Is the "the enemy" the competition? Exactly those sure know how to
call a decompiler, or how to find the decryption code in your C code,
and apply it.
Sure they can and I've said there's no perfect protection. The aim is only to "encrypt" code with minimal effort in the way "decrypting" is simply uneconomical (unprofitable).
Consider also I am here thinking mostly about using LuaJIT is some indie or mobile development, where there is no single big "enemy" like in AAA, but thousands of developers that can peek (and they sure will) into your application. Most of them do not know much about IDA and stuff, some probably heard about Lua, but they do not have to be skilled to unzip your app (IPA) and read your text file scripts.
And I don't believe in good will of the competition, as I have seen many copied ideas and projects (including mine), many stealing code (like linking GPL code without absolutely no disclaimers) from others and pretty many scam too, especially on AppStore. It's not a big deal if you are big company and you have lawyers, but if you are small or one man company basic protection matters.
No, if you want byte code support, you need to argue with:
* size on harddisc
* loadding time
* portability with lua tools creating bytecode
IMHO portability has least importance, since you can prepare separate bytecode for each deployment scenario. Size& loading time matters also only for big projects.
Never this encryption "arms race":
Take a look at:
http://permalink.gmane.org/gmane.comp.lang.lua.general/77118
To see Mike Palls hate against the obfustication / deobfustication "arms race".
I do understand this as this "arms race" is simple paranoid, but try do understand my point, that one of the reasons Java or .NET are popular in commercial projects you can have this basic level of protection of the box, however these are pretty heavy frameworks too, for example putting Mono in iPhone app takes away minimum 10MB, while 20MB is a limit of apps that can be distributed via 3G.
Regular Lua gives this basic level of protection which is bytecode that you can then embed into your application even into the binary and make custom loader. Pretty simple, but again requires skill to extract and decompile that. With LuaJIT you are limited because you need textual source code to be embedded anyhow.
I did have similar kind of discussion on Ruby forums. Some folks said, "protecting the code? what for!? world is beautiful, let's share the code!", unfortunately there were not using Ruby in commercial projects that are sold as a bundles/apps, but many of them were Rubyists living from talks and conferences ;P
Regards,