tags:

views:

872

answers:

6
+6  Q: 

How can I obfuscate my Perl script to make it difficult to reverse engineer?

I've developed a Perl script that has a confidential business logic.

I have to give this script to another Perl coder to test it in his environment. He will definitely try to extract the logic in my program. So I want to make my script impossible, or at least very very hard, to understand.

I've tried a few sites like liraz, but they did not work for me. The encoded Perl script does not work the same as the original one.

A: 

You could look at perlcc. It doesn't guarantee correctness, but it should do alright if you're not doing anything too funky in your scripts.

Anon.  2009-12-11 04:37:33
-1 Perl bashing is an appropriate pastime for comments, but answers should be informative, and relatively unbiased. Also, `perlcc` is still experimental and may not work and should be used with extreme caution, and not for production code. And that won't really stop someone who's determined.
Chris Lutz  2009-12-11 04:39:10
Edited out the snarkiness.
Anon.  2009-12-11 04:56:27
Retracted the -1, but `perlcc` is still a poor solution (to an admittedly unsolvable problem, so no penalty for trying).
Chris Lutz  2009-12-11 04:57:23
Didn't mean to sick a hurricane on you, man. Sorry.
Chris Lutz  2009-12-11 05:07:11
Nah, don't worry about it. The original version deserved downvoting, and the rep doesn't matter.
Anon.  2009-12-11 05:20:59
+4  A: 

Use Acme::Bleach to bleach the code clean. Then obfuscate the resulting bleached code. However, any encoded/obfuscated code can be decoded, as the Perl interpreter has to decode it anyway.

Alan Haggai Alavi  2009-12-11 04:39:53
no, first obfuscate, then bleach
ysth  2009-12-11 05:12:02
That's even better than Acme::EyeDrops
mobrule  2009-12-11 05:28:59
+57  A: 

I suggest that you get this person and his management to sign a legally enforceable agreement that forbids all forms of reverse engineering, and any other means of gaining access to the stuff you want to protect.

Obfuscation cannot protect you against a determined attempt to reverse engineer. It is theoretically and practically impossible.

Stephen C  2009-12-11 04:39:59
+1 for the right answer.
Chris Lutz  2009-12-11 04:43:13
What he (and several other folks answering similar questions in the past) said. Get a good lawyer. If your client is of a mind to reverse engineer your code you have far worse problems than him reverse engineering your code.
Penfold  2009-12-11 21:08:08
+5  A: 

First, let me say that you're barking up the wrong tree. What you want to do is the wrong approach for many reasons.

Second, check out Filter::Crypto (and PAR::Filter::Crypto). Read the whole manual before your start.

tsee  2009-12-11 07:17:27
+8  A: 

See perlfaq3: How can I hide the source for my Perl program?

Michael Carman  2009-12-11 13:25:27
+8  A: 

Don't try to obfuscate your Perl. You're wasting your time there. I show plenty of people how to break that sort of stuff in Mastering Perl just so they won't try to do it.

Have you considered implementing the sensitive stuff in C and shipping a pre-compiled binary with a Perl interface? It's relatively easy to do and has the same effect without relying on a clever trick. The determined, skilled person can still reverse engineer it, but that's true for any solution. You do have to compile the library for each platform, but if this stuff is important enough to protect, it important enough to charge enough to people to use it.

Alternatively, put the sensitive stuff behind a web service so they never get the code.

The business answer is to not give the program to people you don't trust, or to make the penalties stiff enough to discourage it.

brian d foy  2009-12-11 19:29:42

related questions

Regex to replace Boolean with bool
How do I lock a file in Perl?
How do you use XML::Parser with Style => 'Objects'
Parsing XML Elements & Attributes with Perl
Regex to match all HTML tags except <p> and </p>
Best way to extract data from a FileMaker Pro database in a script?
What's the fastest way to determine a full URL from a relative URL (given a base URL).
Why can't I connect to my CAS server with Perl's AuthCAS?
Why can't I fetch wikipedia pages with LWP::Simple?
How do I perform a Perl substitution on a string while keeping the original?
How do I read in the contents of a directory in Perl?
How can Perl's system() print the command that it's running?
How can I test STDIN without blocking in Perl?
How do I tell if a variable has a numeric value in Perl?
Why doesn't my Perl map return anything?
How can I determine the type of a blessed reference in Perl?
Parsing attributes with regex in Perl
How do you retrieve selected text using Regex in C#?
Why does the Perl conditional operator not do what I expect?
Class::DBI-like library for php?
How do you create objects in Perl?
How do I remove duplicate items from an array in Perl?
Is The Perl Journal available online?
Can you force either a scalar or array ref to be an array in Perl?
What's the safest way to iterate through the keys of a Perl hash?