π€ What is "obfuscation"?
In the context of programming, obfuscation or Code Obfuscation is the practice of making the source code of an application difficult for humans to understand while still allowing it to function correctly when executed by a computer.
π Why do we need Code Obfuscation?
- Safeguarding Intellectual Property
Developers can ensure it's significantly harder for malicious actors to reverse engineer the source code, which is often an outcome of several years/months of R&D along with financial expenditure.
- Preventing Reverse Engineering to Find Exploits
Beyond just protecting the source code against plagiarism, if it's successfully reverse engineered, it can lead to revealing of inner workings. Malicious actors would use this knowledge to test vulnerabilities and create potential exploits to compromise the integrity and security of the application
Reducing File Size and Improving Performance
Mitigating Piracy and Unauthorized Use
π₯ What is Subdora?
Subdora is a lightweight tool built by [Lakshit](https://github.com/Lakshit-Karsoliya/) that makes code obfuscation for Python applications super simple!
ποΈ Setup
Open your terminal
Windows:
Press Windows + R
Type "wt"
Press Enter
Mac:
Press Command + Space
Type "terminal"
Press Enter
Linux
- Press CTRL + ALT + T
Create a new directory
mkdir codeObfuscation
Navigate Inside the newly created directory cd codeObfuscation
cd codeObfuscation
Create a Virtual environment
python -m venv env
Activate the virtual environment
# Mac/Linux source venv/bin/activate
# Windows env/Src/Activate.ps1
Install the package
pip install Subdora
Open VS code inside this directory
code .
Create a Python file named
main.py
(Can call it anything) and add some code to it. Here, I have added a simple binary search code. You may directly copy paste it for the purpose of this tutorial
def binary_search(nums:list[int],target:int)->list[int]:
N = len(nums)
if N <= 1:
return nums
start,end = 0,N-1
while start <= end:
mid = start + (end-start)//2
if target < nums[mid]:
end = mid - 1
elif target > nums[mid]:
start = mid + 1
else:
return mid
return -1
βΆοΈ Basic Usage
To obfuscate the python file
subdora --obfuscate main.py
An obfuscated file with the same name and the extension
.myst
is created in the project directory. In our case, it would bemain.myst
. While attempting to load and read the file inside VS Code, it can be observed that it is no more human readable.
This is the file you would be sharing to your clients or stakeholders from whom you wish to hide the source code.
This file can be run using the following command
subdora --run ./main.myst
π¬οΈ Setting Code Expiry
Beyond basic code obfuscation, it is possible to use Subdora to set a limit for the number of times this obfuscated file can be run to get the desired output/application working
subdora --obfuscate main.py --itr 5
The
--itr
flag species the number of times after which obfuscated file can no longer be run as seen below
β Adding a trial timer
Along with setting up the number of times the software can be executed from the obfuscated file, it is also possible to add a timer that limits the duration of running each file. This may not be relevant for an algorithmic solution of a problem but useful for GUI applications such as games where one wishes to allow the client to use the software for a few minutes or hours
subdora --obfuscate main.py --itr 2 --time 5m
πΈ Obfuscation-as-a-Image
Instead of creating a main.myst
file, it is possible to have an obfuscated file as an image. Not only does it sound interesting but also it is effective in terms of security since we are not even revealing the fact that there is some executable code hiding there.
Download any image of your choice from internet or choose on locally available. Here I am using the image of a tiger
Copy the path of the image
subdora --obfuscate main.py --itr 5 --img tiger.jpg
- The output is indistinguishable from the original image to naked eye
π Closing Notes
I hope this short tutorial provided you with valuable insights to incorporate code obfuscation as part of your development journey using Python!
Thank youππ for your time and attention.
If you have any queries, feel free to reach outπover LinkedIN. I would love to know about your experienceπ©βπ» of incorporating this in your projects/products.
Happy Building!ππ