Obfuscator for Ruby/RoR

[Igor K.]

Hello,

I need to make my code unreadable, in Java(j2me) i used some
programs(obfuscators) to do it.
does ruby has this?

Thanks

 

[John Joyce]

Hello,

I need to make my code unreadable, in Java(j2me) i used some
programs(obfuscators) to do it.
does ruby has this?

Thanks

Just keep using Java. It will be hard to read!

 

[aalfred]

Hello,

I need to make my code unreadable, in Java(j2me) i used some
programs(obfuscators) to do it.
does ruby has this?

Why in the world are you using Ruby?

Ruby is *meant* to be joy and that's why is pretty and therefore
readable.
I stick with John: Just keep using Java. It IS ugly and noone will
read it!

:-E

 

[Mohit Sindhwani]

Why in the world are you using Ruby?

Ruby is *meant* to be joy and that's why is pretty and therefore
readable.
I stick with John: Just keep using Java. It IS ugly and noone will
read it!

:-E

Or, if you really want to mix and match, migrate some "critical"
algorithmic portions to C and compile them to executables and let your
script interface with the executable in one of the many ways that are there.

That way, you protect some things, but get some of the benefits of Ruby
anyway.

Cheers,
Mohit.
10/8/2007 | 3:46 PM.

 

[Ryan Davis]

I need to make my code unreadable, in Java(j2me) i used some
programs(obfuscators) to do it.
does ruby has this?

Eric and I wrote one (google for zenobfuscate)... It has been used in
an OSX (rubycocoa) production app. We decided to put a $2500 license
fee on it to filter the serious from the non-serious. Let me know if
you're serious.

 

[John Joyce]

Eric and I wrote one (google for zenobfuscate)... It has been used
in an OSX (rubycocoa) production app. We decided to put a $2500
license fee on it to filter the serious from the non-serious. Let
me know if you're serious.

Is that serious? At that price, it would be worth it to just write it
in C/C++ maybe even Cobol.

 

[M. Edward (Ed) Borasky]

Is that serious? At that price, it would be worth it to just write it in
C/C++ maybe even Cobol.

No, he asked if *Igor* was serious.

But seriously ... sheesh ... what the world needs more than anything
else is a language in which one can think of software and it
automatically appears, but only its creator can read it. We could call
it ... uh ... APL.

<ducking>

Am I as tired as I look?

 

[Alex Young]

Is that serious? At that price, it would be worth it to just write it in
C/C++ maybe even Cobol.

Something tells me that $2500 is cheaper than the time you'd need to do
that, plus you'd still get to develop in Ruby.

 

[Eric Hodel]

Is that serious? At that price, it would be worth it to just write
it in C/C++ maybe even Cobol.

Yes, we're serious. If you plan on making money off of software,
$2500 isn't be much money, 100 sales at $25 each.

 

[Wincent Colaiuta]

Eric and I wrote one (google for zenobfuscate)... It has been used in
an OSX (rubycocoa) production app. We decided to put a $2500 license
fee on it to filter the serious from the non-serious. Let me know if
you're serious.

Have you done performance profiling on the compiled executables? Any
improvement over running in the interpreter? If so that might be a
selling point.

Cheers,
Wincent

 

[mortee]

Is that serious? At that price, it would be worth it to just write it in
C/C++ maybe even Cobol.

The price isn't the really interesting point here - if lack of this kind
of obfuscation would be the show-stopper for an ISV, this price isn't
all that unaffordable (especially in the US I guess). But this has
alerady been pointed out.

My main concern would be, after reading the announcement page, that
based on the software's restrictions (which is printed with half the
font size near the bottom of the page), I guess there's virtually no
Ruby code which meets those requirements. If for no other reason, just
because it uses libraries which aren't designed with that in mind.

Explicit returns everywhere? No code blocks? If I have to pay $2500 just
for the opportunity to *rewrite* all my code in a really C-like manner,
just so that it can be translated into actual C, then I'd say it's
really not worth it. In that case, I could actually have written it in C
in the first place.

Please correct me if I'm overly wrong here.

mortee

 

[Eric Hodel]

Have you done performance profiling on the compiled executables? Any
improvement over running in the interpreter? If so that might be a
selling point.

Its roughly the same due to use of rb_funcall().

 

[ara.t.howard]

If for no other reason, just
because it uses libraries which aren't designed with that in mind.

if you are using libraries it's extremely likely that the license of
said libs will prohibit that which you seek. fyi.

a @ http://codeforpeople.com/

 

[John Joyce]

if you are using libraries it's extremely likely that the license
of said libs will prohibit that which you seek. fyi.

