Re: Re: Re: An obfuscation script, and a question

This is getting off the topic, but:

I personally think this is a technically fascinating field and would enjoy learning more about it.

Learning is always good, but please don't make this into anything other than an educational experiance. Code obfuscators can always be reversed if the user(s) are determined enough to de-obfuscate.

And on that note, I suggest looking at Acme::Bleach, Acme::Buckaroo, and many other modules in the Acme:: namespace.

. . . not everybody can afford the same level of "programming purity".

People are often surprised to learn just how much of the software ever written actually goes to a store shelf. About of all software either never leaves the company it was written in, or it was done on a contractual basis for a specific company and is never sold elsewhere. I'm not talking about failed projects--this is code that is used internally and is often specific to the way a certain company operates.

If it's never going to leave the company, why would you care what it is licensed under? And why would you want to obfuscate the code? That would just make things harder for a future maintenance programmer.

----
Reinvent a rounder wheel.

Note: All code is untested, unless otherwise stated

Comment on Re: Re: Re: An obfuscation script, and a question

Replies are listed 'Best First'.
Re: Re: Re: Re: An obfuscation script, and a question by abell (Chaplain) on Mar 14, 2003 at 09:33 UTC
Code obfuscators can always be reversed if the user(s) are determined enough to de-obfuscate This is as true of obfuscated code as it is of compiled programs. While you make it more difficult to reverse-engineer the program, the information is still all there. This might only be changed if some cryptographic techniques become available, allowing to run an application in an untrusted environment without leaking information on the algorithm (I am not able to find relevant links at the moment, but it's an active field of research). Since you mention Acme::Bleach and Acme::Buckaroo, I'd like to point out that they have no use as obfuscators for commercial source-hiding purposes, since during execution the program is reverted to its original form (comments and all) and then evaluated. Cheers Antonio The stupider the astronaut, the easier it is to win the trip to Vega - A. Tucket	[reply]
Re^5: An obfuscation script, and a question by diotalevi (Canon) on Mar 14, 2003 at 11:22 UTC
This might only be changed if some cryptographic techniques become available, allowing to run an application in an untrusted environment without leaking information on the algorithm (I am not able to find relevant links at the moment, but it's an active field of research). No, actually that doesn't work. Its just a high level of obfuscation. All that does is put the code into a package, include the unpackager along with the appropriate secret to unlock the package. All you could hope for as the author was that you'd been clever enough so that enough attackers were deterred. Its just a higher wall - You can still go over it or find ways around it. Seeking Green geeks in Minnesota	[reply]
Re: Re^5: An obfuscation script, and a question by abell (Chaplain) on Mar 14, 2003 at 13:57 UTC
No, actually that doesn't work. ... All that does is ... Your that is not the same as my cryptographic techniques. I was hinting at something more along the lines of homomorphic encryption, which on second thought doesn't seem appliable to the settings we are considering, since the output of the encrypted program is itself encrypted. Thus, your customer would not be able to understand the algorithm, but would also be unable to understand the result, which might cause you some problems ;) During my google-surfing, I found the paper On the (Im)possibility of Obfuscating Programs, dating 2001, which while implying that "perfect" obfuscators do not exist, doesn't rule out the existance of obfuscators working in practice or under theoretically relaxed hypothesis. The field seems open to improvement. Antonio The stupider the astronaut, the easier it is to win the trip to Vega - A. Tucket	[reply]
Re: Re: Re: Re: Re: An obfuscation script, and a question by hardburn (Abbot) on Mar 14, 2003 at 14:52 UTC
. . . since during execution the program is reverted to its original form (comments and all) and then evaluated. So? Commercial Perl obfus can be undone by B::Deparse. You don't get comments back, but it will at least format the code for you. ---- Reinvent a rounder wheel. Note: All code is untested, unless otherwise stated	[reply]
Re^6: An obfuscation script, and a question by abell (Chaplain) on Mar 14, 2003 at 16:45 UTC
I don't intend to flame, but that means that even B::Deparse is a better obfuscator than the Acme modules you mentioned. At least it drops some info which would help to understand the code structure, while Acme::Bleach and Acme::Buckaroo change the code in a totally reversible manner and provide their own inverse transformation. Antonio The stupider the astronaut, the easier it is to win the trip to Vega - A. Tucket	[reply]