Hey Bert, This sounds pretty interesting, can you share more about how to mangle names. Does it require a change in the VM to de-mangle?
Ron Teitelbaum > From: Bert Freudenberg > > On Mar 7, 2007, at 8:57 , [EMAIL PROTECTED] wrote: > > > Hi! > > > > Just a note - decompiling from bytecodes is very easy in Squeak. The > > only thing missing is the original indentation and any comments. But > > everything else is there. Just so you know. > > Well, if you're really concerned about decompiling, just mangle the > selectors. As long as you are not constructing Symbols at runtime > (#asSymbol, #intern:) this works perfectly well. Same for class names > and instance variable names. > > > Locking down the image is of course doable - so that you can't easily > > get to the tools etc - but there are of course ways to go around that > > too. For example, I guess you can use an image file analyzer (there is > > at least one I think) or hack a VM to do stuff when the image is > > loaded. > > Sure. But if the names are mangled this is about as much fun as > reverse engineering machine code. No wait, the tool support is still > better ;) > > >> But doesn't this imply that the source is downloaded, making it easy > >> (easier) to hack the system? I could make the private Monticello > >> connection secure, update the system and then delete the source... > >> just > >> thinking out loud. > > > > Yes - a Monticello package is just a zip file of source code. Sure, > > you > > can make the transfer "secure" using SSL or whatever - and you can > > apply > > it and throw it away > > Well, you certainly would want to encrypt and sign the patch. If you > are *that* paranoid I'd not even use MC but just image segments. > > It's all a question of cost/value. I for one would be more concerned > about preventing malicious code injection than the possibility of > reverse engineering. But you have to weigh that yourself. > > - Bert - > > > _______________________________________________ > Beginners mailing list > Beginners@lists.squeakfoundation.org > http://lists.squeakfoundation.org/mailman/listinfo/beginners _______________________________________________ Beginners mailing list Beginners@lists.squeakfoundation.org http://lists.squeakfoundation.org/mailman/listinfo/beginners
