in reply to Re^3: What happened to perlcc?
in thread What happened to perlcc?

Yes, if they know how to run a debugger on an executable that is compiled without debugging symbols and can figure out how to get the data out of that symbol

There's nothing to figure out. The first thing the executable does is to load the entire original program into a variable.

Source code is also obfuscated using a simple key to avoid extracting the string from the executable.

The original program is provided intact in that variable unless bleach is used. Intact is not obfuscated.

Ignoring the practicality of hiding the code in most situations just because someone can get the code is like deciding to not lock your house anymore, just because locks can be picked.

I didn't say you shouldn't; I said you didn't.

Yes. Someone can get in. That doesn't mean there is no reason to try to make it difficult.

You couldn't have made it easier if you tried.

I'm glad that you are (possibly) clever enough to get the data out of a perlc obfuscated program. Most people are not.

On the other hand, it's trivial with daveola's perlc.

Again, if you don't want to use an obfuscator than don't. Many people find them useful. You may find them foolish.

I'll repeat: I didn't state my thoughts on the use of an obfuscator; I simply pointed out that daveola's sucks. It simply doesn't do what it claims to do.

Replies are listed 'Best First'.
Re^5: What happened to perlcc?
by daveola (Sexton) on Feb 27, 2011 at 22:06 UTC
    The original program is provided intact in that variable unless bleach is used. Intact is not obfuscated.

    This is, for the third time, FALSE. Please feel free to read the code or even the docs.

    This is getting silly. perlc does not, by any means, claim to lock up your code safe and sound. As we all know, this is essentially impossible. This is even explained in the docs for perlc. If you can find any false claims that I make for perlc, I'd love to hear about them. The home page actually explains that there are many ways to get to the source, and then states:

    Regardless, it IS possible to wrap your perl script into a C program that evals the script in a perl interpretor, and maybe even obfuscate the script a bit while we're at it

    It's a simple script. And it does some simple obfuscation (BESIDES BLEACH). I get that it's not the end solution to hiding your code. In *NO WAY* does it claim to be, at all. But I have hade many people send me thanks for the fact that it exists, so they don't have to write it.

    I get that you don't want it and that you, and I, and anyone who reads the docs can see that it's not foolproof or completely secure.

[reply]

      Please feel free to read the code or even the docs.

      Not only did I read the docs (doesn't mentioned anything on this) and the code (where I got that info), I ran the code. block contains the entire original source code, intact, not obfuscated.

      If you can find any false claims that I make for perlc, I'd love to hear about them.

      Like I've said many times, it doesn't obfuscate. It happily provides the entire original source code intact (after unbleach.pl if bleach is used). Aside from that, there's at least the following I didn't mention before:

      • It doesn't convert Perl to C.
      • Finally, there's an implicit claim that an executable can be made from the generated .c file, but it's not obvious how to do that.
[reply]
[d/l]
        It's strange, you even mention it yourself:

        Source code is also obfuscated using a simple key to avoid extracting the string from the executable.

        And in the home page, perhaps missed, was:

        Takes a single perl script, converts the block using a simple encoding with an optionally defined key.

        Which you can see from the usage involves the '-key' option.

          -key <str>         Specify key for encode/decode of embedded script

        So your claim that the source code is provided intact is false.

        And yes, it's weak encryption. Clearly if someone wants to attack an obfuscation like this, they'll do some sort of runtime attack rather than try to decode the script.

        You also state: "Finally, there's an implicit claim that an executable can be made from the generated .c file, but it's not obvious how to do that"

        And again, from the usage:

          -exe <exec>        Compile the code into an executable

        I think that's pretty simple

        But to help make it clearer, I've added the compilation command to the comments at the top of the C output.

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom