Debugging Question

avo has asked for the wisdom of the Perl Monks concerning the following question:

Good day monks. I have a script which is calling a module. The module and the main script is encrypted using my own brewed source filter. How do I prevent debugging of my main script and module with a Perl Debugger software ?

Comment on Debugging Question

Replies are listed 'Best First'.
Re: Debugging Question by Anonymous Monk on Feb 14, 2009 at 10:49 UTC
Impossible. Why is it bad to hide the source?, hide code, Re: Hiding your Script (Security through Obscurity References) by eyepopslikeamosquito: Good grief, not again. Try `perldoc -q hide` or use Super Search to find these nodes: obfuscating source code Concealing Perl Code simple encryption for perl files Protect source code Perl Obsfucate Or Encrypter Closing Perl Source Here is a commercial obfuscator perl2exe - no more secrets Protecting perl source code Why is it bad to hide the source? How to make parts of my code compiled/encryptet or obfuscated (possible in perl?) hide code CryPerl. Source Filters Hiding your Script	[reply] [d/l]
Re: Debugging Question by almut (Canon) on Feb 14, 2009 at 11:05 UTC
In short, you can't. The only thing you can do is to attempt to detect the presence of the debugger (and any modules of the B:: namespace) and terminate your script if found. This is not as trivial as it might seem. Additionally, you'd need to at least obfuscate things sufficiently, so that people will give up before they succeed (for example because it's just not worth it)... The only way to make it reasonably difficult for people to work around your mechanisms is to distribute a modified perl binary, statically linked with the decrypting source filter module (written is XS). With anything else it's trivial to get at your decrypted Perl source and simply disable the debugger detection. (But even with a modified perl binary, it's only a matter of how much time someone is willing to invest to crack your 'protection'...) Generally - as you can infer from the Anonymous Monk's reaction - trying to hide your source is widely frowned upon in the community, so you probably won't get a lot of help here...	[reply]
Re: Debugging Question by dsheroh (Monsignor) on Feb 14, 2009 at 14:05 UTC
You don't say what your actual purpose in wanting to do this is, but I can guess that it's probably because the code contains something that you want to maintain restrictive intellectual property limitations on - trade secrets, copy prevention, whatever. As the music and movie industries have (repeatedly) proven, this is simply not technically feasible, even if you're using languages which are less amenable to simple source inspection than Perl is. If anyone cares enough to use your software, then someone will also care enough to crack your "protection" or "rights management" or whatever you want to call it and, once that happens, they'll put the cracked version up for free download somewhere and people will have the choice of either paying to get the version that puts restrictions on their use or downloading the version that they can use however they like for free. Tough choice, eh? The proper way to enforce these kinds of restrictions is to draw up a good contract and have enough lawyers on hand to sue anyone who breaches it. (Note that, by definition, a "good" contract is subject to review and negotiation by both parties prior to agreement. Shrinkwrap licenses, click-through EULAs, and the like are emphatically disqualified, not to mention that, if they were to be tested in court, they're probably unenforceable in many (most?) jurisdictions.) Intellectual property is a purely legal fiction and can only be effectively protected by legal means. Trying to do it technologically is entirely futile and has no real effect beyond wasting both your and your customers' time and money.	[reply]
Re: Debugging Question by ELISHEVA (Prior) on Feb 15, 2009 at 08:59 UTC
In general, I think trying to hide your source from customers is a pointless waste of effort. Anybody with enough bucks and dishonesty to make real (unauthorized) use of your intellectual property probably has more than enough bucks to hire someone to get past your protection scheme, assuming what you have is really that valuable...but esper raises a point I've never thought of: trade secrets. If you are filing source code for US copyright protection, you are allowed to black out trade secrets. This could get rather tedious without some automated way to do it. Filing (in the USA) isn't strictly necessary but it gives legal umph to any claims you make, negotiating power, the ability to collect legal fees and statuatory damages, among other advantages- see Copyright registration for computer programs, US copyright office and PubLaw: Advantages of Copyright Registration. If you want to protect intellectual property as a trade secret you have to make some explicit efforts to protect that knowledge from outsiders. A sampling of these include NDA's, no-reverse-engineering clauses in software licenses, company policies, headers in your source code files, and so forth. But I can see that distributing code that is easily readable might breach a trade secret, especially if you don't have NDA's in place. Also, you should clear any encryption/obfustication/blackout technique you use with your lawyer. What counts as sufficient efforts to protect a trade secret depends on case law, varies from country to country, and requires an experienced person to evaluate. Note: Though I have been involved in the IP process, To be very clear, I am not a lawyer and this is not legal advice - if you are concerned about trade secrets, consult with a lawyer if you haven't already. They can be very tricky to protect and encryption of your source code may not be enough - especially if someone can point to list of nodes and links like Anonymous Monk posted and say: "But he/she should have known that it doesn't really protect the source." Best, beth	[reply]

Back to Seekers of Perl Wisdom