Obfuscating Python Code with Subdora


4 min read

Obfuscating Python Code with Subdora

πŸ€” What is "obfuscation"?

In the context of programming, obfuscation or Code Obfuscation is the practice of making the source code of an application difficult for humans to understand while still allowing it to function correctly when executed by a computer.

πŸ“ƒ Why do we need Code Obfuscation?

  1. Safeguarding Intellectual Property

Developers can ensure it's significantly harder for malicious actors to reverse engineer the source code, which is often an outcome of several years/months of R&D along with financial expenditure.

  1. Preventing Reverse Engineering to Find Exploits

Beyond just protecting the source code against plagiarism, if it's successfully reverse engineered, it can lead to revealing of inner workings. Malicious actors would use this knowledge to test vulnerabilities and create potential exploits to compromise the integrity and security of the application

  1. Reducing File Size and Improving Performance

  2. Mitigating Piracy and Unauthorized Use

πŸ’₯ What is Subdora?

Subdora is a lightweight tool built by [Lakshit](https://github.com/Lakshit-Karsoliya/) that makes code obfuscation for Python applications super simple!

πŸ—οΈ Setup

  • Open your terminal

    • Windows:

      • Press Windows + R

      • Type "wt"

      • Press Enter

    • Mac:

      1. Press Command + Space

      2. Type "terminal"

      3. Press Enter

    • Linux

      • Press CTRL + ALT + T
  • Create a new directory

      mkdir codeObfuscation
  • Navigate Inside the newly created directory cd codeObfuscation

      cd codeObfuscation
  • Create a Virtual environment

      python -m venv env
  • Activate the virtual environment

      # Mac/Linux
      source venv/bin/activate
      # Windows
  • Install the package

      pip install Subdora
  • Open VS code inside this directory

      code .
  • Create a Python file named main.py (Can call it anything) and add some code to it. Here, I have added a simple binary search code. You may directly copy paste it for the purpose of this tutorial

def binary_search(nums:list[int],target:int)->list[int]:
    N = len(nums)
    if N <= 1:
        return nums
    start,end = 0,N-1
    while start <= end:
        mid = start + (end-start)//2
        if target < nums[mid]:
            end = mid - 1
        elif target > nums[mid]:
            start = mid + 1
            return mid 
    return -1

▢️ Basic Usage

  • To obfuscate the python file

       subdora --obfuscate main.py
  • An obfuscated file with the same name and the extension .myst is created in the project directory. In our case, it would be main.myst. While attempting to load and read the file inside VS Code, it can be observed that it is no more human readable.

  • This is the file you would be sharing to your clients or stakeholders from whom you wish to hide the source code.

  • This file can be run using the following command

      subdora --run ./main.myst

    🌬️ Setting Code Expiry

  • Beyond basic code obfuscation, it is possible to use Subdora to set a limit for the number of times this obfuscated file can be run to get the desired output/application working

       subdora --obfuscate main.py --itr 5
  • The --itr flag species the number of times after which obfuscated file can no longer be run as seen below

⌚ Adding a trial timer

Along with setting up the number of times the software can be executed from the obfuscated file, it is also possible to add a timer that limits the duration of running each file. This may not be relevant for an algorithmic solution of a problem but useful for GUI applications such as games where one wishes to allow the client to use the software for a few minutes or hours

 subdora --obfuscate main.py --itr 2 --time 5m

πŸ“Έ Obfuscation-as-a-Image

Instead of creating a main.myst file, it is possible to have an obfuscated file as an image. Not only does it sound interesting but also it is effective in terms of security since we are not even revealing the fact that there is some executable code hiding there.

  • Download any image of your choice from internet or choose on locally available. Here I am using the image of a tiger

  • Copy the path of the image

subdora --obfuscate main.py --itr 5 --img tiger.jpg
  • The output is indistinguishable from the original image to naked eye

πŸ”– Closing Notes

I hope this short tutorial provided you with valuable insights to incorporate code obfuscation as part of your development journey using Python!

Thank youπŸ™πŸ™ for your time and attention.

If you have any queries, feel free to reach outπŸ‘‹over LinkedIN. I would love to know about your experienceπŸ‘©β€πŸ’» of incorporating this in your projects/products.

Happy Building!πŸš€πŸš€

Did you find this article valuable?

Support Smaranjit Ghose by becoming a sponsor. Any amount is appreciated!