Forum: Ruby I found way to protect Source Code! :)

62711fa2787e85b5f0c88e245ef69f54?d=identicon&s=25 Alexey Petrushin (axyd80)
on 2008-10-16 13:44
Hello!

Hope I found way how to protect Ruby sources.

The Super Product has been created and now we want to sell it. But there
is one problem, we are forced to distribute sources with it.

Solution? - The 'BlackBox' machine. :)

We take a computer, setup Linux with encrypted file system and install
our solution. The 'BlackBox' is fully functional as a web server and the
sources are also protected.
So, we can sell these 'BlackBox'es.

I've heard, that there is a way to hack Linux encrypted data if there is
a physical access to server-machine, but as far as i know it's hard
enough.
1636be0d225f58321def06fb92ab93a9?d=identicon&s=25 James Dinkel (jdinkel)
on 2008-10-16 14:17
Alexey Petrushin wrote:
> Hello!
>
> Hope I found way how to protect Ruby sources.
>
> The Super Product has been created and now we want to sell it. But there
> is one problem, we are forced to distribute sources with it.
>
> Solution? - The 'BlackBox' machine. :)
>
> We take a computer, setup Linux with encrypted file system and install
> our solution. The 'BlackBox' is fully functional as a web server and the
> sources are also protected.
> So, we can sell these 'BlackBox'es.
>
> I've heard, that there is a way to hack Linux encrypted data if there is
> a physical access to server-machine, but as far as i know it's hard
> enough.

Unless one of your developers is going to type in the encryption key
every time the computer gets rebooted, then the key and/or passphrase
will have to be stored on that computer unencrypted.  Which means that
if someone has physical access it will be trivial to gain access to the
encrypted data.

You only solution there is probably going to be to host the website in
your own datacenter and give clients access to it over the internet.
3cb4fdcf13aad6a7dcae83876b0e784e?d=identicon&s=25 Josef 'Jupp' Schugt (Guest)
on 2008-10-16 14:25
(Received via mailing list)
On Thu, 16 Oct 2008 13:43:37 +0200, Alexey Petrushin <axyd80@gmail.com>
wrote:

> We take a computer, setup Linux with encrypted file system and install
> our solution. The 'BlackBox' is fully functional as a web server and the
> sources are also protected.

As long as the system is up and running, the encrypted file system is
accessible as if it were not encrypted. Without securing the system
against intrusion in that state encryption is pointless.

Josef 'Jupp' Schugt
Cd022d941bfe6216023ae4634e07a05c?d=identicon&s=25 Ade Inovica (inovica)
on 2008-10-16 23:20
Interesting solution. May I also suggest that you try
www.rubyencoder.com as this protects Ruby source code also.  I am
involved in this project (disclaimer!) but thought it was appropriate to
mention it

Ade
3b1756d05466b4a78afd9aea7bb845c2?d=identicon&s=25 Aaron Turner (Guest)
on 2008-10-17 00:26
(Received via mailing list)
On Thu, Oct 16, 2008 at 2:20 PM, Ade Inovica <adrian.teasdale@gmail.com>
wrote:
> Interesting solution. May I also suggest that you try
> www.rubyencoder.com as this protects Ruby source code also.  I am
> involved in this project (disclaimer!) but thought it was appropriate to
> mention it

Both of these "solutions" are useful for keeping honest people honest,
but won't protect you against a determined attacker.
A246f7c0ce5f2909483d358bd9e83e4e?d=identicon&s=25 Mike Gold (mikegold)
on 2008-10-17 00:56
Ade Inovica wrote:
> Interesting solution. May I also suggest that you try
> www.rubyencoder.com as this protects Ruby source code also.  I am
> involved in this project (disclaimer!) but thought it was appropriate to
> mention it

The last time you advertised this product here, we had proven the claims
on your website to be false.

http://www.ruby-forum.com/topic/166458#731051

You have not made any changes or corrections to the website since.
D812408537ac3a0fa2fec96eb8811559?d=identicon&s=25 John Carter (johncarter)
on 2008-10-17 02:45
(Received via mailing list)
On Fri, 17 Oct 2008, Aaron Turner wrote:

> On Thu, Oct 16, 2008 at 2:20 PM, Ade Inovica <adrian.teasdale@gmail.com> wrote:
> Both of these "solutions" are useful for keeping honest people honest,
> but won't protect you against a determined attacker.

Solution? Translate it into perl.

Then no one can read it. ;-)



John Carter                             Phone : (64)(3) 358 6639
Tait Electronics                        Fax   : (64)(3) 359 4632
PO Box 1645 Christchurch                Email : john.carter@tait.co.nz
New Zealand
4a43907fd9a6714c1860eff2d9960a08?d=identicon&s=25 Sasha Bee (rubyman77)
on 2008-10-17 08:11
Mike Gold wrote:
> Ade Inovica wrote:
>> Interesting solution. May I also suggest that you try
>> www.rubyencoder.com as this protects Ruby source code also.  I am
>> involved in this project (disclaimer!) but thought it was appropriate to
>> mention it
>
>The last time you advertised this product here, we had proven the claims
>on your website to be false.
>

Could you suggest anything real to protect the Ruby code? We are still
working on our project and we use Ruby for it and need to protect the
code. We are still searching for a good solution for it. We are not just
Ruby enthusiasts and we are doing a real project. I wish we choose C to
develop our product and then have no problems in protecting the code.
But we use Ruby now for many reasons...

We do not want any conversions like Ruby to C or JRuby. We do not need
or want Java for its slowness. (We just do not need Java - don't want to
get into a battle with Java fans :) And also we understand there is no
ideal 100% proved protection solutions for any language. I know there
are some good encoders for PHP but what do we have for Ruby?
5a837592409354297424994e8d62f722?d=identicon&s=25 Ryan Davis (Guest)
on 2008-10-17 10:38
(Received via mailing list)
On Oct 16, 2008, at 23:10 , Sasha Bee wrote:

> Could you suggest anything real to protect the Ruby code? We are still
> working on our project and we use Ruby for it and need to protect the
> code. We are still searching for a good solution for it. We are not
> just
> Ruby enthusiasts and we are doing a real project. I wish we choose C
> to
> develop our product and then have no problems in protecting the code.
> But we use Ruby now for many reasons...

no, not really... anything that has ruby objects and ruby methods
involved can be popped wide open. If I can get my grubby paws on it, I
can play with it

> We do not want any conversions like Ruby to C or JRuby. We do not need
> or want Java for its slowness. (We just do not need Java - don't
> want to
> get into a battle with Java fans :) And also we understand there is no
> ideal 100% proved protection solutions for any language. I know there
> are some good encoders for PHP but what do we have for Ruby?

there is zenobfuscate which translates to C, that prevents my above
statement from occurring... as others have pointed out, if you are
just munging source, you're doing nothing... nothing at all to protect
things. encryption? it needs to be decrypted in order to run and then
you're dealing with my original claim again...

I don't know of any other method than removing the ruby source entirely.
F889bf17449ffbf62345d2b2d316a937?d=identicon&s=25 Michal Suchanek (Guest)
on 2008-10-17 12:46
(Received via mailing list)
On 17/10/2008, Ryan Davis <ryand-ruby@zenspider.com> wrote:
> >
> > are some good encoders for PHP but what do we have for Ruby?
> >
>
>  there is zenobfuscate which translates to C, that prevents my above
> statement from occurring... as others have pointed out, if you are just
> munging source, you're doing nothing... nothing at all to protect things.
> encryption? it needs to be decrypted in order to run and then you're dealing
> with my original claim again...
>
>  I don't know of any other method than removing the ruby source entirely.
>

Remember DOS games? These employed many baroque copy protection
schemes including specially formatted or perhaps even specially
manufactured floppies so that nobody could make a copy with standard
software or even any standard floppy drive. Still the popular ones
were disassembled and circulated without the protection, and the lame
ones forgotten.

So if your software is worth anything you can only reasonably protect
it by selling it as service hosted on servers protected both in
software and physically.

If you just want people paying money for using your software forget
protection. It's just additional effort and if you are lucky it does
not get in your way too much. Sell the software for price that people
who are likely going to use it can afford, and make the payment method
an easy one.

Also services like support and customization help getting some money
from your users.

If your application is that lame that anybody looking at the source
would run away screaming in horror then you probably need a better
coder.

I guess that's pretty much all that can be said about code protection.

Thanks

Michal
1636be0d225f58321def06fb92ab93a9?d=identicon&s=25 James Dinkel (jdinkel)
on 2008-10-17 15:49
Michal Suchanek wrote:
> On 17/10/2008, Ryan Davis <ryand-ruby@zenspider.com> wrote:
>> >
>> > are some good encoders for PHP but what do we have for Ruby?
>> >
>>
>>  there is zenobfuscate which translates to C, that prevents my above
>> statement from occurring... as others have pointed out, if you are just
>> munging source, you're doing nothing... nothing at all to protect things.
>> encryption? it needs to be decrypted in order to run and then you're dealing
>> with my original claim again...
>>
>>  I don't know of any other method than removing the ruby source entirely.
>>
>
> Remember DOS games? These employed many baroque copy protection
> schemes including specially formatted or perhaps even specially
> manufactured floppies so that nobody could make a copy with standard
> software or even any standard floppy drive. Still the popular ones
> were disassembled and circulated without the protection, and the lame
> ones forgotten.
>
> So if your software is worth anything you can only reasonably protect
> it by selling it as service hosted on servers protected both in
> software and physically.
>
> If you just want people paying money for using your software forget
> protection. It's just additional effort and if you are lucky it does
> not get in your way too much. Sell the software for price that people
> who are likely going to use it can afford, and make the payment method
> an easy one.
>
> Also services like support and customization help getting some money
> from your users.
>
> If your application is that lame that anybody looking at the source
> would run away screaming in horror then you probably need a better
> coder.
>
> I guess that's pretty much all that can be said about code protection.
>
> Thanks
>
> Michal

C can be reverse engineered and java jars can be converted back to
source code.  No program's source is 100% safe.  The suggestion of
selling it as a service and hosting the app on your own servers is as
close as you're going to get.  So don't freak out too much because you
can't get perfect code protection.  It just doesn't exist and yet
millions of people still pay for software.

Personally I do use rubyscript2exe for all my software (used internally
around the office).  That is mainly so I don't have to install the
entire ruby interpreter on every computer that uses the applications,
but it also has an added bonus of not making your source code readily
available.  It would be trivial to get to the source for someone that
knows rubyscript2exe, but most people aren't even going to give that a
thought.
Fd22ee3cfc7dac283ce8e451af324f7d?d=identicon&s=25 Chad Perrin (Guest)
on 2008-10-17 18:29
(Received via mailing list)
On Fri, Oct 17, 2008 at 07:23:32AM +0900, Aaron Turner wrote:
> On Thu, Oct 16, 2008 at 2:20 PM, Ade Inovica <adrian.teasdale@gmail.com> wrote:
> > Interesting solution. May I also suggest that you try
> > www.rubyencoder.com as this protects Ruby source code also.  I am
> > involved in this project (disclaimer!) but thought it was appropriate to
> > mention it
>
> Both of these "solutions" are useful for keeping honest people honest,

I might dispute that. . . .


> but won't protect you against a determined attacker.

. . . but not that.
Fd22ee3cfc7dac283ce8e451af324f7d?d=identicon&s=25 Chad Perrin (Guest)
on 2008-10-17 18:35
(Received via mailing list)
On Fri, Oct 17, 2008 at 10:49:16PM +0900, James Dinkel wrote:
>
> C can be reverse engineered and java jars can be converted back to
> source code.  No program's source is 100% safe.  The suggestion of
> selling it as a service and hosting the app on your own servers is as
> close as you're going to get.  So don't freak out too much because you
> can't get perfect code protection.  It just doesn't exist and yet
> millions of people still pay for software.

http://blogs.techrepublic.com.com/security/?p=363

That might be relevant.  Getting paid is more about your business model
than it is about trying to stifle competition.


>
> Personally I do use rubyscript2exe for all my software (used internally
> around the office).  That is mainly so I don't have to install the
> entire ruby interpreter on every computer that uses the applications,
> but it also has an added bonus of not making your source code readily
> available.  It would be trivial to get to the source for someone that
> knows rubyscript2exe, but most people aren't even going to give that a
> thought.

Personally, I consider making source code more troublesome to recover a
bug, not a feature.
1bac2e65d64faf472cf2ebc94f0f5ee0?d=identicon&s=25 Ara Howard (ahoward)
on 2008-10-17 18:40
(Received via mailing list)
On Oct 17, 2008, at 12:10 AM, Sasha Bee wrote:

> Could you suggest anything real to protect the Ruby code? We are still
> working on our project and we use Ruby for it and need to protect the
> code. We are still searching for a good solution for it. We are not
> just
> Ruby enthusiasts and we are doing a real project. I wish we choose C
> to
> develop our product and then have no problems in protecting the code.

you know C can be de-compiled right?

>
> But we use Ruby now for many reasons...


if you believe in selling software then you believe in market forces,
if you believe in market forces you believe that people will not steal
when the risk to reward ratio doesn't make sense.  consider micro$ and
it's products: they are obfusicated, with keys, and anyone can
download them from the internet along with keys in an instant.  same
goes for photoshop, etc.  anytime the price is so high that the risk
of sharing is stealing, combined with the risk of getting caught, is
low, people are going to *immediately* subvert your costly efforts.
it's so much simpler just to run your software as a service : so far
no one has bootlegged google...

regards.

a @ http://codeforpeople.com/
62711fa2787e85b5f0c88e245ef69f54?d=identicon&s=25 Alexey Petrushin (axyd80)
on 2008-10-18 22:08
Thanks for advices :)

So, as I understood, there are:

- Software as a Service, with owned hosting.
Yes! This is the best one, but sometimes clients wants something
'physically' tangible :).

- JRuby Compiler (http://wiki.jruby.org/wiki/JRuby_Compiler)
It's fully finished and ready to use.

Translates <name>.rb => <name>.class and because it's not one to one
mapping there is an information lost, that can be seen as the
obfuscation.

There is no .class to .rb decompiler, and (though, I'm not sure) these
.class files cannot be decompiled even to .java ones.

- Zenobfuscate (http://blog.zenspider.com/zenobfuscate/)
Has some limitations.
I've choose Ruby for all it's goodnesses, and don't want to give back
any of it. I'll better leave the product open than will agree to any
limitation.

- rubyencoder (rubyencoder.com)
Somehow they do it, don't know though how.



It seems, that JRuby Compiler is really what i need :).

I just want to rise barrier, to buy time if some company will try to
build a copy-product. For sure they'll can reverse engineer it, but not
so fast as if they will have original sources.
There is no need to protect from hackers & cracks, my product will be
free (but not open).
F889bf17449ffbf62345d2b2d316a937?d=identicon&s=25 Michal Suchanek (Guest)
on 2008-10-20 14:34
(Received via mailing list)
On 18/10/2008, Alexey Petrushin <axyd80@gmail.com> wrote:
>
>  Translates <name>.rb => <name>.class and because it's not one to one
>  mapping there is an information lost, that can be seen as the
>  obfuscation.
>
>  There is no .class to .rb decompiler, and (though, I'm not sure) these
>  .class files cannot be decompiled even to .java ones.

It can be decompiled easily, there are decompilers for a long time
already.

>
>
>  It seems, that JRuby Compiler is really what i need :).
>
>  I just want to rise barrier, to buy time if some company will try to
>  build a copy-product. For sure they'll can reverse engineer it, but not
>  so fast as if they will have original sources.
>  There is no need to protect from hackers & cracks, my product will be
>  free (but not open).

I would really like to understand the thinking of the 'freeware'
authors.

Since the software is free anyway there is no need for competition to
develop a copy-product. They can have it, and for free.

On the other hand, if they want to improve on the product it is easier
if it is opensource, and you as the author of the original can have
the improvement then as well if you choose a license that warrants
that.

The most annoying part of 'freeware' is when it contains a bug or is
incompatible with a newer system, and the original author is no longer
reachable or won't bother to fix the problem.

But since it's your software use whatever feels right for you.

I am free to use the software - or not use it. Or perhaps only to not
use it if you translate it into java classes, and I am by chance
sitting at a system for which there is no decent Java runtime.

Thanks

Michal
0075c9c01267b117ac97b7a02f97dbd4?d=identicon&s=25 |||=[Mathspeedy]=||| |||=[Z3d0clan]=||| (Guest)
on 2008-10-20 22:59
(Received via mailing list)
On Mon, Oct 20, 2008 at 8:32 AM, Michal Suchanek
<hramrach@centrum.cz>wrote:

> >  It's fully finished and ready to use.
> >
> >
> Since the software is free anyway there is no need for competition to
>
>
you can use rubyscript2exe too (rb2exe) <-- Good compiler (i'm using it)
but
you can show the source code by entering the "prog name"
--eee-justextract(to extract) or list(to list the content)...
Fd22ee3cfc7dac283ce8e451af324f7d?d=identicon&s=25 Chad Perrin (Guest)
on 2008-10-21 00:06
(Received via mailing list)
On Sun, Oct 19, 2008 at 05:07:59AM +0900, Alexey Petrushin wrote:
>
> any of it. I'll better leave the product open than will agree to any
> limitation.
>
> - rubyencoder (rubyencoder.com)
> Somehow they do it, don't know though how.

. . . or come up with a business model that doesn't rely on the
government trying to subvert natural laws.


>
>
>
> It seems, that JRuby Compiler is really what i need :).
>
> I just want to rise barrier, to buy time if some company will try to
> build a copy-product. For sure they'll can reverse engineer it, but not
> so fast as if they will have original sources.
> There is no need to protect from hackers & cracks, my product will be
> free (but not open).

So . . . what's the point of obscuring the code?
0075c9c01267b117ac97b7a02f97dbd4?d=identicon&s=25 |||=[Mathspeedy]=||| |||=[Z3d0clan]=||| (Guest)
on 2008-10-21 00:26
(Received via mailing list)
On Mon, Oct 20, 2008 at 6:04 PM, Chad Perrin <perrin@apotheon.com>
wrote:

> > It's fully finished and ready to use.
> > I've choose Ruby for all it's goodnesses, and don't want to give back
> >
> So . . . what's the point of obscuring the code?
>
> --
> Chad Perrin [ content licensed PDL: http://pdl.apotheon.org ]
> Just tao it.  http://tao.apotheon.org
>


This language is opensource I think if everyone use it with closed
source it
will be like the C language not open source, just, encrypt it and
send the decrypt key to the peoples that ask you for it, and make the
key
only work for X days or X ... (corrupt it) like with the GPG option ...
F745d7fbe0dbe947aa1082aabb2b6a4f?d=identicon&s=25 Redd Vinylene (Guest)
on 2008-10-21 08:37
(Received via mailing list)
I don't always trust my ISPs so I'd very much like to run my Rails apps
encrypted.

On Tue, Oct 21, 2008 at 12:24 AM, |||=[Mathspeedy]=|||
|||=[Z3d0clan]=||| <
A5f9051583f414c1e1b5d76c21914dff?d=identicon&s=25 Joni Niemi (jniemi)
on 2008-10-21 12:58
Alexey Petrushin wrote:
> Thanks for advices :)
>
> So, as I understood, there are:
>
> - Software as a Service, with owned hosting.
> Yes! This is the best one, but sometimes clients wants something
> 'physically' tangible :).

Hi,

just my 5 cents worth (that's Euro cents, then).

If you only have a few clients, it's basically OK to give them the
source code as well: as the source code is protected by copyright laws
(unless you live in a very exotic contry like Somalia), your clients are
legally bound not to redistribute or even use the software elsewhere
(even in-house!). It probably isn't even in the clients' best interest
to give the source code out, especially if the code supports some
business functionality that gives them advantage over competition. The
risk of getting caught in such case is moderately high, with severe
fines backed up by copyright law and hopefully your SW license/contract.
In fact, you can probably get customers more easily by handing out
source code as well, as that gives them some guarantees in case you get
hit by the truck or your company bankrupts or something as bad from a
market-economy-point-of-view.

As for commercial, consumer-targeted mass distribution, I suppose I
would use something else than ruby. At least for the moment. :-)

Anyhow, for all that GPL-style code lying around, companies are becoming
more approving of SaaS solutions (even asking for it -- as a plus side
you get all that system administration out of the house). I don't think
there are many good business reasons having your servers in-house,
unless your business is server farming...

Cheers,

Joni
4828d351301250e89a68e307ba3a8329?d=identicon&s=25 Pedro Arnal Puente (Guest)
on 2008-10-21 13:17
(Received via mailing list)
Hello

2008/10/18 Alexey Petrushin <axyd80@gmail.com>:
> Thanks for advices :)
>
> So, as I understood, there are:
>
> - Software as a Service, with owned hosting.
> Yes! This is the best one, but sometimes clients wants something
> 'physically' tangible :).

If clients want something they can touch and poke, a nice alternative,
not so "safe" as hosted but not so open as source code, it's making it
an appliance. Deploy a virtualized server with your app hosted inside.

> - JRuby Compiler (http://wiki.jruby.org/wiki/JRuby_Compiler)
> It's fully finished and ready to use.
>
> Translates <name>.rb => <name>.class and because it's not one to one
> mapping there is an information lost, that can be seen as the
> obfuscation.
>
> There is no .class to .rb decompiler, and (though, I'm not sure) these
> .class files cannot be decompiled even to .java ones.

Forget it, decompiling classes to very readable java source has been
trivial for many years.
D57f4a4788599a38494865a121f16bbe?d=identicon&s=25 Dmitry Severin (dseverin)
on 2008-10-23 23:40
(Received via mailing list)
On Fri, Oct 17, 2008 at 1:55 AM, Mike Gold <mike.gold.4433@gmail.com>
wrote:
>
> You have not made any changes or corrections to the website since.

Found link to RubyEncoder on InfoQ (
http://www.infoq.com/news/2008/10/rubyencoder ), and just for fun,
decided to look how difficult would it be to crack it :)

It turns out, that RubyEncoder uses following scheme: modified
Ruby-1.8.7 interpreter,
that stores encoded AST nodes along with encoding/restriction options,
while rgloader simply decodes it back to AST and executes.

So, using just a few quick and dirty hacks it is possible to get source
back:

1) one-byte change in library to call external ruby_exic instead of
ruby_exec:
----------------
$ cmp -l rgloader.linux.so.original rgloader.linux.so
  4616 145 151
----------------

2) A bit patched ruby, ruby-1.8.6/eval.c to keep injected AST:
----------------
NODE *ruby_eval_hack;
int
ruby_exic(){
    volatile NODE *tmp;
    int state;

    Init_stack((void*)&tmp);
    ruby_eval_hack = ruby_eval_tree;
    state = ruby_exec_internal();
    return state;
}
----------------

3) Patch for RawParseTree in ParseTree-3.0.1/lib to retrieve sexp from
intercepted tree:
----------------
builder.prefix " #{extern_mode} NODE *ruby_eval_hack; "
builder.c %Q{
static VALUE parse_tree_full() {
        VALUE result = rb_ary_new();
        add_to_parse_tree(self, result, ruby_eval_hack, NULL);
        return result;
}
----------------

4) And, finally, simple environment to get source code back from
RubyEncoder:
----------------
require 'rubygems'
require 'parse_tree'
require 'ruby2ruby'

require 'encoded_script' # protected code, you say?

RawParseTree.new.parse_tree_full().each do |sexp|
  puts Ruby2Ruby.new.process(Unifier.new.process(sexp))
end
----------------

Example:
Original:
----------------
class EncodedHelloWorld
        ENCODER_VERSION = "1.0"

        def initialize
                puts "Hello, world!"
        end
end
----------------

Encoded:
----------------
# RubyEncoder v1.0 evaluation
_d = _d0 = File.expand_path(File.dirname(__FILE__)); while 1 do _f =
_d + '/rgloader/loader.rb'; break if File.exist?(_f); _d1 =
File.dirname(_d); if _d1 == _d then raise "Ruby script '"+__FILE__+"'
is protected by RubyEncoder and requires the RubyEncoder loader.
Please visit the http://www.rubyencoder.com/loaders/ RubyEncoder site
to download the required loader and unpack it into '"+_d0+"/rgloader/'
directory to run this protected script."; break; else _d = _d1; end;
end; require _f;
RGLoader::load('AAEAAAAEaAAAAIAAAAAA/1nu5hlzvK93ynRezwoJSWaAXO0XWYMyqYojzdIsXeg/n3sTUToqkcdtx9wMbCcidZy4WpqIq2fj9tHsyREq8dCcvPsiWYISiwZ2jFHadIF3FhHZ9eLhZWJTZuRZDYG3Zk0nttbBzuP6EgAAAPgAAACl6rEqW0Dbrjuf0Nl2ehDd4mtpWkb9bP504YjdDfJj1ZM0tqmLXWMXpXnXL1kFNqoEfnws38xmo1J0E/Ziw4typ+51d572ijDg17Xz7NWj9xEykyN4uXEKn/Dt1mKExla1mnX4eAKxbnOJrNqZPDmpIJdOEqOO+/CLfQIGvvKYt11MIyTZK9I2R4J+/oNK2RGwbmzynpFKV32zxdILn4thrQx3gDLbD5ZPbfR6qWsmtJT6pyxccj7RtwGSat4BetCUKmcHR6b/qvp6rvPtaA1m/1JuuGNLUzg3tHHLkA/U14GfF4af9VyqtLQy5ww+jHB6wz4BkFe06gAAAAA=');
----------------

Output:
----------------
class EncodedHelloWorld
  ENCODER_VERSION = "1.0"
  def initialize
    puts("Hello, world!")
  end
end
5a837592409354297424994e8d62f722?d=identicon&s=25 Ryan Davis (Guest)
on 2008-10-24 07:44
(Received via mailing list)
On Oct 23, 2008, at 14:36 , Dmitry Severin wrote:

> Found link to RubyEncoder on InfoQ (
> http://www.infoq.com/news/2008/10/rubyencoder ), and just for fun,
> decided to look how difficult would it be to crack it :)


haha! you are awesome. thank you for showing how easy it can be.
95ece3bc20c5dc43685302703a1e99bd?d=identicon&s=25 Erik Hollensbe (erikh)
on 2008-10-24 13:18
Michal Suchanek wrote:
> On 17/10/2008, Ryan Davis <ryand-ruby@zenspider.com> wrote:
>> >
>> > are some good encoders for PHP but what do we have for Ruby?
>> >
>>
>>  there is zenobfuscate which translates to C, that prevents my above
>> statement from occurring... as others have pointed out, if you are just
>> munging source, you're doing nothing... nothing at all to protect things.
>> encryption? it needs to be decrypted in order to run and then you're dealing
>> with my original claim again...
>>
>>  I don't know of any other method than removing the ruby source entirely.
>>
>
> Remember DOS games? These employed many baroque copy protection
> schemes including specially formatted or perhaps even specially
> manufactured floppies so that nobody could make a copy with standard
> software or even any standard floppy drive. Still the popular ones
> were disassembled and circulated without the protection, and the lame
> ones forgotten.

You can also consider hardware keys (dongles), when these programs are
cracked, typically the software that interfaces with the dongle is
merely replaced.

I think what (a lot of) people are trying to say here is that you're
spinning your wheels; there are plenty of successful ways to license and
sell your software, but copy protection typically isn't one of them,
especially when you're dealing with a product that caters to a technical
market.... I mean, the average gamer isn't really that technical, but
they can go to oodles of websites and download a 100K file that fixes
their problem of being forced to purchase the latest $50 entertainment
extravaganza, and they've been trying to solve this since computers had
ways to play games that didn't come on ROM.

-Erik
Fd22ee3cfc7dac283ce8e451af324f7d?d=identicon&s=25 Chad Perrin (Guest)
on 2008-10-24 20:46
(Received via mailing list)
On Fri, Oct 24, 2008 at 02:41:58PM +0900, Ryan Davis wrote:
> On Oct 23, 2008, at 14:36 , Dmitry Severin wrote:
>
> >Found link to RubyEncoder on InfoQ (
> >http://www.infoq.com/news/2008/10/rubyencoder ), and just for fun,
> >decided to look how difficult would it be to crack it :)
>
> haha! you are awesome. thank you for showing how easy it can be.

Trying to "protect" your Ruby source code is like trying to "protect"
music with DRM: doomed to ineffectiveness.

  http://blogs.techrepublic.com.com/security/?p=363
5a837592409354297424994e8d62f722?d=identicon&s=25 Ryan Davis (Guest)
on 2008-10-24 23:07
(Received via mailing list)
On Oct 24, 2008, at 11:45 , Chad Perrin wrote:

> music with DRM: doomed to ineffectiveness.
>
>  http://blogs.techrepublic.com.com/security/?p=363

well... to varying levels of difficulty, yes...

I can guarantee that I can obfuscate code better than rubyencoder
can... well enough that you can't get meaningful information back out
automatically (it would probably be quicker and more effective to
translate it back by hand after doing an automated pass on it). Well
enough that it isn't worth your time for nearly everything put through
it.
Fd22ee3cfc7dac283ce8e451af324f7d?d=identicon&s=25 Chad Perrin (Guest)
on 2008-10-26 00:57
(Received via mailing list)
On Sat, Oct 25, 2008 at 06:07:00AM +0900, Ryan Davis wrote:
> >>haha! you are awesome. thank you for showing how easy it can be.
> automatically (it would probably be quicker and more effective to
> translate it back by hand after doing an automated pass on it). Well
> enough that it isn't worth your time for nearly everything put through
> it.

I can probably guarantee that, if you do that, it's not worth *your*
time
either.
5a837592409354297424994e8d62f722?d=identicon&s=25 Ryan Davis (Guest)
on 2008-10-26 06:43
(Received via mailing list)
On Oct 25, 2008, at 15:55 , Chad Perrin wrote:

>> well... to varying levels of difficulty, yes...
> time
> either.

You'd be wrong. The effort to refactor IP needing obfuscation and
getting it converted and tested/able in its new form took less than 30
minutes. After that all conversions are simply part of the rake build
process (read: free). The amount of time it'd take to decompile and
then discern actual meaning would be much much greater than that.
1636be0d225f58321def06fb92ab93a9?d=identicon&s=25 James Dinkel (jdinkel)
on 2008-10-26 13:41
Ryan Davis wrote:
> On Oct 25, 2008, at 15:55 , Chad Perrin wrote:
>
>>> well... to varying levels of difficulty, yes...
>> time
>> either.
>
> You'd be wrong. The effort to refactor IP needing obfuscation and
> getting it converted and tested/able in its new form took less than 30
> minutes. After that all conversions are simply part of the rake build
> process (read: free). The amount of time it'd take to decompile and
> then discern actual meaning would be much much greater than that.

I find that the best solution is just to write unreadable code from the
beginning.

James
289cf19aa581c445915c072bf45c5e25?d=identicon&s=25 Todd Benson (Guest)
on 2008-10-26 15:44
(Received via mailing list)
On Sun, Oct 26, 2008 at 7:40 AM, James Dinkel <jdinkel@gmail.com> wrote:
>> process (read: free). The amount of time it'd take to decompile and
>> then discern actual meaning would be much much greater than that.
>
> I find that the best solution is just to write unreadable code from the
> beginning.

Ha!  I'm good at that!  }:>

Todd
Fd22ee3cfc7dac283ce8e451af324f7d?d=identicon&s=25 Chad Perrin (Guest)
on 2008-10-26 21:42
(Received via mailing list)
On Sun, Oct 26, 2008 at 09:40:56PM +0900, James Dinkel wrote:
> > process (read: free). The amount of time it'd take to decompile and
> > then discern actual meaning would be much much greater than that.
>
> I find that the best solution is just to write unreadable code from the
> beginning.

I find that the best solution is probably to encourage people that want
to "obfuscate" code to write unreadable (and, thus, unmaintainable) code
from the beginning.  Evolution takes over at that point.

I rather suspect someone is overestimating the "protective" value of
obscurity in this case, anyway.
Ede2aa10c6462f1d825143879be59e38?d=identicon&s=25 Charles Oliver Nutter (Guest)
on 2008-11-17 14:51
(Received via mailing list)
Pedro Arnal Puente wrote:
>> There is no .class to .rb decompiler, and (though, I'm not sure) these
>> .class files cannot be decompiled even to .java ones.
>
> Forget it, decompiling classes to very readable java source has been
> trivial for many years.

I had missed this...but even if you could decompile .class to .java,
it's still nearly worthless to you because it's a bunch of JRuby
internals calls. I suppose the important bit is what you're trying to
protect. If it's the original Ruby code, then compiling to .class is
certainly good enough.

- Cahrlie
4bd50de2080d331aa62637f20ef14fda?d=identicon&s=25 rakesh patel (rakesh)
on 2013-09-09 14:18
Hello
Anyone know how to do domain base encoding with rubyencoder?


Thanks

Sasha Bee wrote in post #739510:
> Mike Gold wrote:
>> Ade Inovica wrote:
>>> Interesting solution. May I also suggest that you try
>>> www.rubyencoder.com as this protects Ruby source code also.  I am
>>> involved in this project (disclaimer!) but thought it was appropriate to
>>> mention it
>>
>>The last time you advertised this product here, we had proven the claims
>>on your website to be false.
>>
>
> Could you suggest anything real to protect the Ruby code? We are still
> working on our project and we use Ruby for it and need to protect the
> code. We are still searching for a good solution for it. We are not just
> Ruby enthusiasts and we are doing a real project. I wish we choose C to
> develop our product and then have no problems in protecting the code.
> But we use Ruby now for many reasons...
>
> We do not want any conversions like Ruby to C or JRuby. We do not need
> or want Java for its slowness. (We just do not need Java - don't want to
> get into a battle with Java fans :) And also we understand there is no
> ideal 100% proved protection solutions for any language. I know there
> are some good encoders for PHP but what do we have for Ruby?
4bd50de2080d331aa62637f20ef14fda?d=identicon&s=25 rakesh patel (rakesh)
on 2013-09-09 14:20
Hello

Anyone know how to do domainbase encoding with rubyencoder?

Thanks
E0d864d9677f3c1482a20152b7cac0e2?d=identicon&s=25 Robert Klemme (robert_k78)
on 2013-09-09 15:57
(Received via mailing list)
On Mon, Sep 9, 2013 at 2:20 PM, rakesh patel <lists@ruby-forum.com>
wrote:

> Anyone know how to do domainbase encoding with rubyencoder?

Thou shallst not hijack threads!

robert
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.