From: fc@all.net (Dr. Frederick B. Cohen)
Date: Fri, 22 Dec 95 03:51:43 PST
To: cypherpunks@toad.com
Subject: Re: ex encrypted script
In-Reply-To: <199512220357.WAA02638@bioanalytical.com>
Message-ID: <9512221147.AA06064@all.net>
MIME-Version: 1.0
Content-Type: text


> > >| Is there a way to encrypt a script yet still allow it to be runnable?  I
> > >| know that the simple answer is to write it in C and compile it but I don't
> > >| have the means of doing that at the moment.  (i.e. there is not compiler on
> > >| the system)
> > >| 
> > >| I thought of a few simple protections but they all involve decrypting before
> > >| running.
> 
> I once had to obfuscate an awk script.  "Cryptography is Economics."  My
> job was to make it difficult for the enemy to steal the source.  There
> was a license agreement...
> 
> The simple answer of "no" is right in the strong sense, but there are
> tricks to make life difficult for the amateur attacker.
> 
> My approach was a self-decrypting program.  The "real" script was
> encrypted within the body of the encasing script.  For increased
> obfuscation, decrypt only small pieces at a time.

There is another technique by which the source is obscured by an
automatic rewrite mechanism.  This provides for both obscuration of the
source and the ability to determine who originated illicit copies.  I
believe it was first implemented by Gimbel Software as part of their
C-terp system (unpublished).  A paper on techniques for doing this has
also been published:

	"Operating System Protection Through Program Evolution"
	Computers and Security - 1992? 3? (F. Cohen)

-> See: Info-Sec Heaven at URL http://all.net/
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236