Skip to main content

Advanced encryption protecting your python codebase.

Project description

SOURCEdefender - advanced encryption protecting your Python codebase


python downloads downloads

SOURCEdefender can protect your plaintext Python source code with AES 256-bit Encryption. AES is a symmetric algorithm which uses the same key for both encryption and decryption (the security of an AES system increases exponentially with key length). There is no impact on the performance of your running application as the decryption process takes place during the import of your module so encrypted code won't run any slower once loaded from a .pye file compared to loading from a .py or .pyc file.

Features

  • Symmetric AES 256-bit encryption.
  • Set your own password & salt for encryption.
  • No Magic Number problems with different Python versions.
  • Enforced an expiration time on encrypted code.
  • Encrypted code will load on ANY supported environment.

Supported Environments

We support the following Operating System & Architecture combinations and hook directly into the import process so there are no cross platform or Python version compatibility issues. Encrypted code will run on the ANY target environment we support. Python code encrypted in Python 3.9 will run just fine in Python 3.6. Obviously your code needs to be written with the target platform in mind as we can't make sys.getwindowsversion() work on Linux and we can't backport newer Python functions.

Architecture Operating System Python 3.6 Python 3.7 Python 3.8 Python 3.9
x86_64 Windows Y Y Y Y
x86_64 Linux Y Y Y Y
x86_64 macOS Y Y Y Y
Arm64 macOS N N N Y
ARMv6 (32-bit) Linux Y Y Y Y
ARMv8 Linux Y Y Y Y
AArch64 Linux Y Y Y Y
If you do not see your required combination here, please contact us so we can help find you a solution.

Subscribe

To encrypt code you will need to create an account and setup your payment method. Once you have setup the account, you will be able to retrieve your activation token and use it to authorise your installation:

$ sourcedefender activate --token 470a7f2e76ac11eb94390242ac130002
  SOURCEdefender v7.1.16

  Registration:

   - Account Status  : Active
   - Email Address   : hello@sourcedefender.co.uk
   - Account ID      : bfa41ccd-9738-33c0-83e9-cfa649c05288
   - System ID       : 42343554645384
   - Valid Until     : Sun, May 9, 2021 10:59 PM

Without activating your SDK any encrypted code you create will only be usable for a maximum of 24hrs. Access to our dashboard is required (via HTTPS) from your system so we can validate your account status.

If you want to view your license status you can use the validate option:

$ sourcedefender validate
  SOURCEdefender v7.1.16

  Registration:

   - Account Status  : Active
   - Email Address   : hello@sourcedefender.co.uk
   - Account ID      : bfa41ccd-9738-33c0-83e9-cfa649c05288
   - System ID       : 42343554645384
   - Valid Until     : Sun, May 9, 2021 10:59 PM
$

If your license is valid, then this command will give the Exit Code (EC) of #0 (zero), otherwise an invalid licence will be indicated by the #EC of 1 (one). You should run this command after any automated build tasks to ensure you haven't created code with an unexpected 24hr limitation.

Price Plans

Due to the way PyPi requires you to upload a new release to change your documentation we have moved our price plan information over to the Dashboard site. If you do not see a price you like, then please email us so we can discuss your situation and requirements.

Our Sponsors

We are immensely grateful to the following organisation(s):

If you would like to help sponsor future development of this package then please send us an email.

Usage

We have worked hard to ensure that the encryption/decryption process is a simple as possible. Here are a few examples of how it works, and how to use the features provided. If you need advice on the process encrypt or import your code, please contact us for assistance.

How do I protect my Python source code?

First, let's have a look at an example of the encryption process:

$ cat /home/ubuntu/helloworld.py
print("Hello World!")
$

This is a very basic example, but we do not want anyone to get at our source code. We also don't want anyone to run this code after 1 hour so when we encrypt the file we can enforce an expire time of 1 hour from now with the --ttl option and we can delete the plaintext .py file after encryption by adding the --remove option.

