Changing Python Opcodes

[Sreejith K]

Hi,

I know this is not the best way to do it. But I have to do it at least
to make it *hard* to decompile the python bytecode.

I want to distribute a software written in Python without the source.
So I compiled Python from source changing some opcode values (Taking
care of HAVE_ARGUMENT value) and distributed with the .pyc files. It
did compile but when I'm installing additional python modules using
easy_install, the import fails with a segmentation fault. It worked in
a 32 bit Centos 5.2 but not on 64bit Centos 5.2. I am using python
2.5.4 source.

I changed only the Include/opcode.py source with my jumbled opcode
values. Was I correct here ? I would like to know what all changes to
be made as to successfully compile a custom python with different
opcode values ?

 

[Diez B. Roggisch]

Hi,

I know this is not the best way to do it. But I have to do it at least
to make it *hard* to decompile the python bytecode.

I want to distribute a software written in Python without the source.
So I compiled Python from source changing some opcode values (Taking
care of HAVE_ARGUMENT value) and distributed with the .pyc files. It
did compile but when I'm installing additional python modules using
easy_install, the import fails with a segmentation fault. It worked in
a 32 bit Centos 5.2 but not on 64bit Centos 5.2. I am using python
2.5.4 source.

I changed only the Include/opcode.py source with my jumbled opcode
values. Was I correct here ? I would like to know what all changes to
be made as to successfully compile a custom python with different
opcode values ?

As you are the one who modified your Python, you are the one responsible
for debugging that - noone else can.

Did you try installing the egg *without* pyc-files in there? Because
naturally those shouldn't work. They shouldn't crash the interpreter
either, but then again - you *did* modify it.

Diez

 

[Sreejith K]

Did you try installing the egg *without* pyc-files in there? Because
naturally those shouldn't work. They shouldn't crash the interpreter
either, but then again - you *did* modify it.

Hi Diez, thanks for the immediate reply

I installed the setuptools using ez_setup.py script. Then I used the
easy_install to install additional modules. When importing the
installed modules segfault occurs. The module I installed was
TurboGears.

Then I thought that it happened maybe because the easy_install script
is downloading eggs for original python (I'm not sure if it is what
easy_install is doing). So I also tried to install the module by
downloading all the dependencies (tar.gz files) and building it. Even
then segfault occured. Is there any problem in changing only the
opcodes.py file ? I did something horribly wrong here. Hope someone
will help...

 

[Diez B. Roggisch]

Hi Diez, thanks for the immediate reply

I installed the setuptools using ez_setup.py script. Then I used the
easy_install to install additional modules. When importing the
installed modules segfault occurs. The module I installed was
TurboGears.

Then I thought that it happened maybe because the easy_install script
is downloading eggs for original python (I'm not sure if it is what
easy_install is doing).

Yep, that's actually it's main purpose.

So I also tried to install the module by
downloading all the dependencies (tar.gz files) and building it. Even
then segfault occured. Is there any problem in changing only the
opcodes.py file ? I did something horribly wrong here. Hope someone
will help...

I don't know. You modified this yourself. If I were in your situation, what
I would have done is to

- modify the version-information stored in my PYC-files so that I'm sure I
don't accidentally load any "normal" PYC-files. Python does check that
through some magic number, make sure you use your own.

- fire up the debugger and see where the segfault actually happens. Nobody
can be helping you there, because it's *your* code, not Python anymore. And
giving others access to it defies somewhat the purpose of the whole
exercise....

Diez

 

[Peter Otten]

Sreejith K wrote:

Nobody
can be helping you there, because it's *your* code, not Python anymore.
And giving others access to it defies somewhat the purpose of the whole
exercise....

....and everyone with the expertise to decompile your application and do
something useful with the result will also be able to find this thread.
Basically you're trying the security through obscurity stunt without the
obscurity...

Peter

 

[greg]

I know this is not the best way to do it. But I have to do it at least
to make it *hard* to decompile the python bytecode.
So I compiled Python from source changing some opcode values

It probably wouldn't be all that hard for someone to
figure this out. A possible avenue of attack would be
to use your python to compile a known piece of code
that exercises all the opcodes, and compare the result
with that from a standard python.