ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Perl is an interpreted language, so the computer that runs the code needs to be able to read it. If you encrypted it so the user couldn't read it's contents, then the computer couldn't run it either.
There are tools to obfuscate Perl, which means make it very complicated to read and decipher, but the end-user could still figure it out if they wanted to. There was an article in 2600 about that not-long ago.
The only way to distribute software without the source being accessible is to use a compiled language like C and only put out binaries.
Perl is an interpreted language, so the computer that runs the code needs to be able to read it. If you encrypted it so the user couldn't read it's contents, then the computer couldn't run it either.
There are tools to obfuscate Perl, which means make it very complicated to read and decipher, but the end-user could still figure it out if they wanted to. There was an article in 2600 about that not-long ago.
The only way to distribute software without the source being accessible is to use a compiled language like C and only put out binaries.
True, but even then, there's ways of 'de-compiling', or you can even run strings against the binary, and pull out a surprising amount of useful data.
You may want to look at pp ("perl packager"). It actually creates a binary file, that's *fairly* nice. However, when it executes, it does create temp files, that do expose a good bit of your source, if not all of it. The nicest thing about it, though, is that it puts all of the modules on your 'build box', into the package. So the box that runs it needs just a basic Perl installation....everything else is transported in the package, and is pulled out at run-time.
Distribution: Damn Small Linux, KateOs, M$ Ickdows Vista, My own OS
Posts: 2,094
Rep:
Even if its executable, chances are someone can execute it and rip it from memory.
And on top of that as bigearbilly says it is the age of open source.
why?
perl itself is open source. linux is open source. BSD is open source.
this is the age of open source.
I think you'll find not many people will want an obfuscated perl script.
it's against the spirit of perl.
I agree. There are so many ways to get into a 'compiled' program, it's hardly worth the effort.
The only reason I use pp, is to make package delivery easier. I don't have to install a bunch of script-specific modules, to get the program to work...just ship the program itself.
How about something like the ioncube loaders for php?
Is that decryptable?
For example:
Code:
<?php //00440
// IONCUBE ENCODER 6.5 EVALUATION
// THIS LICENSE MESSAGE IS ONLY ADDED BY THE EVALUATION ENCODER AND
// IS NOT PRESENT IN PRODUCTION ENCODED FILES
if(!extension_loaded('ionCube Loader')){$__oc=strtolower(substr(php_uname(),0,3));$__ln='ioncube_loader_'.$__oc.'_'.substr(phpversion(),0,3).(($__oc=='win')?'.dll':'.so');@dl($__ln);if(function_exists('_il_exec')){return _il_exec();}$__ln='/ioncube/'.$__ln;$__oid=$__id=realpath(ini_get('extension_dir'));$__here=dirname(__FILE__);if(strlen($__id)>1&&$__id[1]==':'){$__id=str_replace('\\','/',substr($__id,2));$__here=str_replace('\\','/',substr($__here,2));}$__rd=str_repeat('/..',substr_count($__id,'/')).$__here.'/';$__i=strlen($__rd);while($__i--){if($__rd[$__i]=='/'){$__lp=substr($__rd,0,$__i).$__ln;if(file_exists($__oid.$__lp)){$__ln=$__lp;break;}}}@dl($__ln);}else{die('The file '.__FILE__." is corrupted.\n");}if(function_exists('_il_exec')){return _il_exec();}echo('Site error: the file <b>'.__FILE__.'</b> requires the ionCube PHP Loader '.basename($__ln).' to be installed by the site administrator.');exit(199);
?>
4+oV5CTwm4RStpXfZSDLPJ6mxCrAmrk9oIQdj9Ii8rMfyN3CU6iF3K+u1dG61LFjIqJzXqq4HXvc
iLqFThTRi7P7nbpP/r/CPqzBlpYaBtO7dWxeSZ+6zFMQXJzoHMwGEvGMNIMfAGSg0nwD/9yEAnw1
7W2Ouz0WzJ5BxEkfLycASbvFVEVXT8a8GVMDKXLs3KwF6p89y98D5dFsTP/aA2PYVxrMU7GH8/Ke
/MET4Bfns+xpW2OoMeOMgREwOMAsa3CvhlaUID3jsirST0+DWbC968NL1mbw/503JhchbNQTOerY
VhrIFL1Lv44rjL5tk6Zhnesojs3j5vYS2PjkuwU44xd5ALbGNlmlPLl2gRR9FQlS80vil8XFKCag
DskbzlEHxEeMUp/DNBNDAE1G
How about something like the ioncube loaders for php?
