Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re: What happened to perlcc?

by daveola (Acolyte)
on Oct 26, 2010 at 19:46 UTC ( #867531=note: print w/replies, xml ) Need Help??


in reply to What happened to perlcc?

I agree and couldn't understand why such a tool didn't exist, so I wrote one:

http://marginalhacks.com/Hacks/perlc/

(Posting here on this old post so people searching for such a solution can find it)

Replies are listed 'Best First'.
Re^2: What happened to perlcc?
by ikegami (Pope) on Oct 26, 2010 at 20:39 UTC

    That's nothing at all like perlcc. perlcc stored compiled Perl code, possibly in a machine-independent manner. Rather than a working perlcc, you seem to want an obfuscation tool.

    Your tool fails at obfuscation too. The first thing the generated program does is decode the entire script into one variable. Dump that variable, and the source is recovered.

    No attempts whatsoever at obfuscation are attempted except for the option to use Acme::Bleach on the source. That means, your tool is just a very restrictive version of Acme::Bleach. Why not just use Acme::Bleach?

    Needs a lot of work.

    PS — Acme::Bleach can be reversed using unbleach.pl.

      I find it very useful.
      "No attempts whatsoever at obfuscation are attempted except for the option to use Acme::Bleach"

      False. Source code is also obfuscated using a simple key to avoid extracting the string from the executable.

      "Dump that variable, and the source is recovered."

      And how would they do that?

      Yes, if they know how to run a debugger on an executable that is compiled without debugging symbols and can figure out how to get the data out of that symbol, then they can get your source. Do you know how to do that?

      And regardless, I refer you to the perlc page itself which states:

      Ignoring the practicality of hiding the code in most situations just because someone can get the code is like deciding to not lock your house anymore, just because locks can be picked.

      Yes. Someone can get in. That doesn't mean there is no reason to try to make it difficult. I'm glad that you are (possibly) clever enough to get the data out of a perlc obfuscated program. Most people are not.

      Again, if you don't want to use an obfuscator than don't. Many people find them useful. You may find them foolish. Some people may think it's foolish to lock your house up. That's fine as well.

      Enjoy!

        Yes, if they know how to run a debugger on an executable that is compiled without debugging symbols and can figure out how to get the data out of that symbol

        There's nothing to figure out. The first thing the executable does is to load the entire original program into a variable.

        Source code is also obfuscated using a simple key to avoid extracting the string from the executable.

        The original program is provided intact in that variable unless bleach is used. Intact is not obfuscated.

        Ignoring the practicality of hiding the code in most situations just because someone can get the code is like deciding to not lock your house anymore, just because locks can be picked.

        I didn't say you shouldn't; I said you didn't.

        Yes. Someone can get in. That doesn't mean there is no reason to try to make it difficult.

        You couldn't have made it easier if you tried.

        I'm glad that you are (possibly) clever enough to get the data out of a perlc obfuscated program. Most people are not.

        On the other hand, it's trivial with daveola's perlc.

        Again, if you don't want to use an obfuscator than don't. Many people find them useful. You may find them foolish.

        I'll repeat: I didn't state my thoughts on the use of an obfuscator; I simply pointed out that daveola's sucks. It simply doesn't do what it claims to do.

        Ignoring the practicality of hiding the code in most situations just because someone can get the code is like deciding to not lock your house anymore, just because locks can be picked.

        In that analogy, perlc isn't locking anything, its camouflaging the lock, its like a door with 50 locks, but only one is the real lock

        :D

Re^2: What happened to perlcc?
by Anonymous Monk on Oct 28, 2010 at 00:45 UTC
    Awesome work. Just the tool we need! Seems to work easily and properly.
      Great sarcasm, really funny!

        Anyone who thinks that compiling Perl is folly has never worked in the real world; there are many reasons to 'compile' Perl code, of course if you don't know those reasons then a description of them would not convince you. Removing perlcc will just cost me more money to buy a Perl compiler, but I guess I can't squawk much cause I ain't the one maintaining it.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://867531]
help
Chatterbox?
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (5)
As of 2018-06-19 05:17 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?



    Results (111 votes). Check out past polls.

    Notices?