2.1. Highest security and performance

2.1.1. What’s the most security pyarmor could do?

The following options could improve security

  • --enable-rft almost doesn’t impact performance
  • --enable-bcc even a little faster than plain script, but consume more memory to load binary code
  • --enable-jit prevents from static decompilation
  • --enable-themida prevents from most of debuggers, only available in Windows, and reduce performance remarkable
  • --mix-str protects string constant in the script
  • pyarmor cfg mix_argnames=1 may broken annotations
  • --obf-code 2 could make more difficult to reverse byte code

The following options hide module attributes

The following options prevent functions or modules from replaced by hack code

2.1.2. What’s the best performance pyarmor could do?

Using default options and the following settings

By these options, the security is almost same as .pyc

In order to improve security, and doesn’t reduce performance, also enable RFT mode

If there are sensitive string, enable mix-str with filter

  • pyarmor cfg mix.str:includes "/regular expression/"
  • --mix-str

Without filter, all of string constants in the scripts are encrypted, it may reduce performance. Using filter only encrypt the sensitive string may balance security and performance.

2.1.4. Reforming scripts to improve security

Move main script module level code to other module

Pyarmor will clear the module level code after the module is imported, the injected code could not get any module level code because it’s gone.

But the main script module level code is never cleared, so moving un-necessary code here to other module could improve security.