Is that decryptable?
For example:
Code:
<?php //00440
// IONCUBE ENCODER 6.5 EVALUATION
// THIS LICENSE MESSAGE IS ONLY ADDED BY THE EVALUATION ENCODER AND
// IS NOT PRESENT IN PRODUCTION ENCODED FILES
if(!extension_loaded('ionCube Loader')){$__oc=strtolower(substr(php_uname(),0,3));$__ln='ioncube_loader_'.$__oc.'_'.substr(phpversion(),0,3).(($__oc=='win')?'.dll':'.so');@dl($__ln);if(function_exists('_il_exec')){return _il_exec();}$__ln='/ioncube/'.$__ln;$__oid=$__id=realpath(ini_get('extension_dir'));$__here=dirname(__FILE__);if(strlen($__id)>1&&$__id[1]==':'){$__id=str_replace('\\','/',substr($__id,2));$__here=str_replace('\\','/',substr($__here,2));}$__rd=str_repeat('/..',substr_count($__id,'/')).$__here.'/';$__i=strlen($__rd);while($__i--){if($__rd[$__i]=='/'){$__lp=substr($__rd,0,$__i).$__ln;if(file_exists($__oid.$__lp)){$__ln=$__lp;break;}}}@dl($__ln);}else{die('The file '.__FILE__." is corrupted.\n");}if(function_exists('_il_exec')){return _il_exec();}echo('Site error: the file <b>'.__FILE__.'</b> requires the ionCube PHP Loader '.basename($__ln).' to be installed by the site administrator.');exit(199);
?>
4+oV5CTwm4RStpXfZSDLPJ6mxCrAmrk9oIQdj9Ii8rMfyN3CU6iF3K+u1dG61LFjIqJzXqq4HXvc
iLqFThTRi7P7nbpP/r/CPqzBlpYaBtO7dWxeSZ+6zFMQXJzoHMwGEvGMNIMfAGSg0nwD/9yEAnw1
7W2Ouz0WzJ5BxEkfLycASbvFVEVXT8a8GVMDKXLs3KwF6p89y98D5dFsTP/aA2PYVxrMU7GH8/Ke
/MET4Bfns+xpW2OoMeOMgREwOMAsa3CvhlaUID3jsirST0+DWbC968NL1mbw/503JhchbNQTOerY
VhrIFL1Lv44rjL5tk6Zhnesojs3j5vYS2PjkuwU44xd5ALbGNlmlPLl2gRR9FQlS80vil8XFKCag
DskbzlEHxEeMUp/DNBNDAE1G
Yep. As with any 'run time' language, PHP has to be decrypted before it's loaded. There are some runtime things you can load on the server, but all that does is load the encrypted module, decrypt it, then run it. So not only does it slow things down, the decrypted stuff is still in ram and/or a temp file somewhere.
No matter what, you can decompile pretty much ANYTHING...
Maybe...maybe longer, maybe shorter. Depends on the key, what you use for encryption, and how much effort you put in. A single PC chugging on something in its downtime will take a while....a cluster of 50 going 24/7 will crack it in no time.
The best thing is to consider everything you send out to be compromised, period. Programs? Obfuscation is good...keep a 'gold' copy of your source somewhere that YOU have access to it. Everything else, strip the comments, blank lines, tabs, and anything else that helps it to be easily read by humans. Compile that, and ship it out. Data/messages? Don't put anything in them, that you wouldn't mind being read by any random stranger.
Again, no matter WHAT you do, it's breakable. Spend more time making your code good, and less about 'protecting' it. Kinda like putting your house in a five-foot thick concrete dome, with a bank-vault front door. Are you safe? Nope...if someone wants in bad enough...they're getting in.
If you are worried about losing money, then send it through the copyright office, and fling vast amounts of slavering lawyers at anyone who steals what you did.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
