closed source

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 2
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • David Bolen
    #16
    Re: closed source

    Alan Kennedy <alanmk@hotmail .com> writes:
    [color=blue]
    > I could imagine that decompiled jythonc'ed jython classes would be
    > quite hard to understand, especially if you're not familiar with
    > jython.
    >
    > But certainly not impossible. It's more of a hindrance than a
    > showstopper.[/color]

    Also, whether Jython, or a Java obfuscator, it's not like the person
    has to understand the majority of the application. All they need to
    locate is the section that does the authentication or startup check,
    and change just enough code to bypass it. Since there are typically
    messages output when such checks fail, it's often easy to zero in on
    the code involved.

    -- David

      Comment

      • Rainer Deyke
        #17
        Re: closed source

        David Bolen wrote:[color=blue]
        > Milos Prudek <milos.prudek@t iscali.cz> writes:[color=green]
        >> The idea here is that C is much harder to decompile than Python.[/color]
        >
        > Definitely true - I think anything that does a native compilation is
        > much harder to decompile into usable information (but clearly not
        > impossible) simply because the compiled form is much further removed
        > from the original source.[/color]

        Only if the bytecode in a known format. Otherwise the opposite is true -
        you need to reverse engineer the whole interpreter before you can even start
        reverse engineering the bytecode. This suggests an obvious solution: tweak
        the Python interpreter to use a slightly different bytecode format. (This
        only works if you can distribute a custom Python interpreter with your
        compiled Python modules.)


        --
        Rainer Deyke - rainerd@eldwood .com - http://eldwood.com


          Comment

          • Alex Martelli
            #18
            Re: closed source

            David Bolen wrote:
            [color=blue]
            > Milos Prudek <milos.prudek@t iscali.cz> writes:
            >[color=green]
            >> This will not protect against illegal copying, however. Let's say that[/color][/color]
            ...[color=blue]
            > So in the end, as long as there's any interpreted code that is in
            > control of the authentication, you might not be any better off, so why
            > expend the effort in the first place. I think this is largely true
            > for any interpreted language.[/color]

            I have said this often but I think it's worth repeating: if you
            distribute executable code, no matter how cleverly disguised, somebody
            else is going to be clever enough to hack away any authentication
            etc. Proof by existence: any warez site.

            If you have code so valuable you DO really truly want to protect it,
            the solution lies in *web-services*. Carefully cut out the extremely
            valuable parts of your application and DON'T distribute them as
            any kind of executable code: only distribute "clients" that must
            rely on connecting to a web-service, where you will make all the
            juicy parts available. Your extremely precious code thus lives on
            a server under your control, and you CAN secure it against hacking.
            You also get to implement any business model you prefer (one-off
            payment, subscription, pay-per-use, etc, etc). [Any kind of network
            RPC protocol will work fine, of course -- "web-services" are just
            one currently fashionable way to achieve such a protocol].

            Of course this isn't applicable everywhere, although with the wider
            and wider availability of connectivity (including wireless) the
            area of applicability keeps growing. Some cases where this approach
            can't be used might be handled instead by putting the extremely
            valuable portions of your code into a custom integrated-circuit of
            some kind (much harder to reproduce, though not impossible).

            Striving to "protect" code which you distribute in executable form
            is tilting at windmills. I've spent far too large a part of my
            life hacking up such "protection " schemes, with and without "dongles"
            of some kind to support them, and it's been far more effective in
            bothering perfectly legitimate use than in foiling crackers and
            warezguyz. These days, whenever somebody asks me about such
            protection, I insist on the "webservice , or custom IC" as the only
            really viable approaches. BTW, such conversations generally end
            up, in 90% of the cases, concluding that the allegedly precious
            code ISN'T really as precious as to be truly worth protecting -- if
            so, putting in some looks-like-protection-to-the-clueless tweak may
            of course be the easiest way to pacify a paranoic PHB ... :-) But
            that's just as easy with Python as with any other language, of course.


            Alex

              Comment

              Previous 1 2 template Next
              Working...