-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Remove the --key/cipher bytecode encryption.
Bytecode encryption, given that the decryption key has to be stored somewhere in the built application for the application to be able to function, was only ever a mild deterrent against prying eyes. It could be cracked by anyone willing to dig around PyInstaller's source code for the exact layout of the executable archive and a quick hexdump to get the key once you know where to look. These days however, PyInstaller reverse engineering tools like PyExtractor have this all built in. For example, in the steps below, our would be prying user doesn't even need to know that the application they are trying to break open is encrypted, let alone have to do anything clever to decrypt it. git clone https://github.com/Rdimo/PyExtractor.git cd PyExtractor pip install -r requirements.txt python main.py some/pyinstaller/application So since the knowledge barrier to reverse engineer an encrypted build is now identical to that of a regular one, and because users are being misled into thinking that an encrypted PyInstaller build is a safe place to put things like API keys, and since adding further code obfuscation will eventually lead to the same outcome, remove the encryption feature entirely. Users looking for a replacement should look for code obfuscation methods that don't require lossless de-obfuscation at runtime in order for the code to be runable. This means PyArmour or any DIY bytecode encryption scheme should be avoided for the same reasons that this feature is being dropped. Instead, you can use pyminifier's obfuscation feature which mangles variable names or if (and only if) you understand the perils of Linux ABI compatibility, are aware of the macOS deployment target and understand that PyInstaller can't detect imports made by C extensions (i.e. you will need to use --hidden-import/--collect-submodules a lot) then you may consider running Cython on the more confidential Python files in your project.
- Loading branch information
Showing
15 changed files
with
36 additions
and
232 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.