Hello Gregory,

GM> Received: Wed, 2 Jun 2004 21:42:14 +0900
GM> And lo, Lothar wrote:

>> But you must provide the decryption code. And whatever you do, you only
>> need to add one print stratement at the right position to dump the encryption
>> key. And if this position is known, the cracker got it.

GM> Why even bother modifying the ruby source?

GM> Create a C extension that defines a "myrequire", or redefines
GM> require so that it loads the provided ruby script after passing it
GM> through your proprietary decrypting code. Then call ruby with ruby
GM> -r mydecrypter.so -e "myrequire 'main.crb'" (crb = encrypted
GM> ruby?). The C extension doesn't need to be GPL, as it's not a part
GM> of the ruby interpreter, just a compiled .so that's loaded at run
GM> time. No need to provide the code for that.

At some time you must call into the ruby.dll/ruby.so and pass the
source code. So i could add a dump routine into the "rb_require" or the lower
level "rb_compile_string" (which converts the source code into the syntax
tree) in the ruby.dll and get all the code. I must only replace the
given ruby.dll with my patched one and get the same result.

I provide my own patched ruby distribution with my IDE, so i know how
easy it is to do so - even under windows. Linux may be much more easy.
I estimate 30 min to crack your code.


-- 
 Best regards,                        emailto: scholz at scriptolutions dot com
 Lothar Scholz                        http://www.ruby-ide.com
 CTO Scriptolutions                   Ruby, PHP, Python IDE 's