Re: Is obfuscation meaningful way to protect proprietary Lua code ?

[Jayanth Acharya <jayachar88@...>]

On Sun, Sep 15, 2013 at 4:43 PM, Dirk Laurie <dirk.laurie@gmail.com> wrote:

2013/9/15 Jayanth Acharya <jayachar88@gmail.com>:

> Based on my reading so far, Lua bytecode can be decompiled, and the only Lua
> obfuscator, which is an online service, doesn't seem to work for the simple
> 5 line Lua script I tried. It it right that obfuscation is then not a
> meaningful way to protect proprietary Lua code and thus a working tool
> doesn't exist to do so ?

You can strip the Lua source from the bytecode. The resulting bytecode can
be disassembled but not decompiled. I've seen Lua packages with strings
defined as a sequence of hex-coded bytes which are turned into functions
by loading them.

You could go further and encrypt those strings, requiring a password to
decrypt.

But really, if protecting proprietary code is you mission in life, Lua is
not the ideal vehicle for you.

That's an excellent question that I have asked myself, and if I have an option, then the answer is certainly a 'no'. I began learning Lua for fun and out of curiosity while dabbling a little with FreeSWITCH. None of this is part of my official charter (my day job), where we go at great lengths in imagining that our source-code is the most valuable asset and it needs to be protected like national treasure! If I ever happen to start using Lua at work, I am afraid, I might have to answer this question about obfuscation, at one point or the other.