Re: scrambling perl source code

["Dana Epp" <dana () vulscan com>]

Hey Tim,

Even compiling it isn't enough. Its just as easy to use a decompiler and
then process it through some of perl's own back end translator routines
( -M0=Deparse etc) which can even de-obfuscate the code to some degree.
Although its better than doing "nothing", its not a far leap to get to the
sources from this stage with Perl.

I think following your thoughts at the end of your post (in looking for
alternatives) is a better way to go once we understand what Charles is
wanting to accomplish.

---
Regards,
Dana M. Epp


----- Original Message ----- 
From: "Tim Greer" <chatmaster () charter net>
To: "Charles Lacroix" <chuck () linuxquebec com>;
<security-basics () securityfocus com>
Sent: Tuesday, June 17, 2003 5:15 PM
Subject: Re: scrambling perl source code


> > From: "Charles Lacroix" <chuck () linuxquebec com>
> > To: <security-basics () securityfocus com>
> > Sent: Tuesday, June 17, 2003 1:18 PM
> > Subject: scrambling perl source code
> >
> >
> > hi, i found a couple of free/non free scripts that are able
> > to scramble the source of my perl scripts. But now starts
> > a new problem.
> >
> > How can i scramble the whole project and
> > not messing up mod_perl exported variables and methodes
> > in all my other scripts ?
> >
> > I want to scamble my modules and my scripts that go with them.
>
>
>
> If you can "scramble" it, it can be "descrambled". Short of compiling
(e.g,
> perlcc), you can't effectively deny people from getting the source. Since
> it's interpreted, there's several means of obtaining the raw source. Is
> there a reason why you want to 'scramble' your code? Perhaps there's a
> better alternative to what you're wanting to accomplish?
> --
> Regards,
> Tim Greer  chatmaster () charter net
> Server administration, security, programming, consulting.
>
>
> --------------------------------------------------------------------------
-
> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
> The Gartner Group just put Neoteris in the top of its Magic Quadrant,
> while InStat has confirmed Neoteris as the leader in marketshare.
>
> Find out why, and see how you can get plug-n-play secure remote access in
> about an hour, with no client, server changes, or ongoing maintenance.
>
> Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> --------------------------------------------------------------------------
--
>


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------