The command would look like this:

$ sourcedefender encrypt --remove --ttl=1h /home/ubuntu/helloworld.py
SOURCEdefender v7.1.16

Processing:

/home/ubuntu/helloworld.py

$

The '--remove' option deletes the original .py file. Make sure you use this so you don't accidentially distribute the plain-text code. Now the file is encrypted, its contents are as follows:

$ cat /home/ubuntu/helloworld.pye
-----BEGIN SOURCEDEFENDER FILE-----
GhP6+FOEA;qsm6NrRnXHnlU5E!(pT(E<#t=
GhN0L!7UrbN"Am#(8iPPAG;nm-_4d!F9"*7
T1q4VZdj>uLBghNY)[;Ber^L=*a-I[MA.-4
------END SOURCEDEFENDER FILE------
$

Once a file has been encrypted, its new extension is .pye so our loader can identify encrypted files. All you need to remember is to inlcude sourcedefender as a Python dependency while packaging your project and import the sourcedefender module before you attempt to import and use your encrypted code.

Importing packages & modules

The usual import system can still be used and you can import encrypted code from within encrypted code so you don't need to do anything special with your import statements.

$ cd /home/ubuntu
$ ls
helloworld.pye
$ python3
>>>
>>> import sourcedefender
>>> import helloworld
Hello World!
>>> exit()
$

Using your own password or salt for encryption.

It's easy to use your own encryption password and salt. If you do not set these, we generate unique ones for each file you encrypt. Should you wish to set your own, these can be set from either an Environment variable, or as a command option:

$ sourcedefender encrypt --password 1234abcd --salt dcba4321 mycode.py
$ export SOURCEDEFENDER_PASSWORD="1234abcd"
$ export SOURCEDEFENDER_SALT="dcba4321"
$ sourcedefender encrypt mycode.py

And to import the code you can either set an environment vairaible (as with the encryption process). You can also set these in your code before the import:

$ python3
>>> import sourcedefender
>>> from os import environ
>>> environ["SOURCEDEFENDER_PASSWORD"] = "1234abcd"
>>> environ["SOURCEDEFENDER_SALT"] = "dcba4321"
>>> import mycode

The password ans salt set is specific to the next import, so if you want different ones for different files, then feel free to encrypt with different values and remember to set 'sourcedefender.password/salt=something' before your import.

Can I still run Python from the command-line?

Yes, you can still run scripts from the command-line, but there are some differences due to the way Python loads command line scripts. For example, you need to ask Python to load the sourcedefender package and then tell it what to import:

$ python3 -m sourcedefender /home/ubuntu/helloworld.pye
Hello World!
$

However, due to the way Python works - and the fact that we need to run the 'sourcedefender' module first - you won't be able to compare __name__ == "__main__" in the code to see if it is being imported or executed as a script. This means that the usual starting code block will not get executed.

Dynamic Downloads

We have just added a new feature where you can download .pye files at runtime. As an example, we have encrypted the following script and made it publically available:

$ cat hello.py
def message():
    print("hi!")
$

To download the file from the Internet you can use the following code example:

$ cat download.py
from sourcedefender.tools import getUrl
getUrl("https://downloads.sourcedefender.co.uk/hello.pye")
from hello import message
message()
$

We are only able to download a single Python module at a time. Python packages or zip files are not supported.

When executed this will do the following:

$ python3 download.py
hi!
$

We know this is a simple example and security can be increased by using your own salt/password.

Integrating encrypted code with PyInstaller

PyInstaller scans your code for import statements so it knows what packages to freeze. This scanning is not possible inside encrypted code so you need to tell PyInstaller to include your encrypted files. For this example, we have the following project structure:

pyexe.py
lib
└── helloworld.pye

In our pyexe script we have the following code:

$ cat pyexe.py
import sourcedefender
import helloworld

To ensure that PyInstaller includes our encrypted files, we need to tell it where they are with the --add-binary option. So, for the above project, we could use this command:

$ pyinstaller --onefile --add-binary lib:. pyexe.py

If you have imports that are not in your lib folder or you are using modules imported inside your encrypted codebase then the pyinstaller won't be able to detect these. To get round this, you can use the '--hidden-import' option to include them in your final build such as this:

$ pyinstaller --onefile --add-binary lib:. --hidden-import mylib pyexe.py

Integrating encrypted code with Django

You can encrypt your Django project just the same as you can any other Python code. Don't forget to include "import sourcedefender" to your settings(.py) file so that it gets loaded first and can intercept any import requests to find your encrypted code.

Legal

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. REVERSE ENGINEERING IS STRICTLY PROHIBITED.

Copyright © 2018-2021 SOURCEdefender. All rights reserved.

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for sourcedefender, version 7.1.16
Filename, size File type Python version Upload date Hashes
Filename, size sourcedefender-7.1.16.tar.gz (6.2 MB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page