Categories: Protection

Python is back!

But how do you protect and license Python applications?

The TIOBE Index charts the world’s most popular programming languages, and it currently puts Python in third place, hot on the heels of the perennial champions C and Java. Python is riding this crest of popularity because of its simple-to-use APIs and the sheer range and quality of its cutting-edge libraries in the field of artificial intelligence and machine learning.

There is no light without shadow though, and the added comfort for developers is paid for with worries about the security of their intellectual property. Some Python applications keep the code in plain text form, visible to all until it reaches the interpreter; others include precompiled code, which is particularly easy to decompile. Invaluable digital assets, like an AI learning algorithm, are easy prey for would-be attackers.

Modules or packages like “cx_Freeze” that are used to create executable binaries are no real obstacle for any hacker worth his or her salt. Their contents are easily extracted and the source code captured with tools that are freely available in the community. Obfuscation hardly offers any effective protection beyond that.

This is why Wibu-Systems has committed itself to a strategy of encrypting the sensitive parts of a program with CodeMeter Protection Suite, using the established interfaces of Python and the energy of a vibrant and very active community.

Integration made easy

Python has a lot to offer beyond the capabilities of a modern high-level script language, with great potential in machine-oriented applications. C extensions can be used to move selected functions into binaries in the more performance-driven C: the best of both worlds, with the more comfortable syntax of Python and the performance of a C application.

Wibu-Systems’ technology is a perfect fit for this type of outsourced functions: CodeMeter Protection Suite was developed with library files like .dll and .so in mind and can be used without any restriction for either type.

Unprotected Python application

This not only means that the Python code is properly encrypted, but also that any CodeMeter protection mechanisms like its integrity protection, anti-debugging, or anti-reverse-engineering capabilities can work their magic in Python applications. C extensions can be auto-created from the Python code by using the third-party Cython module, which translates the code into Cython and generates interim compiled files to keep the process transparent and in full control of the developer. The package comes with a simple analytical tool included to recognize and recommend performance improvements in the code. The end result, .pyd files, are similar to the well-known .dll files for Windows or .so files for Unix systems.

Protected Python application

Licensing as the next step

Since the application comes in encrypted form, it is already perfect for licensing. More and more users are turning away from monolithic package deals in favor of models that allow them to pay only for the modules they need, either for a certain time period or for a certain number of uses. This gives users access to the software even if their pockets are not quite as deep, and it is a great deal for both sides – users and software developers.

CodeMeter Protection Suite comes pre-packaged with all of the settings and configurations needed for this, putting modern and flexible licensing models at the disposal of all developers.

Integration with CodeMeter API

In addition to encrypting the application’s code, the CodeMeter API can be integrated, easily and comfortably, right into the Python code.

CodeMeter API is a licensing and cryptography interface used for the following operations:

  • Checking licenses
  • Reading license properties
  • Logging into other systems
  • Encrypting communication
  • Symmetrical and asymmetric cryptography
  • Hash functions and challenge-response actions
  • Encrypting own data in the Python code
  • Encrypting configuration or other data files

The “CmAccess2” function offers direct access to licenses from within the Python code to support several licensing models, as illustrated for the “check” method in Picture 3.

The “CmAccess2” function

"CmCrypt2” can be used to encrypt data, applied in Picture 4 to a 16-byte buffer.

The “CmCrypt2” function

There are signs of a surge in interest in ways to protect Python applications, and Wibu-Systems answers the market’s call with its constant improvements and additions to CodeMeter Protection Suite and continuous exploration of new use cases.

Our curiosity keeps us exploring, and Python offers us a lot to discover.

KEYnote 40 – Edition Fall 2020

To top