Come for the quick hacks, stay for the epiphanies. | |
PerlMonks |
Re: Best Perl Obfuscator Tool?by furry_marmot (Pilgrim) |
on Apr 03, 2010 at 16:28 UTC ( [id://832627]=note: print w/replies, xml ) | Need Help?? |
What's not being said specifically, and which I am guessing that you don't understand, is that once the program is running on your computer, no matter what obfuscation/encryption/compression/etc you have applied to it, it will necessarily have been undone in order for the computer to read and execute the instructions. At that point, you can use a hardware-assisted debugger to capture all the code. It may be in assembly, and a huge pain to reverse-engineer, but it can be done. At some point there will have to be a coherent representation of your program that can run, and it is this runnable copy that can be examined. In addition, whatever obfuscation/encryption/compression/etc you have applied to your code, you got it from somewhere else, and therefore someone else can figure out how to undo it and get the original code out of the executable, or at least a bytecode image, and you're still undone. This is what people were trying to explain in your first thread: that even if you convert the Perl to C, you can reverse-engineer the C. If you compress it, someone can uncompress it. If you obfuscate it, someone can unobfuscate it. Consider encryption, such as used by the military or intelligence communities. It's not enough to have a good code because they all know that eventually you can break any code. The real key to secure communication is not only to use a good code, but to try your hardest to prevent anyone from seeing or even being aware of the communication. In the end, as other, smarter people than me have pointed out, if you don't want someone to get hold of your code -- don't ship it to them!!! In all fairness, I'm sure you or your company have a legitimate business problem you're trying to solve. Obfuscate the specifics, if you must, but try laying out exactly what part can and what part can't fall into the wrong hands. Is it the entire program? It is an algorithm? The only thing you can do to a program to make it unreadable is delete it (yeah yeah, secure wipe it). If you can run it, you can read it, and therefore the code can be gotten at. But what are the skills of the wrong-handed people in question? I guarantee some of the folks on here can break your code, but can your clients/customers? If you were to obfuscate the code and compile it to bytecode in a compressed executable, would that be sufficient? 'Cause that's easy. Can it run from a server? Can it be run as a service, for that matter?
In Section
Seekers of Perl Wisdom
|
|