F.A.Q - Python Script Obfuscation (Obfuscate, Protect Python Script Source Code)
All atshai.com protected scripts are designed to send out notifications by default in the event of a hack attempt. Notifications will NOT be sent out IF the user runs the obfuscated python script as "expected" and "does not" try to figure out how it works!
Why are notifications sent out to begin with?
Think of it as an alarm system. The reason you're on this particular website is because you want to keep your source code hidden and secure.
In some cases, you may wish to know precisely where your python code is and how it is being used. For such scenarios, the automatic notifications are very useful. But don't worry. This is a configurable option. You can enable/disable auto-notify during obfuscation of each python script/project.
To obfuscate python scripts, you have two options.
- Online Submissions
- This is an ideal option if you wish to simply upload your python scripts to the enscrypt.io web interface. With this option, you can submit up to the number of unique scripts allowed under the plan you purchased.
- OnPrem Licenses
- This option allows for the usage of the python script Obfuscator on your own private hosts. No need to upload any script to our web portal.
- This is a great option for users who do NOT wish to externally upload scripts they believe to be extremely sensitive. It is also the ideal choice for businesses with a large, increasing number of python scripts to obfuscate.
- You will be permitted to use the AtShai Python Obfuscator for as long as the license period is valid. And yes, there is currently NO limit to the number of scripts you can obfuscate using the OnPrem license.
For licenses, upon payment verification, the latest version of the python obfuscator will be automatically generated and the download link for it will be sent to you. You'll receive it within 30 to 60 seconds of payment completion. If you do not receive it within 5 minutes, shoot us an email at Support@EnScryption.com.
Unless requested otherwise, the download link will be sent to the email address of the account that payment was made with.
For online submission accesses, after payment is confirmed, an email will be sent to you with the login details needed to access the web interface for uploading scripts.
It is generally believed that 'obfuscation' is not possible. And there are myriad of reasons for why those who believe this, think this way. One of such reasons is that, they believe no matter how heavily obfuscated a code is, someone smart enough or someone with enough time on their hands can always crack the obfuscation.
While this has a modicum of truth to it, the reality is, no matter how smart the "hacker" is, no matter how much time they have on their hands, there is only a finite number of tactics they can employ to try to hack an obfuscated script, especially one like ours, equipped with dynamic intelligence.
So long as it remains true that there is only a limited number of ways to hack a script, our obfuscation will always prevail. We can always develop counter measures to counteract whatever loopholes a persistent hacker is able to discover. That is what we do. That is precisely what we specialize in and we have spent years perfecting the many different methodologies used in our obfuscation process.
Experience has taught us that source code security is an absolute must. It is important you, as a company or developer remain informed on where your code is being used and how it is being used. Not only will this provide you with insights on how to make your software more useful to your users, it'll also reveal the identity of any nefarious entity seeking to gain unauthorized access to your intellectual property and the frequency of such misbehaviors.
In the context of protecting source code, a python obfuscator is a tool designed to convert plain text python code into an unreadable text which still qualifies as a runnable, functioning python script.
In other words, a python obfuscator is generally used to accomplish one or more of the following goals:
- Prevent modifications to commercial python scripts - Ensure no one, regardless of privilege, is allowed to make changes to an obfuscated code
- Retain the ability to sell or share python scripts without the crippling fear of your intellectual property falling into the wrong hands
- Gathering usage metrics on sensitive python code once it is shared with the external/outside world
- Regulate how long commercial python scripts can be used - Define and enforce date locks or expiration dates
- Moderate the list of users who are authorized to run protected python scripts
- Regulate where (on which systems) specific obfuscated python scripts can be utilized
- Safeguard highly confidential credentials stored within python scripts
There are two reasons an obfuscated python script would fail to work:
- It has either expired or had its name changed to a name different from the name given to it during obfuscation.
- Once a python script is obfuscated, you cannot rename the obfuscated version. If you do, it will not function.
- Once a obfuscated python script expires, to regain the functionaility it provides, you must re-obfuscate it and be mindful of the expiration date.
- An attempt was made to tamper with it in order to figure out how it works.
