lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

While I could understand and appreciate most of the answers on this thread, this particular answer takes the cake for me. Thanks Fabien.

On Tue, Sep 17, 2013 at 6:48 PM, Fabien <> wrote:
Obfuscation is like a safelock: given enough resources, it's always possible to open it. Your goal is not to make it impossible, only to make it not worth it. So, to answer your original question, you need first to answer that one: who might harm you by reverse-engineering your work, and how much would they benefit from it?

If your code is not trivially tiny (say from a couple hundreds to a couple thousands lines depending on your opponent's determination), if you keep everything you can local rather than global, and if you ship it as stripped bytecode (luac -s), your opponent will have to understand your code with almost no variable/function names and no comments. If the code you write is naturally readable that way, then you truly are a world-class hacker, and I wish I worked with you :)

You can further obfuscate by encrypting that bytecode, but that's almost certainly not necessary, and not as safe as it sounds (you have to somehow embed the decryption key in the application). In most situations, nobody would want to read your sources if you gave them for free; they won't bother studying a decompiled version thereof.

If your demand is only to satisfy the anxiousness of a pointy-haired boss straight out of a Dilbert strip, I think you can do a bit of hand-waving about bytecode safety, comparing the situation with Java where few people obfuscate their classes, and where code theft by decompilation is not exactly perceived as an existential threat.