Release python code in close source

Hi,

I wrote 10 python code files. I would like to make 8 of them be close source and then release those the project to user.

I have tried to use pyinstaller to make the code be close source. Pyinstaller is really difficult to be used.

is there any good method to make my python code be close source?

Thanks

Hi Ardeal,

“Closed source” is a licensing term, not a human readability term :slight_smile: . Technically, if I declare this code block:

print('Hello, lawsuits!')

to be released under a proprietary license, you would not be allowed to use that code without the risk of being sued for copyright infringement¹. If you want your code to be closed source, you just need to license it that way.

If you just don’t want people to be able to read your Python code, that’s an entirely different matter and not something that I support, so I’ll leave it to others to answer. But it’s not whether someone can read the code that makes it open source or not, it’s whether they’re allowed to use, modify, or redistribute the code (with or without changes), so making it unreadable just makes things harder for everybody involved and can be circumvented in various ways anyway.


¹I am not a lawyer and don’t even pretend to actually understand any of this from a legal perspective, this is all just my basic layman’s understanding. If you want anything remotely resembling legal advice, talk to a real lawyer :slight_smile:

2 Likes

Hi Zachary,
Thank you for your reply.
close source is not license thing nor lagal thing.
I would like to relase some files in source code but some other files in binary or unreadable format.

Why do you want to release them in a binary format?

The only way to make files unreadable is to not release them.

You can try this:

  • write your file program.py

  • run python3 -m compileall -b program.py

  • ship program.pyc

But don’t expect that many Python users will be interested, they will
probably be very suspicious of any Python code without source code. And
also don’t expect that this will keep your code secret. There are plenty
of tools that can read .pyc files and disassemble them into human
readable byte-code.

Another alternative is to put your code in a zip file, that will protect
it from prying eyes and casual users.

https://docs.python.org/3/library/zipapp.html

Thank you Steven!

pyc is a good method. however, it could be easily disassemble into readable code.
is there any other better, more reliable method?

If that’s your concern, then probably the only solution which will
satisfy your requirements is homomorphic encryption:

https://en.wikipedia.org/wiki/Homomorphic_encryption

Implementation is left as an exercise for the reader, however. Don’t
expect it to be trivial, nor perform at all well.

More generally though, “how to prevent someone I’ve given software
to from looking at it/disassembling it” isn’t a Python-specific
concern. The problem is going to be the same across pretty much all
programming languages. And as others have pointed out, this has
absolutely nothing to do with whether software is “open source” or
not, that’s a copyright licensing concept.

What you want to do is basically not possible. For a computer to run
a piece of software it needs to be able to operate on the
instructions in it. If someone controls the computer on which that
software runs, they know what instructions the software is asking
that computer to perform. The most you can hope to do is design the
software to operate on encrypted inputs and outputs so that the
system running it cannot extract a usable copy of the data it’s
being asked to operate on (which is why I mentioned homomorphic
encryption in my prior reply).

what I want is not 100% secret.
what I want is to make part of python code similar with dll/so of C/CPP.

Then the pyc (compiled Python) files mentioned earlier are what
you’re talking about. You can disassemble dll/so files too, after
all. Just be aware they’re going to be specific to the environment
where they’re compiled to a great extent, so users may not be able
to run them with different interpreter versions, different library
versions, different processor architectures, and so on. Normally
those files are just-in-time (re)compiled based on what the
interpreter finds in the local system, so they’re not particularly
portable.

Still, I would recommend thinking long and hard about what your
reasons are, and what your risk model is. This just seems like a lot
of unnecessary pain to put yourself and your users through for no
appreciable gain.

1 Like

Got it. Thank you, @fungi !

Earlier, I asked why you want to do this. You didn’t answer.

The best solution for your problem will depend on what the problem you
are trying to solve actually is. Why don’t you want to release the
source code?

The answer to that question may suggest a good solution.

  • compiled pyc bytecode files
  • zipapp
  • frozen application
  • encryption
  • licencing restrictions
  • all of the above
  • something else

If your goal is really to make it similar to C or C++, then there are tools that actually work with those languages behind the scenes:

However, like @zware and @fungi, I’d not recommend using those just to obscure your code. They entail pain to compile for every platform and figure out how to distribute the executables.

Many Thanks, Steven and Jean!
Let me explain what I want to do clearly:
I create many python files. some Python files include very import technique, so I want to make those import technique files be close source. however, I would like to make other not important technique file open source.

I have tried Cython to convert my python file to pyd file or so file on Linux. Cython is very good. but I would like to know whether there are some other good solutions beside Cython.

[…]

I create many python files. some Python files include very import
technique, so I want to make those import technique files be close
source. however, I would like to make other not important
technique file open source.
[…]

I hate to continue picking apart your use case, but bear in mind
that obfuscating your code by redistributing only byte-compiled
files may be protecting it from accidentally being seen by people
who don’t really care what’s in there anyway, while still doing very
little to actually prevent anyone who wants to know what it’s doing
from running it under a debugger, decompiling or disassembling it,
et cetera.

There is a very good reason why companies with lots of money at
their disposal still mostly rely on intellectual property law to
secure proprietary applications they distribute rather than doing
what you’re trying. They declare their copyright with no license
granted to modify or redistribute (this is how copyright works by
default), and may also require recipients to agree to further
conditions beyond what copyright law protects (via an EULA and/or
NDA, though these frequently aren’t upheld by courts). Some may also
patent particular techniques or uses in jurisdictions where that’s
possible.

But ultimately, your choice is between distributing your software to
others or keeping how your software works a closely-guarded
secret. There’s really no middle ground. You’re essentially talking
about giving someone a machine draped with a sheer piece of cloth,
and expecting them not to peek at what’s under the cover.

2 Likes

Hi Ardeal,

for pure Python code the term “obfuscating” might help you.

An “obfuscator” is a script, which exchanges human readable variable names and so on with human unreadable ones, if you e.g. use a ‘loop’ variable, this can be obfuscated by using cryptic concatenations of e.g. ‘I’, ‘l’, "1’, 'O and '0’s to e.g. ‘IOll10I1’ - which is quite hard to distinguish from similar concatenations for humans (and furthermore, does not have any meaning alike ‘loop’)…

Just google “obfuscate Python” and you’ll get a lot of hits…

Cheers, Dominik

The simplest way to do that is port your important-techniques code to a compiled language. As others have said, it won’t stop a determined/knowledgeable person from discovering your secrets, but it’ll stop most people. Also, if you simply don’t talk about those secret techniques when you release your project—with part of it in a compiled language—very few people will even think about trying to uncover those secrets. It’s knowing that someone has secrets that makes most people curious.