How to protect image files and ini files?

1

I'm developing software in Python and I'm using .ini files and images. Does anyone know a way to protect these files from editing users?

I do not want the user to be exchanging the images of the program and etc or changing the file .ini improperly.

It can be an installer, a database.

    
asked by anonymous 29.12.2015 / 22:00

1 answer

1

There are several ways to protect files, but with some effort you can always change them.

I'll list some ways to protect (use them together for more efficiency):

1) Hash Check: Use hashlib (it's a very easy to use default python library) to get the hash (can be md5) of the files you want to protect. If the hash is different from the original image / file (leaves the original hash in strings inside your python code), you display a message stating that the program has been "corrupted" and requires reinstallation. In case of ini, as the hash varies, you will have to store it in some other file.

2) Create an installer / executable: py2exe, pyinstaller, cx_freeze ... There are several options ready, but I suggest you do a small installer program using compiled languages (compiled languages are harder to crack, and like the program will serve only to start the other, it will be small). By doing your own execution program you can configure it to check the files (hashed, as I mentioned in point 1) before starting the program.

3) Use the PIL and StringIO to leave the image inside the python code, in the form of string, example:

>>>from StringIO import StringIO
>>>from PIL import Image

>>>image_file = StringIO(open("test.jpg",'rb').read())
>>>im = Image.open(image_file)
>>>print im.size, im.mode

In your case, instead of "open (" test.jpg "," rb "). read ()" would be the hard-coded string of the image. Source of this example: link

4) Database: I suggest SQLAlchemy, it is very easy to use and has all the tools of a good bank manager. Users will still be able to edit it, but they will need more knowledge.

5) Encrypt the files: It works in a similar way to the hash, however you save the encrypted files to disk and decrypt at the time of use, so the user will not know if what each file is.

All these media assume that the user does not have advanced knowledge or will not have access to the python code, to protect themselves from slightly more advanced users:

1) Use code obfuscators: pyminifier, OPY ...

2) Create shared libraries (".dll" or ".so") in C / C ++ and place the file check to be made by them. Also, leave some vital snippets of your code within those libraries. This requires you to know how to create shared libraries in C / C ++, it is not difficult to learn, but it takes a while. You can also create executables with the same function of the libraries that I quoted, if you prefer.

These measures require the user to have the most advanced knowledge, but still, he will be able to break if he has all the knowledge.

    
30.12.2015 / 03:01