Re: Obfuscating Ruby Code.

< ^ > P N |<>|^_>< --- | ~ ...Help
On Wed, Jun 02, 2004 at 01:36:24PM +0200, Lothar Scholz wrote:
> Hello Michael,
> 
> MN> On Wed, Jun 02, 2004 at 01:04:55PM +0200, Lothar Scholz wrote:
> >> Hello Michael,
> >> 
> >> MN> On Wed, Jun 02, 2004 at 06:08:39AM +0900, Ken Hilton wrote:
> >> >> Does anyone know of a Ruby source code obfuscator that's reliable and
> >> >> readily available?  If so, I'd appreciate a pointer to it (apparently, both
> >> >> ruby-lang and rubygarden are down at the time of this posting so I can't
> >> >> check for myself.)
> >> 
> >> MN> Take a look at bRuby. It can dump the interal node-tree and then load it
> >> MN> again (as far as I understand it). No Ruby sourcecode anymore. See also
> >> MN> the Exerb project. 
> >>  
> >> MN> http://bruby.sourceforge.jp/index.en.html
> >> 
> >> But this is easy to reverse. It does not much more then removing the
> 
> MN> Hm, I thought, a node-dump does not contain the variable names (local
> MN> variables), or at least does not require them for execution? I am
> MN> probably wrong.
> 
> Look at "node.h". The nodes store ID values which are atoms (integers
> that represent strings in a unique way). But there is no garantee that
> one atom name integer as in the next ruby.exe start. And of course
> they depend on the "require" order of the different source files.
> 
> MN> Hm, sure, the method names must be stored. But one could modify the
> MN> interpreter to only store hashes of the method names, and use them to
> MN> call the methods. That might give quite good obfusciation. 
> 
> There is no possible mapping for this. Hashes are not unique. You must
> store the string in one way or the other. As long as you can look at
> the source every person with 1 year C experience can reverse this.

Hm, but you could replace all "method_name" methods with
"obfuscated_method_name" (e.g. using a SHA1 hash function) and if you
know all method names a priori, then you could use a perfect hash.  Or
if there should be a collision, then fall back using plain method names.

Obfusciating method names should be doable, and without knowing the real
names, it's much harder to read.

Regards,

  Michael