What's not being said specifically, and which I am guessing that you don't understand, is that once the program is running on your computer, no matter what obfuscation/encryption/compression/etc you have applied to it, it will necessarily have been undone in order for the computer to read and execute the instructions.

At that point, you can use a hardware-assisted debugger to capture all the code. It may be in assembly, and a huge pain to reverse-engineer, but it can be done. At some point there will have to be a coherent representation of your program that can run, and it is this runnable copy that can be examined.

In addition, whatever obfuscation/encryption/compression/etc you have applied to your code, you got it from somewhere else, and therefore someone else can figure out how to undo it and get the original code out of the executable, or at least a bytecode image, and you're still undone. This is what people were trying to explain in your first thread: that even if you convert the Perl to C, you can reverse-engineer the C. If you compress it, someone can uncompress it. If you obfuscate it, someone can unobfuscate it.

Consider encryption, such as used by the military or intelligence communities. It's not enough to have a good code because they all know that eventually you can break any code. The real key to secure communication is not only to use a good code, but to try your hardest to prevent anyone from seeing or even being aware of the communication.

In the end, as other, smarter people than me have pointed out, if you don't want someone to get hold of your code -- don't ship it to them!!!

In all fairness, I'm sure you or your company have a legitimate business problem you're trying to solve. Obfuscate the specifics, if you must, but try laying out exactly what part can and what part can't fall into the wrong hands. Is it the entire program? It is an algorithm? The only thing you can do to a program to make it unreadable is delete it (yeah yeah, secure wipe it). If you can run it, you can read it, and therefore the code can be gotten at.

But what are the skills of the wrong-handed people in question? I guarantee some of the folks on here can break your code, but can your clients/customers? If you were to obfuscate the code and compile it to bytecode in a compressed executable, would that be sufficient? 'Cause that's easy. Can it run from a server? Can it be run as a service, for that matter?

In reply to Re: Best Perl Obfuscator Tool? by furry_marmot
in thread Best Perl Obfuscator Tool? by blueberryboost

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.