This comes up with some regularity here. Go super search and enlighten yourself. And, to forestall the inevitable cascade of replies, the answers generally are:

1. Heretic!
2. Use Acme::Bleach
3. There's perl2exe
   perl2exe isn't secure you ignorant wanker!
   yes it is
   No it isn't
   Well, that's not what it's for anyway
4. B::Deparse will defeat any attempt at hiding source!

Short answer is no, it won't really work. Someone'll see the source, so throw a nasty license on it and hope for the best.

Good list, but you missed a couple:

• Write it in C. You deserve it for even asking.
• PAR! PAR! PAR! (repeat perl2exe comments)
• Wait for parrot, somebody will write a native compiler for that.
• Perl sux0rs, Java r0x0rs.

and Here's my One True Answer:

If you had to ask this question, you're not going to make any money off it. Save yourself the trouble, release the code, and benefit from other's input.

I hope that nobody will claim PAR as "secure", or I'll be very embarassed.

That said, for non-technical people the Zip format provided by PAR does construe as a way to 'hide' the source code -- at least from grep ;-).

I'll admit that at some early point in time, I too had wanted to "close" a perl-oriented script/program. I did the foresight of reading other people's attempts and saw that it wasn't a really good idea and if I wanted anything "closed", to just write it in C, even though good usage of strings and decompilers can get most of it out. Since then, I've never hid/closed anything I've written and I have gotten much more positive responses on all things I've ever written from those in the open source community. I even provide the source for things written in C, documentation and all.

Bottom line, just share it. You'll find that the responses you'll get are much more open and helpful than if you try to "hide" an interpreted-language-oriented script.

It's like the guy that wanted to write all of his shell scripts in perl. Everything on the system that ran in /bin/sh was converted to /usr/bin/perl...which promptly failed because /usr isn't mounted at boot time and hence, no perl binary is available. Just because it sounds like a good idea, doesn't mean it's anywhere near a good idea.

The best way to hide perl code is to GPG encrypt it.
Of course, it won't function in that state. But what's more important: code that works, or proprietary code?

Hey! I like C! :-P

Ha! This is on Best Nodes of the week! What's up with the moderation system?

------
We are the carpenters and bricklayers of the Information Age.

Don't go borrowing trouble. For programmers, this means Worry only about what you need to implement.

Please remember that I'm crufty and crochety. All opinions are purely mine and all code is untested, unless otherwise specified.

    rm secret.pl
[download]

or

    chmod 000 secret.pl
[download]

Abigail

I second that opinion. I've worked with some pretty big systems in my work life so far...the better/more flexible ones provided source code and/or scripting facilities of some kind. Chris

You'll do better by doing some amazingly clever obfuscation though you'll note that most of the interesting obfus here get reversed anyway...

Why hide it?

Let everyone read it, just put a nice big copyright header at the top.

John J Reiser
newrisedesigns.com

No doubt. The poster should do some basic research on reverse engineering. Those who want your source can get it, period. Why drop the benefits of opening it when you gain nothing?

Makeshifts last the longest.

If you're afraid people will copy it, they can still copy a binary. Just use a copyright notice as someone else mentioned.

If you're afraid that people will steal your brilliant idea - if it's so brilliant that people will want to steal it, you'll need more than obfuscation, you'll need a patent, apply for one.

What's your motivation?

If you're afraid that people will steal your brilliant idea ...

... then sell your contracting services to them at $100+ per hour. Then, when you're bored with that, tell them I can support it for them and I'll even do it for $90 per hour. :-)

------
We are the carpenters and bricklayers of the Information Age.

Don't go borrowing trouble. For programmers, this means Worry only about what you need to implement.

Please remember that I'm crufty and crochety. All opinions are purely mine and all code is untested, unless otherwise specified.

I think you guys have all mostly been a little unfair. It is usually the commercial and legal people that want to protect the code. If you invest all that money in patenting some code to stop people copying it then they are gonna want to invest money in technically stopping people copying it.

I have personally seen big companies reject systems because they were written in Perl for this reason.

Programmers have to be paid for their work and companies have to protect theirs investments. Stopping people copying years of hard toil can sometimes be the only way to stop the unscrupulous

licensing is often poitnless as I have also seen companies abuse and sell open source software as their own

open source is not always the answer

I have personally seen big companies reject systems because they were written in Perl for this reason.

True. On the other hand I have also seen companies reject systems because they do not have access to the source. Depends on the client. Depends on the job.

Languages like Perl and Java running on a relatively high level VM are far easier to de-compile than something that compiles down to machine code. So, don't use them for projects when simple access to the source code is an issue. Any "compilers" or "obfu" generators that leave the VM code around are pretty trivial to get around.

Personally, I do the vast majority of my commercial work in areas where access to the source isn't an issue - indeed it is usually required.

In a sense, you're right. But there's a big BUT.

Apparently the poster wants to close his source to make money from it. That's his perfectly good right to do. The problem is that he's asking how to do that in a forum which thrives on openness. If you're stupid enough to do that, you deserve to get flamed. Especially if he doesn't even do some research on this site which would have learned him that asking questions about ways to close the source is a no-no.

So, if he wants to close the source to make money off of that particular piece of code, he wouldn't mind shelling out some money to achieve that goal, right? Well, whaddayknow! Take a look at Stunnix Perl-obfus. Perfectly unreadable code for only $879! Seems like a bargain to me.

Arjen

I have personally seen big companies reject systems because they were written in Perl for this reason.

And it's an extremely valid, if not the most valid, reason to do so. Companies exist to make money. If you want otherwise, go work for a charity. You simply aren't going to make as much (if any) by releasing the source and letting everyone do as they please with it. If you can't understand this basic concept, I recommend you stick to programming and never get into management (heaven, I know ;).

How does protecting the source code of the program protect it from being copied? The protection comes through legal means like licenses and patents. Anyone that just wants the binaries, will just copy those. Anyone that wants the algorithm, can disassemble the machine code. Perl just makes it easier to figure what is going on. Anyone who isn't afraid of legal means won't be stopped by an obfuscator.

In some ways, Perl source could be better from a legal standpoint because it is explicitly available. The competitor who looks at your product has a harder time proving they didn't look at the source code because it was sitting right there on their hard drive. With a binary C program, they can claim legitimate reverse engineering. It is also likely that their source will be written new using the algorithm and concepts. With Perl, they are more likely to get caught copying the source directly and producing a derived work. Then your attack laways take them to court and win the big bucks.

This guy may have something which a client is willing to buy but it is based on a really simple algorithm or even someone else's module which he cannot justify the hours on. Anyway it gets asked alot because:

1) it is a difficult problem, regardless of the "why do you want to make it secret" crowd, and also because

2) it must not be answered in an easy to find library on PM since everyone keeps responding to the darned question!

Anyway I wouldn't mind seeing people's experience with perlcc/perl2exe tools to hear about those tools' limitations/abilities. In particular I'd like to see what they would do to a PerlWx type application and if it could be made into a single app without requiring a perl interpreter. Here my interest is not obfuscation, but quick gui-based product development.

/me ducks