[prog] 'protecting' perl code

Jacinta Richardson jarich at perltraining.com.au
Fri May 7 12:53:41 EST 2004


On Fri, 7 May 2004, Riccarda Cassini wrote:

> > From the point of view of cryptography, the whole obfuscation approach
> > is _always_ lame, but for many practical purposes, the time required to
> > crack some program would typically be beyond what it's worth -- if done
> > well enough.
> > (Make sure, however, that your client knows about these facts...
> > preferably in written form.)
> 
> If I'm understanding this correctly, the protection level achieved by
> some properly done obfuscation would roughly be the same as that of an
> ordinary binary program.  In the latter case you'd have to reverse
> engineer the binary in the debugger, while with the obfuscated perl
> script, you'd have to crack the special perl interpreter containing the
> decryption routines. Is that right?

Nope, not the same level at all.  Unless you're talking about rewriting
aspects of the perl interpreter?  An ordinary binary program is all
opcodes and symbol tables and low level stuff.  What Almut had described
is effectively taking your Perl script and munging it a little bit.  The
interpreter then undoes the munging, compiles the code into opcodes,
symbol tables and low level stuff and then runs it.

With a binary you're essentially correct about reverse engineering it with
the debugger.  With Perl you just need to be able to insert a step between
Perl undoing the munging and compiling the code.  That extra step isn't
too hard to add in most situations.  :(

Not the same level of obfuscation at all.

	Jacinta

--
   ("`-''-/").___..--''"`-._          |  Jacinta Richardson         |
    `6_ 6  )   `-.  (     ).`-.__.`)  |  Perl Training Australia    |
    (_Y_.)'  ._   )  `._ `. ``-..-'   |      +61 3 9354 6001        |  
  _..`--'_..-_/  /--'_.' ,'           | contact at perltraining.com.au |
(il),-''  (li),'  ((!.-'              |   www.perltraining.com.au   |



More information about the Programming mailing list