[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Is obfuscation meaningful way to protect proprietary Lua code ?
- From: Sean Conner <sean@...>
- Date: Sun, 15 Sep 2013 17:07:48 -0400
It was thus said that the Great steve donovan once stated:
> On Sun, Sep 15, 2013 at 1:14 PM, Thijs Schreijer
> <thijs@thijsschreijer.nl> wrote:
> > Have a look at squish [1], it packs and minifies, and has options to also replace long names with short ones. So maybe not intended as obfuscation, it might be useful as such.
>
> That's a good answer. Nothing puts a person off looking at bytecode
> dissembly faster than short meaningless variables.
>
> Decrypt-on-the-fly works as well, if you can keep the key private.
This is more of an accidental result, but for a program at work (The
Kitchen Sink Lua interpreter), I embedded all the modules required to run
our scripts (mainly used for testing) into a single executable (so the only
thing needed to be installed is the executable and possible script(s) to
run). For the Lua-based modules, I first compile them into bytecode (using
luac---development and testing run the same platform), then compress (using
libz) and create a .C file with the resulting byte code that is compiled
into the main executable [1].
I think this would be enough to stop all but the most dedicated, and,
aside from the bare module names (such as "LuaXML_lib") it might not even be
apparent Lua is embedded and used.
-spc
[1] Basically, what I described here:
http://boston.conman.org/2013/03/23.1
only with a decompression step when loading the Lua based modules.