- We are quite aware that our obfuscation methodology is unique and there is absolutely nothing like it anywhere else on the internet. For this reason, there will be many hackers who will try to break it apart in an effort to replicate it or for some other nefarious reason.
- To successfully combat this, a series of sensitivity checks are included in all AtShai.com protected scripts. What that means is, whenever our obfuscation mechanism detects that a user is performing hack attacks on an obfuscated script, we will automatically cause the script to self destruct.
If your script self-destructs, the only way to get it working again is to re-unzip the zip package and re-install it.
Contact us at [ Support@EnScryption.com ] if you need additional help. In your email, make sure to provide a copy and paste of all the steps (and their results) that you performed.
There is no "install". Yes, it is safe to use an AtShai.com protected python script on your system. Note, an obfuscated python script, is still a python script. When fed to a python interpreter, it will rrun just fine, as you can see in the many videos we have available.
Yes you can. If you're submitting your python scripts through the web interface, you'll be allowed to upload as many unique scripts as is allowed under the plan you purchased.
If you're a OnPrem license holder, you can simply point the python obfuscator to the directory which contains the python scripts you wish to obfuscate and the obfuscator will take over.
Yes. After obfuscation, you can expect your python script to behave exactly as it was before it was obfuscated. Only difference will be, after obfuscation, no one will be able to view the actual code.
No. Once obfuscated, it cannot be decrypted. We highly recommend creating backups of your original un-encrypted script.
Currently, our obfuscation algorithm can be used to protect shell, perl, python, ruby, R, javascript, php and python scripts. Those were the most commonly requested languages for obfuscation.
If the script you wish to obfuscate is written in a different unlisted language, no worries. Feel free to contact us at [ Support@EnScryption.com ] and provide the following information:
- The name of the interpreted language your script is written in
- A sample code written in this interpreted language
- How you normally go about running the script
- The OS(es) you intend to run the obfuscated scripts on
- Date Management - Assign expiration dates to your .py python scripts
- License Management - Regulate the redistribution of all scripts
- User Management - Restrict usage of your python scripts to specific Users
- Host Management - Restrict usage of your scripts to specific Hosts and Servers
- Duplication Prevention - Prevent multiple copies of your scripts, Safeguard the name given at the time of obfuscation.
- Instance Management - Restrict simultaneous or multiple running instances of your scripts
- Tamper Resistance - Auto self-destructs whenever a user tries to figure out how it works
- We monitor for this and we block them at every turn.
- Access Management - Remotely disable script usage if user is found to be in violation of licensing terms.
- Some users have nefarious intentions when they purchase online software. Upon purchasing a software, these users typically request a refund immediately after. And after the refund is given, they continue to use the software.
- AtShai.com puts an end to this. Our customers have the option to make their script require internet connectivity.
- If a customer opts to make her script require internet connection, then users of the script will NOT be able to run it if they're not connected to the internet.
- Report Generator - A dashboard that details the frequency of attacks on your obfuscated code
- Visualize historical data on habitual offenders.
-
a) Ensures an obfuscated script does not function if it detects that a necessary tool on the system has been altered
-
Example:
-
Some users may build a modified version of a binary and then try to use that version to investigate our obfuscation/obfuscation algorithm.
-
- The tamper resistance feature will detect this and will stop the script from working!
-
b) Ensures that a protected script never works if the user is doing anything other than running it.
-
- There are many interesting ways users can attempt to break a protected script.
-
c) Ensures it is impossible for any user to modify a protected script
-
- This provides script owners control of their commercial scripts in case a user misbehaves.
-
a). Know when attempts are made to hack your obfuscated python scripts
Yes. We offer a 60-Day Money Back Guarantee. Refunds will be granted only under 1 condition:
- If you are actually able to successfully unlock any of our obfuscated scripts in under 60 days.
- Under this scenario, to qualify for the refund, we'll need to see proof.
Yes.
Both the OnPrem and Online versions of the python obfuscator gives you the choice to determine when or if each python script you obfuscate should expire.
If a python script is obfuscated without an expiration date assigned to it, that essentially means the script will never expire. Your users will be able to continue using it for as long as they wish to.
Yes, it is.
We provide several automation options. Some are built into the obfuscation tool. Others can be custom developed, at no additional cost, for licensed on-prem users.
