Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Encrypt perl script

by Anonymous Monk
on Jan 27, 2011 at 16:43 UTC ( [id://884594]=perlquestion: print w/replies, xml ) Need Help??

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hello monks!
I have a perl script with several commands that it runs in the terminal.
Thing is that i don't want others to be able to read the file (the source code i mean) but be able to execute it. Is there any way i can make the script not "readable" (encryption or something else) but to be ready to be executed?
thanks

Replies are listed 'Best First'.
Re: Encrypt perl script
by CountZero (Bishop) on Jan 27, 2011 at 16:48 UTC
    No.

    CountZero

    A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

Re: Encrypt perl script
by ikegami (Patriarch) on Jan 27, 2011 at 16:57 UTC

    Encryption requires the existence of a secret (e.g. a key), yet the only way there can be a secret and still be able to execute the program is if you have to enter the secret when you launch the program. Is that what you want, or do you want obfuscation?

    There are lots of post on the latter on PerlMonks. You should find them by doing a Super Search using the terms you used in your subject.

Re: Encrypt perl script
by Anonyrnous Monk (Hermit) on Jan 27, 2011 at 16:59 UTC

    As this comes up regularly, you should find extensive discussion of the topic when you search this site for hide/protect source.

Re: Encrypt perl script
by elef (Friar) on Jan 27, 2011 at 18:31 UTC
    How about packaging the script into an executable with pp?
    I'm not sure how hard it is to pick an executable apart, but I guess it would stop all but the most savvy people from having a look inside. Of course it might interfere with the functionality you want from the script... nothing is perfect, I guess.

      You just have to unzip the file created by pp.

        Hmm, easier then I thought. Still, if the user has no idea where the .exe came from, they might not think to try and unzip it. It's certainly some level of protection. I guess it all depends on what the OP wants to do.
Re: Encrypt perl script
by jffry (Hermit) on Jan 28, 2011 at 15:50 UTC

    I would not do this within Perl. I would use the OS to accomplish this task. You mentioned terminals, so that might imply a Unix flavor or variant. I would use a special user id and sudo to accomplish this task in Unix.

    NOTE: I intend to meet your requirements of being able to run a command, but not being able to view the command. I do not intend to encrypt anything. Encryption in this case seems to be an XY problem.

    Here is the example command. The file is owned by our special user sexec. The group owner is root. The other permissions are all turned off.

    root@mybox:/tmp/fakebin # ls -ld . drwxr-xr-x 2 root root 1024 Jan 28 09:44 . root@mybox:/tmp/fakebin # ls -l total 1 -rwxr-x--- 1 sexec root 90 Jan 28 09:44 cmd.pl root@mybox:/tmp/fakebin # cat cmd.pl #!/usr/bin/perl -w use strict; use warnings; print "Secret command output.\n"; exit 0;

    Here is the /etc/sudoers line that lets user bob run cmd.pl as user sexec.

    bob ALL = (sexec) NOPASSWD: /tmp/fakebin/cmd.pl

    Here is the end result actions. User bob can run the command, but he can't view it.

    bob@mybox:~ $ sudo -u sexec /tmp/fakebin/cmd.pl Secret command output. bob@mybox:~ $ cat /tmp/fakebin/cmd.pl cat: /tmp/fakebin/cmd.pl: Permission denied bob@mybox:~ $ sudo -u sexec /bin/cat /tmp/fakebin/cmd.pl Password: Sorry, user bob is not allowed to execute '/bin/cat /tmp/fakebin/cmd.p +l' as sexec on mybox.localdomain.tld.
Re: Encrypt perl script
by Anonymous Monk on Jan 27, 2011 at 17:02 UTC
    But guys, I used the Acme::Bleach module, i ran it once and turn the perl script into a blank file. Then i executed the perl script and did the job correctly. Can't I pass this "blank" file to another computer?
      Can't I pass this "blank" file to another computer?

      Sure you can (provided Acme::Bleach is installed, or you ship it with the script) — but it's only very weak obfuscation, i.e. easily reversible...

        Sure you can (provided Acme::Bleach is installed, or you ship it with the script) — but it's only very weak obfuscation, i.e. easily reversible...
        For an alternative very weak obfuscation, but without needing to go to the bother of installing the weakly obfuscating module on the target system, see Acme::EyeDrops.

        Re hiding your script, see: Re: Hiding your Script (Security through Obscurity References).

        Yes but only if someone knows what to search for... I mean the code is protected, at least to some extent
Re: Encrypt perl script
by Anonymous Monk on Jan 27, 2011 at 17:28 UTC
    it is possible to "insert" a deletion command inside the script so as, after executing all the commands it will be "self-destroyed"? Or I have been watching Mission Impossible for so long??? :P
      Cool! I inserted unlink $0 in the end... Of course this help only if the user does not descrypt the file before running it...
        There are two huge problems that no obfuscation can address well - B::Deparse and the debugger.

        If your program is executable at all, B::Deparse will print the source. Similarly, if the program's executable at all, the debugger's list command will display the source code.

        One of the few ways to protect your source is to host it one place and supply a thin-client front end that connects to the hosted code to perform functions. You never distribute the protected code at all.

        What's the reason you want to do this? Maybe there's a better option.

        So this is a single-use program?

        And you hope they'll buy it again, next time they need it?

        Maybe your problem is not "Mission Impossible" but rather "Modern Marketing Techniques?"

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://884594]
Approved by ikegami
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others examining the Monastery: (8)
As of 2024-03-28 09:16 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found