[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Is obfuscation meaningful way to protect proprietary Lua code ?
- From: KHMan <keinhong@...>
- Date: Sun, 15 Sep 2013 19:39:45 +0800
On 9/15/2013 7:24 PM, Jayanth Acharya wrote:
On Sun, Sep 15, 2013 at 4:43 PM, Dirk Laurie wrote:
2013/9/15 Jayanth Acharya :
> Based on my reading so far, Lua bytecode can be decompiled,
and the only Lua
> obfuscator, which is an online service, doesn't seem to
work for the simple
> 5 line Lua script I tried. It it right that obfuscation is
then not a
> meaningful way to protect proprietary Lua code and thus a
> doesn't exist to do so ?
You can strip the Lua source from the bytecode. The resulting
be disassembled but not decompiled. I've seen Lua packages
defined as a sequence of hex-coded bytes which are turned into
by loading them.
You could go further and encrypt those strings, requiring a
But really, if protecting proprietary code is you mission in
life, Lua is
not the ideal vehicle for you.
That's an excellent question that I have asked myself, and if I
have an option, then the answer is certainly a 'no'. I began
learning Lua for fun and out of curiosity while dabbling a little
with FreeSWITCH. None of this is part of my official charter (my
day job), where we go at great lengths in imagining that our
source-code is the most valuable asset and it needs to be
protected like national treasure! If I ever happen to start using
Lua at work, I am afraid, I might have to answer this question
about obfuscation, at one point or the other.
This has been discussed on the list in the past. IMHO anything
executable can eventually be decompiled, it depends on how much
resources one wants to throw at the problem. If someone wants to
target your company's secret sauce, they will eventually find it,
but it might take enormous effort, hence the tradeoff.
Renaming locals etc used in squish are source code obfuscators. I
guess encrypting bytecode is better, though eventually a
persistent actor with resources will get at the stuff. It would
take more effort though. But there are decompilers for C and C++
Kein-Hong Man (esq.)
Kuala Lumpur, Malaysia