http://www.perlmonks.org?node_id=890271


in reply to Re^2: What happened to perlcc?
in thread What happened to perlcc?

"No attempts whatsoever at obfuscation are attempted except for the option to use Acme::Bleach"

False. Source code is also obfuscated using a simple key to avoid extracting the string from the executable.

"Dump that variable, and the source is recovered."

And how would they do that?

Yes, if they know how to run a debugger on an executable that is compiled without debugging symbols and can figure out how to get the data out of that symbol, then they can get your source. Do you know how to do that?

And regardless, I refer you to the perlc page itself which states:

Ignoring the practicality of hiding the code in most situations just because someone can get the code is like deciding to not lock your house anymore, just because locks can be picked.

Yes. Someone can get in. That doesn't mean there is no reason to try to make it difficult. I'm glad that you are (possibly) clever enough to get the data out of a perlc obfuscated program. Most people are not.

Again, if you don't want to use an obfuscator than don't. Many people find them useful. You may find them foolish. Some people may think it's foolish to lock your house up. That's fine as well.

Enjoy!

Replies are listed 'Best First'.
Re^4: What happened to perlcc?
by ikegami (Pope) on Feb 26, 2011 at 09:18 UTC

    Yes, if they know how to run a debugger on an executable that is compiled without debugging symbols and can figure out how to get the data out of that symbol

    There's nothing to figure out. The first thing the executable does is to load the entire original program into a variable.

    Source code is also obfuscated using a simple key to avoid extracting the string from the executable.

    The original program is provided intact in that variable unless bleach is used. Intact is not obfuscated.

    Ignoring the practicality of hiding the code in most situations just because someone can get the code is like deciding to not lock your house anymore, just because locks can be picked.

    I didn't say you shouldn't; I said you didn't.

    Yes. Someone can get in. That doesn't mean there is no reason to try to make it difficult.

    You couldn't have made it easier if you tried.

    I'm glad that you are (possibly) clever enough to get the data out of a perlc obfuscated program. Most people are not.

    On the other hand, it's trivial with daveola's perlc.

    Again, if you don't want to use an obfuscator than don't. Many people find them useful. You may find them foolish.

    I'll repeat: I didn't state my thoughts on the use of an obfuscator; I simply pointed out that daveola's sucks. It simply doesn't do what it claims to do.

      The original program is provided intact in that variable unless bleach is used. Intact is not obfuscated.

      This is, for the third time, FALSE. Please feel free to read the code or even the docs.

      This is getting silly. perlc does not, by any means, claim to lock up your code safe and sound. As we all know, this is essentially impossible. This is even explained in the docs for perlc. If you can find any false claims that I make for perlc, I'd love to hear about them. The home page actually explains that there are many ways to get to the source, and then states:

      Regardless, it IS possible to wrap your perl script into a C program that evals the script in a perl interpretor, and maybe even obfuscate the script a bit while we're at it

      It's a simple script. And it does some simple obfuscation (BESIDES BLEACH). I get that it's not the end solution to hiding your code. In *NO WAY* does it claim to be, at all. But I have hade many people send me thanks for the fact that it exists, so they don't have to write it.

      I get that you don't want it and that you, and I, and anyone who reads the docs can see that it's not foolproof or completely secure.

        Please feel free to read the code or even the docs.

        Not only did I read the docs (doesn't mentioned anything on this) and the code (where I got that info), I ran the code. block contains the entire original source code, intact, not obfuscated.

        If you can find any false claims that I make for perlc, I'd love to hear about them.

        Like I've said many times, it doesn't obfuscate. It happily provides the entire original source code intact (after unbleach.pl if bleach is used). Aside from that, there's at least the following I didn't mention before:

        • It doesn't convert Perl to C.
        • Finally, there's an implicit claim that an executable can be made from the generated .c file, but it's not obvious how to do that.
Re^4: What happened to perlcc?
by Anonymous Monk on Feb 26, 2011 at 08:42 UTC
    Ignoring the practicality of hiding the code in most situations just because someone can get the code is like deciding to not lock your house anymore, just because locks can be picked.

    In that analogy, perlc isn't locking anything, its camouflaging the lock, its like a door with 50 locks, but only one is the real lock

    :D

      I would compare it with putting the key under the welcome mat. Sure the door is locked, but it might as well not be.