RE: Obfusacating the source

2002-11-22 Thread Michael Robinton 
I am in the process of releasing these two modules which together provide
perl source obfuscation. They are not uniquely Apache oriented though I've
never used them for anything else, thus the designation in Crypt. They
have been used in production for over 2 years with little in the way of
updates so they could be termed stable. The name has been changed so
that it fits into the CPAN hierarchy a little better.

Crypt-CapnMidNite-1.00.tar.gz
Crypt-License-2.00.tar.gz

They may be found at:

http://www.bizsystems.net/downloads/other

README from Crypt::License

Crypt::License

This module set provides tools to effectively obfuscate perl source
code and allow it to be decoded and executed based on host server, user,
expiration date and other parameters. Further, decoding and execution can
be set for a system wide key as well as a unique user key.

In addition, there are a set of utilities that provide email notification
of License expiration and indirect use of the encrypted modules by other
standard modules that may reside on the system. i.e. sub-process calls by
Apache-AuthCookie while not in user space.

Tools and Makefile.PL additions are included to allow the creation of
encrypted distribution binaries with commands

make crypt
make cryptdist

Basic operation:

Encryption uses a modified RC4 algorithim to convert the text perl file
into
a binary consisting of bits -- this is a non-text file. When perl
attempts
to load the module if first encounters use Crypt::License; at the
beginning of the file which in turn decrypts the stream of bits and
delivers it directly to the perl interpreter.

Details in the POD's

Michael

Obfusacating the source

2002-11-19 Thread Francesc Guasch 
I know it's not the way to go, but anyway I must
do it.

I need some tool that gets all the perl modules and
mason components, of an application we made, and obfucaste
it a little.

The idea is get something just a little difficult to
read, so the customer engineers have a hard time if
they try to read the source.

Re: Obfusacating the source

2002-11-19 Thread John Saylor 
Hi

( 02.11.19 19:48 +0100 ) Francesc Guasch:
 The idea is get something just a little difficult to
 read, so the customer engineers have a hard time if
 they try to read the source.

Call all variables 1 char names
Replace all comments with 'comment here'

-- 
.--- ...

Re: Obfusacating the source

2002-11-19 Thread Mark Fowler 

 I need some tool that gets all the perl modules and
 mason components, of an application we made, and obfucaste
 it a little.

See Acme::Bleach

http://search.cpan.org/author/DCONWAY/Acme-Bleach/lib/Acme/Bleach.pm

It works by source filtering and encoding the source as whitespace chars.

(see also Acme::Bleach, Acme::Pony...)

-- 
s''  Mark Fowler London.pm   Bath.pm
 http://www.twoshortplanks.com/  [EMAIL PROTECTED]
';use Term'Cap;$t=Tgetent Term'Cap{};print$t-Tputs(cl);for$w(split/  +/
){for(0..30){$|=print$t-Tgoto(cm,$_,$y). $w;select$k,$k,$k,.03}$y+=2}

Re: Obfusacating the source

2002-11-19 Thread Francesc Guasch 
John Saylor wrote:

Hi
( 02.11.19 19:48 +0100 ) Francesc Guasch:

The idea is get something just a little difficult to
read, so the customer engineers have a hard time if
they try to read the source.



Call all variables 1 char names
Replace all comments with 'comment here'


That looks like what my boss wants me to do.
But I think it's one of those things that looks
easy to do, and you can have most of it done in
very little time. But make it completely could
be overkill.

Just like a templating module.  ;)

Re: Obfusacating the source

2002-11-19 Thread Thomas Klausner 
Hi!

On Tue, Nov 19, 2002 at 07:08:00PM +, Mark Fowler wrote:
 
  I need some tool that gets all the perl modules and
  mason components, of an application we made, and obfucaste
  it a little.
 
 See Acme::Bleach

In fact you're probably better off using Acme::EyeDrops

http://search.cpan.org/author/ASAVIGE/Acme-EyeDrops-1.16/lib/Acme/EyeDrops.pm

With Acme::Bleach, you'll need to say

  use Acme::Bleach

at the beginning of your bleached module.

Acme::EyeDrops uses a big Regex, or (probably saver for your needs)
call it with Regex = 0 to generate a string to be evaled. So no need
for 'use Acme::EyeDrops', so no telltale sign for the cracker.

But no matter what Obfuscator you use: Obfuscation won't stop a determined
reader to get to the source. 

shameless plug
You might want to check out the slides of my talk The Dark Art of
Obfuscation, held at YAPC::Europe 2002:
  http://domm.zsi.at:/talks/obfu_yapc2002/
/shameless plug

-- 
#!/usr/bin/perlhttp://domm.zsi.at
for(ref(bless[],just'another'perl'hacker)){s-:+-$-gprint$_.$/}

RE: Obfusacating the source

2002-11-19 Thread Jesse Erlbaum 
Hi Francesc --


 I need some tool that gets all the perl modules and
 mason components, of an application we made, and obfucaste
 it a little.

 The idea is get something just a little difficult to
 read, so the customer engineers have a hard time if
 they try to read the source.


I have two suggestions for you.  First, you can make your code
un-maintainable by following the excellent advice in this little primer:

  http://mindprod.com/unmain.html


Second, you can hire Damian Conway.  Here is an example of his expertise in
the world of hidden meaning:

  http://libarynth.f0.am/cgi-bin/view/Libarynth/SelfGOL


Back-in-the-day there was the idea of doing a core-dump and then
un-dumping your core into a running state.  I don't know how this would
work with a Mason-based system, however.  Then, there is always creating a
special installation of Perl which can decrypt the code prior to parsing.
That sounds like a weekend project for the suitably twisted.


Warmest regards,

-Jesse-


--

  Jesse Erlbaum
  The Erlbaum Group
  [EMAIL PROTECTED]
  Phone: 212-684-6161
  Fax: 212-684-6226