Software as a Service, with owned hosting.
Yes! This is the best one, but sometimes clients wants something
‘physically’ tangible :).
If clients want something they can touch and poke, a nice alternative,
not so “safe” as hosted but not so open as source code, it’s making it
an appliance. Deploy a virtualized server with your app hosted inside.
Since the software is free anyway there is no need for competition to
you can use rubyscript2exe too (rb2exe) ← Good compiler (i’m using it)
but
you can show the source code by entering the “prog name”
–eee-justextract(to extract) or list(to list the content)…
It turns out, that RubyEncoder uses following scheme: modified
Ruby-1.8.7 interpreter,
that stores encoded AST nodes along with encoding/restriction options,
while rgloader simply decodes it back to AST and executes.
So, using just a few quick and dirty hacks it is possible to get source
back:
one-byte change in library to call external ruby_exic instead of
ruby_exec:
require ‘encoded_script’ # protected code, you say?
RawParseTree.new.parse_tree_full().each do |sexp|
puts Ruby2Ruby.new.process(Unifier.new.process(sexp))
end
Example:
Original:
class EncodedHelloWorld
ENCODER_VERSION = “1.0”
def initialize
puts "Hello, world!"
end
end
Encoded:
RubyEncoder v1.0 evaluation
_d = _d0 = File.expand_path(File.dirname(FILE)); while 1 do _f =
_d + ‘/rgloader/loader.rb’; break if File.exist?(_f); _d1 =
File.dirname(_d); if _d1 == _d then raise “Ruby script '”+FILE+“’
is protected by RubyEncoder and requires the RubyEncoder loader.
Please visit the http://www.rubyencoder.com/loaders/ RubyEncoder site
to download the required loader and unpack it into '”+_d0+“/rgloader/’
directory to run this protected script.”; break; else _d = _d1; end;
end; require _f;
RGLoader::load(‘AAEAAAAEaAAAAIAAAAAA/1nu5hlzvK93ynRezwoJSWaAXO0XWYMyqYojzdIsXeg/n3sTUToqkcdtx9wMbCcidZy4WpqIq2fj9tHsyREq8dCcvPsiWYISiwZ2jFHadIF3FhHZ9eLhZWJTZuRZDYG3Zk0nttbBzuP6EgAAAPgAAACl6rEqW0Dbrjuf0Nl2ehDd4mtpWkb9bP504YjdDfJj1ZM0tqmLXWMXpXnXL1kFNqoEfnws38xmo1J0E/Ziw4typ+51d572ijDg17Xz7NWj9xEykyN4uXEKn/Dt1mKExla1mnX4eAKxbnOJrNqZPDmpIJdOEqOO+/CLfQIGvvKYt11MIyTZK9I2R4J+/oNK2RGwbmzynpFKV32zxdILn4thrQx3gDLbD5ZPbfR6qWsmtJT6pyxccj7RtwGSat4BetCUKmcHR6b/qvp6rvPtaA1m/1JuuGNLUzg3tHHLkA/U14GfF4af9VyqtLQy5ww+jHB6wz4BkFe06gAAAAA=’);
Output:
class EncodedHelloWorld
ENCODER_VERSION = “1.0”
def initialize
puts(“Hello, world!”)
end
end
I can guarantee that I can obfuscate code better than rubyencoder
can… well enough that you can’t get meaningful information back out
automatically (it would probably be quicker and more effective to
translate it back by hand after doing an automated pass on it). Well
enough that it isn’t worth your time for nearly everything put through
it.
are some good encoders for PHP but what do we have for Ruby?
there is zenobfuscate which translates to C, that prevents my above
statement from occurring… as others have pointed out, if you are just
munging source, you’re doing nothing… nothing at all to protect things.
encryption? it needs to be decrypted in order to run and then you’re dealing
with my original claim again…
I don’t know of any other method than removing the ruby source entirely.
