10

I'm new to python, and I'm evaluating developing desktop programs with Python + PySide, and found that cx_freeze works very good in converting my python code into executables, and it's cross-platform.

My question is, can someone else decompile an EXE generated by cx_freeze back to fully readable code , as if my original source code?

Note: I'm not worried about someone cracking my program, but just don't want someone else can take my code and developed base on it.

Thanks.

Edwin Yip
  • 4,089
  • 4
  • 40
  • 86
  • 1
    @Edwin: "someone else can take my code and developed based on it". The answer is yes. They put your program into an OS pipeline, feed it data and process the output. Or they fork your program as a subprocess, "wrapping" it in their program. You cannot prevent people from using your software in new ways. Why ask? – S.Lott Mar 31 '11 at 10:10
  • Why is it precicely, if I may ask, that you don't want people to be able to maintain or develop on it? – theheadofabroom Mar 31 '11 at 12:44
  • I think my original post is obvious about why asking this. For example, I know this is not possible technically and legally, but Microsoft obviously don't want other companies to decompile their Windows system and then develop a new OS called 'Windows Ex' and sell this new OS to make money. – Edwin Yip Mar 31 '11 at 15:05
  • 1
    @Edwin: "I think my original post is obvious about why asking this". That may be true for you. We're asking because it's not true for us. We don't find anything about this obvious. Please actually explain by **updating** your question with specific scenarios that are allowed and disallowed. If it was obvious, we wouldn't ask. Since it's not obvious, we're asking. – S.Lott Mar 31 '11 at 17:37
  • 1
    @S.Lott, I'm worrying about others to take my source code illegally by decompiling my EXE. With a natively compiled EXE it's not possible to decompile it back to it's original shape, and I'm wondering if this is true with a cx_freeze frozen EXE. So my question. Not sure if I can explain further. Sorry. – Edwin Yip Apr 02 '11 at 16:36
  • @Edwin: Since someone can extract your secret algorithm (but not the exact source) you still loose your intellectual property. Unless, of course, the precious intellectual property is the source text, not the algorithm. You're saying that the source text -- not the algorithm -- is what you're trying to protect? – S.Lott Apr 04 '11 at 10:54
  • 1
    @EdwinYip I know this question is quite old, but [here is a new answer](https://stackoverflow.com/questions/5497399/can-exe-generated-by-cx-freeze-be-completely-decompiled-back-to-readable-python/62415977#62415977) that shows how to recover source code from a cx_frozen project ; it seems that the accepted answer is wrong! – Basj Jun 16 '20 at 19:15

2 Answers2

11

It seems that the current accepted answer is no longer true.

Here is how to recover the original source code from a project frozen with cx_freeze.

Note: it is done here on a "Hello world" project, but, using the same method, I've been able to decompile a 1000+ lines-of-code source code from a project of mine frozen with cx_freeze, and recover nearly the original source code!

1) Use cx_freeze

Create a test.py file containing

import time
print('hello')
time.sleep(2)
print('world')

Then create the executable with

cxfreeze test.py --target-name=test.exe

Then usually you'll distribute this to the final users:

enter image description here

Now let's try to reverse engineer this!

2) Get the .pyc bytecode

Open dist/lib/library.zip and extract the file test__main__.pyc.

3) Use decompyle6 to get the source code

import uncompyle6
with open('test_main_reverse_eng.py', 'w') as f:
    uncompyle6.decompile_file('test__main__.pyc', f)

4) Surprise!

Here is the original source code!

# uncompyle6 version 3.7.1
# Python bytecode 3.7 (3394)
# Decompiled from: Python 3.7.6 (tags/v3.7.6:43364a7ae0, Dec 19 2019, 00:42:30) [MSC v.1916 64 bit (AMD64)]
# Embedded file name: test.py
# Compiled at: 2020-06-16 21:02:17
# Size of source mod 2**32: 58 bytes
import time
print('hello')
time.sleep(2)
print('world')
Basj
  • 41,386
  • 99
  • 383
  • 673
6

In general - no. CX Freeze and py2exe store the PYC version of your code, the bytecode compiled from the PY files. Currently, if I am not mistaken, there are no working viable PYC decompilers. Some give you a more-or-less readable byte code with annotations, but none will give you the actual Python source code. So in that regard - no, it cannot be decompiled. You can also consider going the full native way and use Shed Skin

reflog
  • 7,587
  • 1
  • 42
  • 47
  • "So in that regard - no, it cannot be decompiled". Um... But you said it could be decompiled to "readable byte code". So, that would be decompiling, right? – S.Lott Mar 31 '11 at 09:54
  • 2
    Nope. Byte code is not source code. It's like assembly language. A very low-level language that is very hard to analyze. – reflog Mar 31 '11 at 10:08
  • @Reflog: It's decompiled, right? The "source" is not "protected", but visible. Someone with patience and malice could reverse engineer the trade secrets, right? – S.Lott Mar 31 '11 at 10:09
  • 2
    It's not decompiled. It's dis-assembled. Those are two different terms. And if you put it like that - any language, anything that goes down to ones and zeros can be reverse engineered and analyzed. – reflog Mar 31 '11 at 10:26
  • Thanks for the info Reflog. Actually, I don't worry about others to look at any secret implementation details of the program, I just don't want other people to get the ENTIRE readable source with decompilation easily. – Edwin Yip Mar 31 '11 at 15:08
  • @Reflog: "any language, anything that goes down to ones and zeros can be reverse engineered and analyzed". This is my point. I'm not sure that the overall question makes much sense. And I feel that the answer "no, it cannot be decompiled" may be too strong for such a badly-written question. – S.Lott Mar 31 '11 at 17:44
  • The [Meta](https://pypi.python.org/pypi/meta) package can also decompile Python byte code. – Thomas K Apr 17 '14 at 01:11
  • I wouldn't say "can". So far I was unable to make it decompile anything beyond a "hello world". Any meaningful piece of code causes it to crash... – reflog Apr 20 '14 at 09:54
  • 1
    @Basj - yep, thankfully we now have proper decompilers! Only took 9 years since I posted my answer :) – reflog Jun 24 '20 at 06:53
  • @reflog Oh yes that's right, I now notice it's been a few years since you answered :) – Basj Jun 24 '20 at 16:39