Re: Re: Re: Re: An obfuscation script, and a question

Code obfuscators can always be reversed if the user(s) are determined enough to de-obfuscate

This is as true of obfuscated code as it is of compiled programs. While you make it more difficult to reverse-engineer the program, the information is still all there. This might only be changed if some cryptographic techniques become available, allowing to run an application in an untrusted environment without leaking information on the algorithm (I am not able to find relevant links at the moment, but it's an active field of research).

Since you mention Acme::Bleach and Acme::Buckaroo, I'd like to point out that they have no use as obfuscators for commercial source-hiding purposes, since during execution the program is reverted to its original form (comments and all) and then evaluated.

Cheers

Antonio

The stupider the astronaut, the easier it is to win the trip to Vega - A. Tucket

Comment on Re: Re: Re: Re: An obfuscation script, and a question

Replies are listed 'Best First'.
Re^5: An obfuscation script, and a question by diotalevi (Canon) on Mar 14, 2003 at 11:22 UTC
This might only be changed if some cryptographic techniques become available, allowing to run an application in an untrusted environment without leaking information on the algorithm (I am not able to find relevant links at the moment, but it's an active field of research). No, actually that doesn't work. Its just a high level of obfuscation. All that does is put the code into a package, include the unpackager along with the appropriate secret to unlock the package. All you could hope for as the author was that you'd been clever enough so that enough attackers were deterred. Its just a higher wall - You can still go over it or find ways around it. Seeking Green geeks in Minnesota	[reply]
Re: Re^5: An obfuscation script, and a question by abell (Chaplain) on Mar 14, 2003 at 13:57 UTC
No, actually that doesn't work. ... All that does is ... Your that is not the same as my cryptographic techniques. I was hinting at something more along the lines of homomorphic encryption, which on second thought doesn't seem appliable to the settings we are considering, since the output of the encrypted program is itself encrypted. Thus, your customer would not be able to understand the algorithm, but would also be unable to understand the result, which might cause you some problems ;) During my google-surfing, I found the paper On the (Im)possibility of Obfuscating Programs, dating 2001, which while implying that "perfect" obfuscators do not exist, doesn't rule out the existance of obfuscators working in practice or under theoretically relaxed hypothesis. The field seems open to improvement. Antonio The stupider the astronaut, the easier it is to win the trip to Vega - A. Tucket	[reply]
Re: Re: Re: Re: Re: An obfuscation script, and a question by hardburn (Abbot) on Mar 14, 2003 at 14:52 UTC
. . . since during execution the program is reverted to its original form (comments and all) and then evaluated. So? Commercial Perl obfus can be undone by B::Deparse. You don't get comments back, but it will at least format the code for you. ---- Reinvent a rounder wheel. Note: All code is untested, unless otherwise stated	[reply]
Re^6: An obfuscation script, and a question by abell (Chaplain) on Mar 14, 2003 at 16:45 UTC
I don't intend to flame, but that means that even B::Deparse is a better obfuscator than the Acme modules you mentioned. At least it drops some info which would help to understand the code structure, while Acme::Bleach and Acme::Buckaroo change the code in a totally reversible manner and provide their own inverse transformation. Antonio The stupider the astronaut, the easier it is to win the trip to Vega - A. Tucket	[reply]