Remember DOS games? These employed many baroque copy protection
schemes including specially formatted or perhaps even specially
manufactured floppies so that nobody could make a copy with standard
software or even any standard floppy drive. Still the popular ones
were disassembled and circulated without the protection, and the lame
ones forgotten.
You can also consider hardware keys (dongles), when these programs are
cracked, typically the software that interfaces with the dongle is
merely replaced.
I think what (a lot of) people are trying to say here is that you’re
spinning your wheels; there are plenty of successful ways to license and
sell your software, but copy protection typically isn’t one of them,
especially when you’re dealing with a product that caters to a technical
market… I mean, the average gamer isn’t really that technical, but
they can go to oodles of websites and download a 100K file that fixes
their problem of being forced to purchase the latest $50 entertainment
extravaganza, and they’ve been trying to solve this since computers had
ways to play games that didn’t come on ROM.
well… to varying levels of difficulty, yes…
time
either.
You’d be wrong. The effort to refactor IP needing obfuscation and
getting it converted and tested/able in its new form took less than 30
minutes. After that all conversions are simply part of the rake build
process (read: free). The amount of time it’d take to decompile and
then discern actual meaning would be much much greater than that.
well… to varying levels of difficulty, yes…
time
either.
You’d be wrong. The effort to refactor IP needing obfuscation and
getting it converted and tested/able in its new form took less than 30
minutes. After that all conversions are simply part of the rake build
process (read: free). The amount of time it’d take to decompile and
then discern actual meaning would be much much greater than that.
I find that the best solution is just to write unreadable code from the
beginning.
On Sat, Oct 25, 2008 at 06:07:00AM +0900, Ryan D. wrote:
haha! you are awesome. thank you for showing how easy it can be.
automatically (it would probably be quicker and more effective to
translate it back by hand after doing an automated pass on it). Well
enough that it isn’t worth your time for nearly everything put through
it.
I can probably guarantee that, if you do that, it’s not worth your
time
either.
There is no .class to .rb decompiler, and (though, I’m not sure) these
.class files cannot be decompiled even to .java ones.
Forget it, decompiling classes to very readable java source has been
trivial for many years.
I had missed this…but even if you could decompile .class to .java,
it’s still nearly worthless to you because it’s a bunch of JRuby
internals calls. I suppose the important bit is what you’re trying to
protect. If it’s the original Ruby code, then compiling to .class is
certainly good enough.
Hello
Anyone know how to do domain base encoding with rubyencoder?
Thanks
Sasha B. wrote in post #739510:
Mike G. wrote:
Ade I. wrote:
Interesting solution. May I also suggest that you try www.rubyencoder.com as this protects Ruby source code also. I am
involved in this project (disclaimer!) but thought it was appropriate to
mention it
The last time you advertised this product here, we had proven the claims
on your website to be false.
Could you suggest anything real to protect the Ruby code? We are still
working on our project and we use Ruby for it and need to protect the
code. We are still searching for a good solution for it. We are not just
Ruby enthusiasts and we are doing a real project. I wish we choose C to
develop our product and then have no problems in protecting the code.
But we use Ruby now for many reasons…
We do not want any conversions like Ruby to C or JRuby. We do not need
or want Java for its slowness. (We just do not need Java - don’t want to
get into a battle with Java fans And also we understand there is no
ideal 100% proved protection solutions for any language. I know there
are some good encoders for PHP but what do we have for Ruby?
On Sun, Oct 26, 2008 at 09:40:56PM +0900, James D. wrote:
process (read: free). The amount of time it’d take to decompile and
then discern actual meaning would be much much greater than that.
I find that the best solution is just to write unreadable code from the
beginning.
I find that the best solution is probably to encourage people that want
to “obfuscate” code to write unreadable (and, thus, unmaintainable) code
from the beginning. Evolution takes over at that point.
I rather suspect someone is overestimating the “protective” value of
obscurity in this case, anyway.
