lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Uli Kusterer wrote:
If you want to obscure the source code more than that, gzip it before inserting it into the C source, and use zlib to decompress it before calling luaL_loadbuffer, or write a little decompressing string loader and use lua_load. (I don't think this is a very good way of hiding your code; it is only effective against stupid people without smart friends :) But it does reduce executable size if the scripts are large.)

Yeah, just making them ZIP files wouldn't be very safe. I won't even try to deter anyone hell-bent on getting the data out of the file, but it's not really very desirable to make it as easy as just changing the suffix to .gz and suddenly the files unpack before your eyes...

As you said, there is no such thing as an inviolable security, but if you want to make things harder and discourage wannabe crackers using only simple recipes, you can use a number of simple encryption schemes, allowing easy and fast decryption by the runtime engine.

For example, you take an encryption string, and apply it to byte code, then decode it in memory before running it. I am not an encryption expert by any mean, so the simplest scheme I would apply would be to XOR the string against bytecode, so you just have to XOR it again to decode it...

Of course, that doesn't solve backward compatibility, I guess you have to ship recompiled code with the new engine.

--
Philippe Lhoste
--  (near) Paris -- France
--  http://Phi.Lho.free.fr
--  --  --  --  --  --  --  --  --  --  --  --  --  --