Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re^2: What happened to perlcc?

by ikegami (Patriarch)
on Oct 26, 2010 at 20:39 UTC ( [id://867547]=note: print w/replies, xml ) Need Help??


in reply to Re: What happened to perlcc?
in thread What happened to perlcc?

That's nothing at all like perlcc. perlcc stored compiled Perl code, possibly in a machine-independent manner. Rather than a working perlcc, you seem to want an obfuscation tool.

Your tool fails at obfuscation too. The first thing the generated program does is decode the entire script into one variable. Dump that variable, and the source is recovered.

No attempts whatsoever at obfuscation are attempted except for the option to use Acme::Bleach on the source. That means, your tool is just a very restrictive version of Acme::Bleach. Why not just use Acme::Bleach?

Needs a lot of work.

PS — Acme::Bleach can be reversed using unbleach.pl.

Replies are listed 'Best First'.
Re^3: What happened to perlcc?
by Anonymous Monk on May 09, 2011 at 05:21 UTC
    I find it very useful.
Re^3: What happened to perlcc?
by daveola (Sexton) on Feb 26, 2011 at 08:03 UTC
    "No attempts whatsoever at obfuscation are attempted except for the option to use Acme::Bleach"

    False. Source code is also obfuscated using a simple key to avoid extracting the string from the executable.

    "Dump that variable, and the source is recovered."

    And how would they do that?

    Yes, if they know how to run a debugger on an executable that is compiled without debugging symbols and can figure out how to get the data out of that symbol, then they can get your source. Do you know how to do that?

    And regardless, I refer you to the perlc page itself which states:

    Ignoring the practicality of hiding the code in most situations just because someone can get the code is like deciding to not lock your house anymore, just because locks can be picked.

    Yes. Someone can get in. That doesn't mean there is no reason to try to make it difficult. I'm glad that you are (possibly) clever enough to get the data out of a perlc obfuscated program. Most people are not.

    Again, if you don't want to use an obfuscator than don't. Many people find them useful. You may find them foolish. Some people may think it's foolish to lock your house up. That's fine as well.

    Enjoy!

      Yes, if they know how to run a debugger on an executable that is compiled without debugging symbols and can figure out how to get the data out of that symbol

      There's nothing to figure out. The first thing the executable does is to load the entire original program into a variable.

      Source code is also obfuscated using a simple key to avoid extracting the string from the executable.

      The original program is provided intact in that variable unless bleach is used. Intact is not obfuscated.

      Ignoring the practicality of hiding the code in most situations just because someone can get the code is like deciding to not lock your house anymore, just because locks can be picked.

      I didn't say you shouldn't; I said you didn't.

      Yes. Someone can get in. That doesn't mean there is no reason to try to make it difficult.

      You couldn't have made it easier if you tried.

      I'm glad that you are (possibly) clever enough to get the data out of a perlc obfuscated program. Most people are not.

      On the other hand, it's trivial with daveola's perlc.

      Again, if you don't want to use an obfuscator than don't. Many people find them useful. You may find them foolish.

      I'll repeat: I didn't state my thoughts on the use of an obfuscator; I simply pointed out that daveola's sucks. It simply doesn't do what it claims to do.

        The original program is provided intact in that variable unless bleach is used. Intact is not obfuscated.

        This is, for the third time, FALSE. Please feel free to read the code or even the docs.

        This is getting silly. perlc does not, by any means, claim to lock up your code safe and sound. As we all know, this is essentially impossible. This is even explained in the docs for perlc. If you can find any false claims that I make for perlc, I'd love to hear about them. The home page actually explains that there are many ways to get to the source, and then states:

        Regardless, it IS possible to wrap your perl script into a C program that evals the script in a perl interpretor, and maybe even obfuscate the script a bit while we're at it

        It's a simple script. And it does some simple obfuscation (BESIDES BLEACH). I get that it's not the end solution to hiding your code. In *NO WAY* does it claim to be, at all. But I have hade many people send me thanks for the fact that it exists, so they don't have to write it.

        I get that you don't want it and that you, and I, and anyone who reads the docs can see that it's not foolproof or completely secure.

      Ignoring the practicality of hiding the code in most situations just because someone can get the code is like deciding to not lock your house anymore, just because locks can be picked.

      In that analogy, perlc isn't locking anything, its camouflaging the lock, its like a door with 50 locks, but only one is the real lock

      :D

        I would compare it with putting the key under the welcome mat. Sure the door is locked, but it might as well not be.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://867547]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others learning in the Monastery: (6)
As of 2024-03-19 08:02 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found