If you intend to make a purchase, simply shoot us an email with one or two sample scripts. We'll obfuscate them for you with a 24 hour expiration date added to it.
Yes.
Along with other security measures, we allow users to specify how long an obfuscated python script is to be valid for. After the specified date has elapsed, the obfuscated script will no longer function.
If you do not wish for your obfuscated python script to expire, simply specify 7000d for the expiration date (if you're an online customer). 7000d equals approximately 19+ years. For OnPrem users, you can just set the expiration option in the .cfg file to 'Off'.
Expiration dates can vary in configuration. Sometimes, you may wish to disable your script after a specific date. Other times, you may wish to configure your script to only running during a particular time period...i.e. Janyary 15, 2022 (01-15-2022_11:00) to January 17, 2022 (01-17-2022_16:00). This is also known as Date Locking and what that essentially means is locking the usage of your script to a particular time period.
With the OnPrem license, you can obfuscate an unlimited number of python scripts. With Online Submissions, you can upload up to the number of scripts specified for your chosen plan.
Yes, you could, if you want to. For your convenience, we actually include automated scripts for you to run to convert your encrypted scripts into either a binary or an executable.
However, before deciding to add pyinstaller to the equation, it's important to revisit your reasons for code protection.
For instance, if your main objective is to ensure that your python code cannot be tampered with, and that it is well protected and can't be easily hacked into, then, you don't need PyInstaller. The protection provided by the AtShai obfuscator is more than sufficient to satisfy that objective.
However, if your ultimate goal is to obfuscate your python code, but also package all the modules used by the code into one binary or executable so that your users wont have to worry about getting, downloading, installing and configuring dependencies, then, yes, you could use PyInstaller for that.
Be aware though that, introducing pyinstaller into the mix means the execution time of the final script could be much higher than the unprotected version of it.
Yes. We have readymade obfuscators capable of obfuscating not just Python (.py) scripts, but also Perl, Ruby, Python, CLI & Web PHP scripts, Shell/Bash scripts, Rcode scripts and JavaScript files.
During submission of your scripts, you may specify how long the obfuscated version should be valid for. Examples: 1d (1day), 2w (2weeks), 4mo(4months), 7000d (for 19+ years).
Note, all scripts submitted using the free service will expire and self-destruct within 24 hours.
Get Online Access to our specialized Python Script Obfuscator.
- This option will allow you to upload python scripts of all types to our web interface for immediate obfuscation
Purchase and download your own personalized (and obfuscated) version of the Python Obfuscator
- This option will enable you to avoid having to submit extremely sensitive scripts to our website
-
It allows you to obfuscate as many scripts as you need, right from your own private host.
No. No extra modules are needed. No new packages for you to download. Your obfuscated python script will work on the same systems that the plain-text version has been confirmed to work on.
Yes. Obfuscated python scripts produced by AtShai.com can be expected to work wherever Python is available. In the very unlikely event you encounter an issue running an obfuscated python script, just contact us.
Whenever an AtShai.com protected script is run on a system, it does a variety of checks simultaneously. These checks confirm the validity of the environment in which the obfuscated script is about to be executed. If the our algorithm senses an important component has been tampered with or simply isn't in the expected state, it will refuse to run the obfuscated script and will instead abort immediately.
This too is configurable. During obfuscation, this particular protection setting can be disabled.
Code Obfuscation
A FREE online portal for uploading and obfuscating Python scripts is now available!
- Click here to go directly to the Upload portal.
Online Solution (Basic)
Developers / Engineers
- Online access to the AtShai Python Obfuscator
- Upload the list of .py scripts you wish to obfuscate
- Resubmit the same scripts as many times as needed
On-Prem Licenses
- Licensed copy of the AtShai Python Obfuscator.
- Designed for use on private hosts / servers.
- Command-line friendly - Just feed it a script/dir
- Easy integration with CI/CD pipelines
- Designed specifically for clients who do not wish to externally upload extremely sensitive scripts
Custom Solutions
We provide custom options for clients with specific requirements. If either of the following applies to you, let us know.
- Your preferred programming language is not listed
- You require custom modifications to the Obfuscator (modifications unique to your company)