Re^17: What happened to perlcc?

Great! I'm glad that you are a capable enough programmer that you are able to figure that out. As I mentioned in the home page, anyone capable enough *will* be able to extract the code. But do you honestly believe that the casual user will be able to do that? I don't even think that most users, looking at what you've done, would be able to figure out how to do this for a generic script. If anything, you've demonstrated how much knowledge is required to get to that point.

In fact, the first reply to your post was to state that this is exactly why you rock. So clearly this is not an easy task for the casual user. My comment on the home page still stands:

Besides, if you make it hard enough to get to the code, than the person talented enough to extract it will probably be fully capable to write it themselves and won't bother. :)

Secondly, I've been told multiple times that I am misleading people. I write a simple tool and put up on the docs about the tool about all of it's shortcomings, and somehow I am misleading people. If anyone can show me where I'm misleading people, I'd love to know.

I highly recommend that people who don't believe in closed source should not use my script. And if they choose to attack it, please feel free to do so on the ethical issues of open/closed source.

I highly recommend that people who want their code completely secure do NOT use my script. Then again, even if they choose to use a compiled language such as C, there are ways to disassemble C and even convert it back into C code.

I highly recommend that anyone who is comfortable with hiding their script from casual users, feel free to use perlc! And if they want something stronger than Bleach and the weak encryption that perlc offers, then they can obfuscate in some other manner, and yes, anyone who is able to run a debugger and deal with assembly will be able to get your code. There isn't anything you can do about that. You can dust off perlcc and get it working, and even then someone smart enough will be able to effectively reconstruct your code from that.

There is no guaranteed answer to hiding your code. That's a fact. I never claimed to have the answer to that. All I claimed is to write this:

Regardless, it IS possible to wrap your perl script into a C program that evals the script in a perl interpretor,

And that's all.

Sorry you didn't like my script. Sorry it didn't live up to your standards. You're welcome to write something better. :)

Comment on Re^17: What happened to perlcc?

Replies are listed 'Best First'.
Re^18: What happened to perlcc? by ikegami (Patriarch) on Mar 05, 2011 at 06:56 UTC
But do you honestly believe that the casual user will be able to do that? Yes. Especially since I just showed them how to do it. Do you know how safes are rated? Based on how long it takes to break into them. The point of a safe is to delay the attacker long enough for other measures to take effect (such as the cops responding to the alarm). The same applies here. The purpose of hiding code is to make it cost prohibitive for someone to use the code instead of writing it from scratch. `perlc` doesn't do that. Secondly, I've been told multiple times that I am misleading people. That may be, but not by me. My comments have been about the tool, not you. Besides, I believe you think your tool has worth. I highly recommend that anyone who is comfortable with hiding their script from casual users, feel free to use perlc! I highly recommend that noone use perlc. The recommendation isn't based on politics; it's purely a comment on the quality of `perlc`. there are ways to disassemble C and even convert it back into C code. Ok, let's compare `perlc` against C decompilation. (It's not disassembly if it doesn't produce assembler.) `perlc` returns the original code intact. Decompilation loses formatting, comments, variable names, function names, function calls, etc, etc. By your own metric, `perlc` fails miserably. There is no guaranteed answer to hiding your code. Noone has faulted it for not doing that. You're welcome to write something better. :) No thanks. This is based on politics.	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re^18: What happened to perlcc?
by ikegami (Patriarch) on Mar 05, 2011 at 06:56 UTC

But do you honestly believe that the casual user will be able to do that?

Yes. Especially since I just showed them how to do it.

Do you know how safes are rated? Based on how long it takes to break into them. The point of a safe is to delay the attacker long enough for other measures to take effect (such as the cops responding to the alarm).

The same applies here. The purpose of hiding code is to make it cost prohibitive for someone to use the code instead of writing it from scratch. perlc doesn't do that.

Secondly, I've been told multiple times that I am misleading people.

That may be, but not by me. My comments have been about the tool, not you. Besides, I believe you think your tool has worth.

I highly recommend that anyone who is comfortable with hiding their script from casual users, feel free to use perlc!

I highly recommend that noone use perlc. The recommendation isn't based on politics; it's purely a comment on the quality of perlc.

there are ways to disassemble C and even convert it back into C code.

Ok, let's compare perlc against C decompilation. (It's not disassembly if it doesn't produce assembler.) perlc returns the original code intact. Decompilation loses formatting, comments, variable names, function names, function calls, etc, etc. By your own metric, perlc fails miserably.

There is no guaranteed answer to hiding your code.

Noone has faulted it for not doing that.

You're welcome to write something better. :)

No thanks. This is based on politics.

[reply]
[d/l]
[select]