1995-12-22 - Re: ex encrypted script

Header Data

From: stevenw@best.com (Steven Weller)
To: cypherpunks@toad.com
Message Hash: 1cc7d8fd05f02884479e7dedfe92874d80f2dea57ecd02ec7c37638b927f9fbd
Message ID: <v0153050fad000b64a813@[206.86.1.35]>
Reply To: N/A
UTC Datetime: 1995-12-22 07:20:20 UTC
Raw Date: Thu, 21 Dec 95 23:20:20 PST

Raw message

From: stevenw@best.com (Steven Weller)
Date: Thu, 21 Dec 95 23:20:20 PST
To: cypherpunks@toad.com
Subject: Re: ex encrypted script
Message-ID: <v0153050fad000b64a813@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


>At 10:57 PM 12/21/95 -0500, Beavis B. Thoopit wrote:
>>> >| Is there a way to encrypt a script yet still allow it to be runnable?  I
>>> >| know that the simple answer is to write it in C and compile it but I
>>>don't
>>> >| have the means of doing that at the moment.  (i.e. there is not
>compiler on
>>> >| the system)
>>> >|
>>> >| I thought of a few simple protections but they all involve decrypting
>before
>>> >| running.
>>> >
>>> >    Ever hear of chmod?  chown?
>>> >Adam
>>>
>>> The vendor also has superuser access..  chmod chown won't protect it.. :(
>>
>>I once had to obfuscate an awk script.  "Cryptography is Economics."  My
>>job was to make it difficult for the enemy to steal the source.  There
>>was a license agreement...
>>
>>The simple answer of "no" is right in the strong sense, but there are
>>tricks to make life difficult for the amateur attacker.
>>
>>My approach was a self-decrypting program.  The "real" script was
>>encrypted within the body of the encasing script.  For increased
>>obfuscation, decrypt only small pieces at a time.
>>
>>
>There is encrypt and then there is render useless to the reader.
>
>A tale I hear is that when HP had to deliver operating system source to
>the french government they stripped all comments and changed all variable
>and subroutine names to 32 byte strings of I 1 0 (zero) and O (uppercase O).
>It still compiled but was 100% useless to human readers.

There is a commercial product out there from Gimpel Software called _The C
Shroud_. It removes all structure from the code, replacing it with gotos,
renames all the symbols to axxxxxxx, converts constants and strings to hex,
substitutes all #defines and expands all macros, strips all formatting and
comments, etc., resulting in a perfectly compilable, but infuriatingly
obfuscated set of source files.

-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995







Thread