_obfuscated_flag(f_code); } // Clear f_locals in this frame clear_frame_locals(frame); Py_RETURN_NONE; } }}} == Usage == Install {{{ pip install pyarmor }}} Obfuscate Scripts {{{ cd /path/to/pyarmor python pyarmor.py obfuscate --src=examples/simple --entry=queens.py }}} Run Obfuscated Scripts {{{ cd dist python queens.py }}} Bind obfuscated scripts to fixed machine and expire it on some day. By default the obfuscated scripts can run in any machine and never expired, this behavior can be changed by replacing runtime file `dist/license.lic` {{{ cd /path/to/pyarmor python pyarmor.py licenses --expired "2018-12-31" --bind-mac "70:f1:a1:23:f0:94" Jondy cp licenses/Jondy/license.lic dist/ cd dist python queens.py }}} == Support Platforms == * Python 2.5, 2.6, 2.7 and Python3 * win32, win_amd64, linux_i386, linux_x86_64, macosx_intel * Embedded Platform: Raspberry Pi, Banana Pi, TS-4600 / TS-7600 Besides, pyarmor works well with [[py2exe]] and [[PyInstaller]]. Here are some [[https://github.com/dashingsoft/pyarmor/blob/master/src/examples/README.md|examples]]. == Other Links == * [[http://pyarmor.dashingsoft.com|Homepage]] * [[https://github.com/dashingsoft/pyarmor|Source Code]] * [[https://pypi.org/project/pyarmor/|pypi]] * [[https://github.com/dashingsoft/pyarmor/blob/master/src/user-guide.md|User Guide]] ---- CategoryDistutilsCookbook