Page 1 of 1

Readproof Code

Posted: Tue Aug 13, 2019 5:06 pm
by Nikunj_Vadher
I am using micropython to develop a product.
Is there any way to make device read proof ?
Means user can't read code which I have uploaded in esp8266.

Re: Readproof Code

Posted: Tue Aug 13, 2019 7:14 pm
by Roberthh
As a simple measure you can use frozen bytecode, which embeds compiled code into flash. Then there is no python code in the file system except maybe main.py or boot.py. But even the code there can be compiled into flash, or put into _boot.py, which anyhow resides in the flash memory. Still, people could read out the flash and decompile it, but that is some work to do. Except for strings, which can be easily extracted.

Re: Readproof Code

Posted: Wed Aug 14, 2019 5:27 am
by pythoncoder
There are also obfuscators such as pyminifier. You could presumably freeze obfuscated code to combine both approaches. I perhaps should point out that haven't used the obfuscation feature of pyminifier with MicroPython.

Re: Readproof Code

Posted: Thu Sep 05, 2019 3:55 pm
by fj604
Compiled bytecode is still stored on an external flash chip, so there is no way to protect it from copying. If ESP8266 can read the contents of this flash chip then so can any other device.

Re: Readproof Code

Posted: Tue Sep 24, 2019 11:23 pm
by manseekingknowledge
Roberthh wrote:
Tue Aug 13, 2019 7:14 pm
As a simple measure you can use frozen bytecode, which embeds compiled code into flash. Then there is no python code in the file system except maybe main.py or boot.py. But even the code there can be compiled into flash, or put into _boot.py, which anyhow resides in the flash memory. Still, people could read out the flash and decompile it, but that is some work to do. Except for strings, which can be easily extracted.
Is there some known way to decompile MicroPython code, or are you just saying that it is theoretically possible?

Re: Readproof Code

Posted: Wed Sep 25, 2019 8:00 am
by pythoncoder
You can read the bytecode (whose functionality is public domain) but there is no decompiler.

My personal view is that obfuscating code is verging on pointless. Give a decent programmer a requirement spec and they will produce something functionally equivalent. It's called clean room programming. The entire IBM PC BIOS was copied that way by various companies. All you're doing by closing source is imposing cost and time constraints on those who would copy your work.