Stamp_Guy has asked for the wisdom of the Perl Monks concerning the following question:

Does anyone know of a good module/program/something that would allow me to obfuscate my code while not hindering the performance? It would need to run on Win32 (which eliminates Acme::Bleach etc.). It is my intention to hinder someone from modifying my code and using it for other projects without permission after I've installed it on their server. I fully realize that because Perl is a scripting language, this isn't fool proof, but it would be a deterrant. Any ideas would be helpful.

Replies are listed 'Best First'.
Re: Obfuscation of code...
by cLive ;-) (Prior) on Jun 29, 2001 at 23:18 UTC
    I use something like this: 
    
my $script_text = 'whatever';

# list var/sub names without %$@
# ensure vars can't pop up in other contexts - eg messages
my @obsf = qw (var1 var2 sub1 sub2 ...);

# remove comments - note I use "# ## to denote comment
# to ensure only comments get removed
$script_text =~ s/\s*# ##[^\n]+\n\s*/\n/gis;

# remove extraneous CRs
$script_text =~ s/;\s*\n\s*/;\n/gis;

# and a few other things - html tags - tidy up
$script_text =~ s/>\s+</></gis;

# mess up indenting - make random
$script_text =~ s/\t+/"\t" x (int(rand 6))/ges;
    
# remove some crs
$script_text =~ s/;\s+\}/; }/gis;
$script_text =~ s/\}\s+elsif/} elsif/gis;
$script_text =~ s/\{\s+/{ /gis;
$script_text =~ s/\}\s+\}/} }/gis;
$script_text =~ s/;\s+my/; my/gis;
$script_text =~ s/if\s+\(/if \(/gis;

# obfuscate array stuff majorly
my $i=1;
foreach (@obsf) {
  # create replacement
  my $replace    = unpack ("B32", pack("N", $i));
  $replace     =~ s/^0+(?=\d)//;
  $replace     =~ s/0/I/g;
  $replace     =~ s/1/l/g;

  # replace in script
  $script_text =~ s/$_/$replace/gs;    

  # move on...
  $i++;    
}

    [download]

    Makes it ugly to read, but anyone with time can unravel it.

    Another option is using the Filter packages, but be prepared spending some time reading up on crypto - you have to write your own encryption, I believe. This is a lot more secure than plain obfuscation, but still readable by a determined hacker.

    cLive ;-)

[reply]
[d/l]
Re: Obfuscation of code...
by frag (Hermit) on Jun 29, 2001 at 23:21 UTC
    Acme::Bleach works fine for me on Win32. There's no ActiveState PPM for Bleach, but it can be installed by hand (just put the modules in your site/lib directory) or by CPAN (if you've gotten a version of make to work - see this node for my experience).

    -- Frag.

[reply]
Re: Obfuscation of code...
by andreychek (Parson) on Jun 29, 2001 at 23:19 UTC
    Well, to answer your question, it's possible Acme::Smirch may help. From the documentation:

    So here is Smirch, that does the converse of Bleach - rewrites your program using only non alphanumeric characters BUT it does not depend on any external module! That's right - complete perl without numbers or letters.

    As for hiding the contents of your code -- many would say that's what a license is for. However, I assume you have your reasons, so I won't go into that :-)
    -Eric
[reply]
      Wow, I read the source code for that, a perlmonk definitely did not write that. No use strict at all. All global variables, no mys at all. It undefs $/ and doesn't even reset it. Instead of simply saying: 
      open FH, 'foo.bar' or die "could not open";

      [download]
      it says: 
      open FH, 'foo.bar' or print 'could not open' and exit;

      [download]
      It's filled with those print '...' and exit commands too, not just in the open call. I can see many places that need improvement. It is a neat idea though, if not useful, then just fun.

      The 15 year old, freshman programmer,
      Stephen Rawls

[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom