RE: Obfusacating the source
I am in the process of releasing these two modules which together provide perl source obfuscation. They are not uniquely Apache oriented though I've never used them for anything else, thus the designation in Crypt. They have been used in production for over 2 years with little in the way of updates so they could be termed stable. The name has been changed so that it fits into the CPAN hierarchy a little better. Crypt-CapnMidNite-1.00.tar.gz Crypt-License-2.00.tar.gz They may be found at: http://www.bizsystems.net/downloads/other README from Crypt::License Crypt::License This module set provides tools to effectively obfuscate perl source code and allow it to be decoded and executed based on host server, user, expiration date and other parameters. Further, decoding and execution can be set for a system wide key as well as a unique user key. In addition, there are a set of utilities that provide email notification of License expiration and indirect use of the encrypted modules by other standard modules that may reside on the system. i.e. sub-process calls by Apache-AuthCookie while not in user space. Tools and Makefile.PL additions are included to allow the creation of encrypted distribution binaries with commands make crypt make cryptdist Basic operation: Encryption uses a modified RC4 algorithim to convert the text perl file into a binary consisting of bits -- this is a non-text file. When perl attempts to load the module if first encounters use Crypt::License; at the beginning of the file which in turn decrypts the stream of bits and delivers it directly to the perl interpreter. Details in the POD's Michael
Re: Obfusacating the source
Hi ( 02.11.19 19:48 +0100 ) Francesc Guasch: The idea is get something just a little difficult to read, so the customer engineers have a hard time if they try to read the source. Call all variables 1 char names Replace all comments with 'comment here' -- .--- ...
Re: Obfusacating the source
I need some tool that gets all the perl modules and mason components, of an application we made, and obfucaste it a little. See Acme::Bleach http://search.cpan.org/author/DCONWAY/Acme-Bleach/lib/Acme/Bleach.pm It works by source filtering and encoding the source as whitespace chars. (see also Acme::Bleach, Acme::Pony...) -- s'' Mark Fowler London.pm Bath.pm http://www.twoshortplanks.com/ [EMAIL PROTECTED] ';use Term'Cap;$t=Tgetent Term'Cap{};print$t-Tputs(cl);for$w(split/ +/ ){for(0..30){$|=print$t-Tgoto(cm,$_,$y). $w;select$k,$k,$k,.03}$y+=2}
Re: Obfusacating the source
John Saylor wrote: Hi ( 02.11.19 19:48 +0100 ) Francesc Guasch: The idea is get something just a little difficult to read, so the customer engineers have a hard time if they try to read the source. Call all variables 1 char names Replace all comments with 'comment here' That looks like what my boss wants me to do. But I think it's one of those things that looks easy to do, and you can have most of it done in very little time. But make it completely could be overkill. Just like a templating module. ;)
Re: Obfusacating the source
Hi! On Tue, Nov 19, 2002 at 07:08:00PM +, Mark Fowler wrote: I need some tool that gets all the perl modules and mason components, of an application we made, and obfucaste it a little. See Acme::Bleach In fact you're probably better off using Acme::EyeDrops http://search.cpan.org/author/ASAVIGE/Acme-EyeDrops-1.16/lib/Acme/EyeDrops.pm With Acme::Bleach, you'll need to say use Acme::Bleach at the beginning of your bleached module. Acme::EyeDrops uses a big Regex, or (probably saver for your needs) call it with Regex = 0 to generate a string to be evaled. So no need for 'use Acme::EyeDrops', so no telltale sign for the cracker. But no matter what Obfuscator you use: Obfuscation won't stop a determined reader to get to the source. shameless plug You might want to check out the slides of my talk The Dark Art of Obfuscation, held at YAPC::Europe 2002: http://domm.zsi.at:/talks/obfu_yapc2002/ /shameless plug -- #!/usr/bin/perlhttp://domm.zsi.at for(ref(bless[],just'another'perl'hacker)){s-:+-$-gprint$_.$/}
RE: Obfusacating the source
Hi Francesc -- I need some tool that gets all the perl modules and mason components, of an application we made, and obfucaste it a little. The idea is get something just a little difficult to read, so the customer engineers have a hard time if they try to read the source. I have two suggestions for you. First, you can make your code un-maintainable by following the excellent advice in this little primer: http://mindprod.com/unmain.html Second, you can hire Damian Conway. Here is an example of his expertise in the world of hidden meaning: http://libarynth.f0.am/cgi-bin/view/Libarynth/SelfGOL Back-in-the-day there was the idea of doing a core-dump and then un-dumping your core into a running state. I don't know how this would work with a Mason-based system, however. Then, there is always creating a special installation of Perl which can decrypt the code prior to parsing. That sounds like a weekend project for the suitably twisted. Warmest regards, -Jesse- -- Jesse Erlbaum The Erlbaum Group [EMAIL PROTECTED] Phone: 212-684-6161 Fax: 212-684-6226