+10 ara!

Indeed, this may be part of the goal of obfuscation at times!
Circumventing open source licensing...
... or does obfuscation already do that???

 

[Eric Hodel]

The price isn't the really interesting point here - if lack of this
kind of obfuscation would be the show-stopper for an ISV, this
price isn't all that unaffordable (especially in the US I guess).
But this has alerady been pointed out.

My main concern would be, after reading the announcement page, that
based on the software's restrictions (which is printed with half
the font size near the bottom of the page), I guess there's
virtually no Ruby code which meets those requirements. If for no
other reason, just because it uses libraries which aren't designed
with that in mind.

Why would you obfuscate external libraries? You only need to
obfuscate your intellectual property. Leave everything else in ruby.

 

[mortee]

Why would you obfuscate external libraries? You only need to obfuscate
your intellectual property. Leave everything else in ruby.

I'm not sure how your software works, and whether it's possible to
obfuscate only those parts that one would want hidden.

However, the argument still applies that (at least in its current state)
it can't handle some of the constructs that make it worthwile coding in
Ruby, and which most probably appear at many places in any Ruby code not
written directly in C coding style. So it still seems to be true that if
one codes against your software's requirements, she looses the main
advantages Ruby provides.

mortee

 

[John Joyce]

Why would you obfuscate external libraries? You only need to
obfuscate your intellectual property. Leave everything else in ruby.

Still, I ask, why obfuscate at all? If it is for security reasons,
there are better solutions.
You get paid for your skills. If you're worried about job security,
just write code that works in a bad style (think really ugly style Perl)

 

[Charles Oliver Nutter]

Hello,

I need to make my code unreadable, in Java(j2me) i used some
programs(obfuscators) to do it.
does ruby has this?

The JRuby compiler can compile to Java bytecode and still run as normal;
that might be an option for you. The resulting bytecode can only
partially be decompiled into JRuby runtime code and can't currently be
decompiled to Ruby at all.

It's on trunk, will be in release 1.1 next month.

- Charlie

 

[M. Edward (Ed) Borasky]

You get paid for your skills.

Not necessarily ... you get paid for delivering value, not for how you
delivered it.

If you're worried about job security, just
write code that works in a bad style (think really ugly style Perl)

That's incredibly bad advice IMHO. The *last* thing you want to do is
write code you can't instantly understand yourself after being in a coma
for six months.

Ryan Davis has an excellent Ruby obfuscator for sale, which proves
there's a market for something that will allow *you* to read your code
and prevent *others* from reading it easily.

 

[Bill Kelly]

Still, I ask, why obfuscate at all? If it is for security reasons,
there are better solutions.

Most commercial desktop software I've installed in the last
decade requires some sort of serial number or registration key
to be provided to activate the software.

Increasingly, such programs also seem to be requiring an internet
connection, before becoming fully registered, so that the key
provided may be verified to be authentic and not in promiscuous
use.

Of course, people who really want to crack the software, and
people who really want to use cracked versions of the software
will do so regardless.

I think the head of a company that develops both games and
application software summed it up well in this interview:

http://www.gamespot.com/pc/strategy/galacticcivilizations2/news.html?sid=6145864&cpage=1

"Any copy protection system, in my opinion, should be focused on
trying to increase sales--not stop piracy. The two aren't the
same. Most people who pirate a software product would never have
purchased it. It's pointless to waste time on those people. The
people to focus on are the ones who might have bought your product
or service but chose not to because it was easier to pirate it."

Thus, their company opted not to include game-like copy protection
measures in their game (like requiring the CD in the drive), but
did use application-like registration key measures, and added
incentives like only allowing product updates to be downloaded to
registered versions.

Now...

What would happen if one released an un-obfuscated Ruby application,
and included typical application registration/activation logic in
the program, and added comments in the source code, like:

# Check registration. PLEASE DON'T REMOVE THIS, THANKS.
# WE ARE A SMALL COMPANY AND HOPE THAT YOU WILL BUY OUR
# SOFTWARE IF YOU LIKE IT.
app.check_valid_registration

I'm not trying to be coy by suggesting the above; I'm actually
wondering if it might work out OK. Since most users aren't
programmers, they likely wouldn't think to check the source to
remove the registration box. And the ones who would go looking
for a warez version would have been able to do so regardless of
whether your source was obfuscated or not.

If I have the courage, I may try this someday.


Regards,

Bill