All geek questions in one place

Is there any good obfuscater for Perl code?

Does anyone know a good code counter for Perl? I ask you to take a look at the code pondering option before sending it to the client. I know that missing code can be reconstructed, but this is not our main problem.

Some customers make small changes to the source code that we give them, and it gives us nightmares when something goes wrong and we need to fix it, or when we release a patch that does not work with what they changed, Therefore, the intention is to do this in such a way that it is difficult for them to make changes to the code (they still should not do this).

+4
source share
15 answers

I used to be on this path before, and this is an absolute nightmare when you need to work on "confusing" code, because it leads to huge expenses for debugging problems on the client server, when you, the developer, cannot read the code. You complete the "deobfuscators", copy the "real code" to the client server, or any of several other problems that just become real hassles to support.

I understand where you came from, but it seems that the management has problems and they are looking for a solution to the selected solution for you, rather than figuring out what the correct solution is.

In this case, it seems that this is really a licensed or contract issue. They may have an open source code, but make it part of the license so that any changes they send should be returned to you and approved. When you push the corrections, check the md5 amount of the entire code and, if it does not meet the expected, they violate the license and will be charged accordingly (and this should be a much higher rate). (I remember one company that has open source code, but made it clear that if we changed something, we "bought" the code for $ 25,000, and they were no longer responsible for fixing or updating errors if we did not buy a new license).

+31
source

not to do. Just don't do it.

Write it in the contract (or revise the contract if you need) that you are not responsible for any changes to the software. If they download your code and then expect that you will fix it, you will have problems with clients that cannot be resolved by obfuscating the code. And if you confuse this, and they are faced with a real problem, good luck in accurately reporting the line number, etc. In the error report.

+15
source

Please do not do this. If you do not want people to modify your Perl code, then install it under the appropriate license and enforce this license. If people change your code when you license that they should not do this, then this is not your problem when your updates no longer work with their installation.

See perlfaq3 for the answer to the question “How can I hide the source for my Perl programs? For more details.

+8
source

It would seem that your main problem is that clients modify the code, which then makes it difficult for you to support it. I would advise you to request checksums (md5, sha, etc.) of their files when they come to you for support, and similarly check the checksums of files when correcting. For example, you can ask the client to provide the output of the provided program, which goes through their installation and controls all the files.

They ultimately have code, so they can do whatever they want. The best you can do is enforce your licenses and make sure that you only support unmodified code.

+5
source

In this case, obfuscation is the wrong approach.

When you release the code to the client, you should save a copy of the code that you send (either on disk or, preferably, in your version control as a tag / branch).

Then, if your client makes changes, you can compare the code that they have with the code that you sent them, and it is easy to notice the changes. In the end, if they feel the need to make changes, there is a problem somewhere, and you have to fix it in the main code base.

+4
source

Another alternative for converting your program to a binary file is the free CPAN PAR-Packer tool. There are even filters for obfuscating code, although as others have said, there may be more problems than it costs.

+4
source

I agree with the previous suggestions.

However, if you really want it, you can look at PAR and / or Filter :: Crypto CPAN Modules. You can also use them together.

I used the latter (Filter :: Crypto) as a very light form of “protection” when we sent our product to optical media. It does not protect you, but it will stop 90% of people who want to change the source files.

+4
source

This is not a serious suggestion, but check out Acme :: Buffy .

It will be at least brighter than your day!

+3
source

An alternative to obfuscation is to convert your script to binary using the ActiveState Perl Dev Kit .

+2
source

As several people have said: do not.

This is almost implicit, given the nature of the Perl interpreter, that everything you do to confuse Perl must be undone before Perl takes its hands on it, which means you need to leave the de-obfuscation script / binary where the translator is (and therefore your client) can find it :)

Correct the real problem: checksums and / or license with the appropriate permission. And the support staff learned to say: “Have you changed it? We refer to paragraph 34b of our license and it will be $ X, 000 before we touch it ....

Also, read why-should-i-use-obfuscation for a more general answer.

+2
source

I am running Windows O / S and using perl2exe from IndigoSTAR. The result of a .EXE file is unlikely to be changed in place.

As others have said, “how am I confusing him” is the wrong question. "How to stop the client from changing the code" is correct.

+2
source

Checksum and contract ideas are good for avoiding the “problems” you describe, but if it is difficult for you to update and fix bugs, how do your customers make changes that fail a comprehensive test suite ? If they are able to make these changes (or at least make changes that express what they want the code to do), why not just simplify / automate them to open a support ticket and download the patch? The client is always right about what the client wants (they may not know how to do it “right”, but why they pay you.)

The best reason to want an obfuscator would be to deploy a mass market desktop computer where you don't have every customer on a regular contract. In this case, something like PAR - everything that packs the encryption / obfuscation logic into a compiled binary is the way to go.

+2
source

I would just invite them to my SVN tree on their own branch so that they can provide changes, and I can see them and integrate their changes into my development tree.

Do not fight, hug him.

+1
source

As Ovid says, this is a contractual social problem. If they change the code, they will void the warranty. Charge them a lot to fix this, but at the same time give them a channel where they can suggest changes. Also, see what they want to change, and do this part of the configuration if you can. They have something that they want to do, and until you satisfy it, they will continue to try to get around you.

In Mastering Perl , I’ll talk a little about the victory of obfuscators. Even if you do things like meaningless variable names and the like, modules like B :: Deparse and B :: Deobfuscate , along with Perl tools like Perl :: Tidy , make this pretty easy for experienced and motivated person to get your source. You do not need to worry about the unknowable and unmotivated, because they do not know what to do with the code anyway.

When I talk with managers about this, we analyze normal costs. There are all kinds of things you could do, but not many of them cost less than the benefits you get.

Good luck

+1
source

Another frivolous suggestion is to use Acme :: Bleach , this will make your code very clean; -)

0
source

Source: https://habr.com/ru/post/1276742/

More articles:


All Articles