Protect your python script, encrypt .pyc to .pye and decrypt when import it
- Build the execution
pyconcrete
and read theMAIN.pye
which encrypted by your passphrase. - pyconcrete will decrypt the source file and then launch python interpreter to do the normal python behavior.
- pyconcrete will hook import module
- when your script do
import MODULE
, pyconcrete import hook will try to findMODULE.pye
first and then decryptMODULE.pye
via_pyconcrete.pyd
and execute decrypted data (as .pyc content) - encrypt & decrypt secret key record in
_pyconcrete.pyd
(like DLL or SO) the secret key would be hide in binary code, can't see it directly in HEX view
- only support AES 128 bit now
- encrypt & decrypt by library OpenAES
Pyconcrete has transitioned to using meson-python as its build backend starting from version 1.0.0. This provides a more powerful build mechanism and supports newer Python versions.
For older Python support:
- Pyconcrete versions prior to 0.15.2 only support up to Python 3.10.
- If you need support for Python 3.6 or Python 2.7, please use versions before 0.15.2.
- Pyconcrete no longer supports Python versions earlier than 3.6.
For unix base
- apt: pkg-config, build-essential, python{version}-dev
- pip: 23.1+
For windows base
- Limited, only tested for partial environment
- Windows 11
- Visual Studio 2022 (w/ Windows 11 SDK)
- pip: 23.1+
Due to security considerations, you must provide a passphrase to create a secret key for encrypting Python scripts:
- The same passphrase will generate the same secret key.
- Pre-built packages are not provided, so users must build the package by yourself.
Build Process
- Pyconcrete relies on Meson to compile the C extension.
- Meson generate secret key header file which assign by user passphrase.
- Meson build exe(pyconcrete executable) or lib(pyconcrete python module, for import only).
- Meson build pyecli(command line tool).
- Need to config the passphrase for installation. And only pip 23.1+ support passing argument via
-C
or--config-settings
. - Remember to assign
--no-cache-dir
to avoid use pip's cached package which already built by old passphrase.
# basic usage
$ pip install pyconcrete \
--no-cache-dir \
--config-settings=setup-args="-Dpassphrase=<Your_Passphrase>"
# assign multiple options
$ pip install pyconcrete \
--no-cache-dir \
--config-settings=setup-args="-Dpassphrase=<Your_Passphrase>" \
--config-settings=setup-args="-Dmode=exe" \
--config-settings=setup-args="-Dinstall-cli=true"
- Available arguments. Setup by
--config-settings=setup-args="-D<argurment_name>=<value>"
passphrase
: (Mandatory) To generate secret key for encryption.ext
: Able to assign customized encrypted file extension. Which default is.pye
.mode
:exe
orlib
. Which default isexe
.install-cli
: Determine to installpyecli
or not. Which default istrue
- convert all of your
.py
to*.pye
$ pyecli compile --pye -s=<your py script>
$ pyecli compile --pye -s=<your py module dir>
$ pyecli compile --pye -s=<your py module dir> -e=<your file extension>
- remove
*.py
*.pyc
or copy*.pye
to other folder - main.py encrypted as main.pye, it can't be executed by normal
python
. You must usepyconcrete
to process the main.pye script.pyconcrete
(exe) will be installed in your system path (ex: /usr/local/bin)- project layout as below
pyconcrete main.pye src/*.pye # your libs
- This mode is not safe enough. If you want to use pyconcrete in this way, you need to understand the potential risk.
- Need to assign
mode=lib
when installation - Import pyconcrete in your main script
- project layout as below
main.py # import pyconcrete and your lib pyconcrete/* # put pyconcrete lib in project root, keep it as original files src/*.pye # your libs
- test in local
$ pytest tests
- test in docker environment
$ make test
- test in docker environment for specific python version
$ make test 3.10
Example environment: Windows 11, Visual Studio 2022
- Error:
..\meson.build:1:0: ERROR: Unknown compiler(s): [['icl'], ['cl'], ['cc'], ['gcc'], ['clang'], ['clang-cl'], ['pgcc']]
- Need to install Visual Studio
- Choose "Desktop development with C++"
- Must include "Windows 11 SDK"
- Need to install Visual Studio
- Error:
..\meson.build:23:31: ERROR: Python dependency not found
- Make sure your python arch same with your platform (such as Arm64 or Amd64 or x86)
https://mesonbuild.com/SimpleStart.html
pyconcrete is an experimental project, there is always a way to decrypt .pye files, but pyconcrete just make it harder.