Can a software compiled with Nuitka be decompiled easily?
See original GitHub issueHi everyone!
Offtopic: First of all, congrats to the Nuitka team… my favourite python tool is becoming better and better gradually and getting more and more traction and that’s just superb 😃
Bit of background first, one of the things I liked the most about Nuitka vs freezing tools from the very beginning since I’ve discovered Nuitka was the ability Nuitka had (theorically) to obfuscate python code nicely as pe/elf code… that was a great feature indeed (at least to me) as it offered an extra layer of source code protection you wouldn’t have when using all existing python freezers, it’s a well known fact there are available decompilers for all python freezers so I’ve never truly understood really the real value of this type of software actually 😕
Anyway, it seems when you compile source code as a module with Nuitka you’re basically offering the source code of such modules quite easily as inspect.getsourcelines
will work flawlessly.
Here’s my question, let’s say you then don’t compile your modules as .pyd to avoid this exploit so instead you decide to embed that code in the exe… if that was the case, how hard would be for somebody to use inspect.getsourcelines
and reveal your source code?
First of all, I’m truly aware the only way to protect your source code is by not giving away any form of executable but I’d like to know in this case what’s the level of difficulty for crackers to break software built with Nuitka.
Assuming crackers could inject some code in the exe itself to use inspect.getsourcelines
… would there be a good way to avoid inspect.getsourcelines working?
For instance, when you try to use inspect
on some Sublime builtin core modules you’ll get a nice crash, ie:
>>> inspect.getsourcelines(sublime_api.window_views)
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "./python3.3/inspect.py", line 715, in getsourcelines
File "./python3.3/inspect.py", line 551, in findsource
File "./python3.3/inspect.py", line 435, in getfile
TypeError: <built-in function window_views> is not a module, class, method, function, traceback, frame, or code object
Which it’s great, as SublimeHQ has been concerned about source code protection from the very beginning and they did a great job in that area 😃
Regards!
Issue Analytics
- State:
- Created 4 years ago
- Comments:11 (8 by maintainers)
Top GitHub Comments
@iPurya thanks for confirming my selling points 😃
reverse engineering nuitka is so hard with ghidra. its mixed with python codes. is there better way to reverse engineering nuitka compiled files ?