Hey,
I'm interested about encrypting tcl scripts or obfuscation.Yesterday i read every topic on egghelp about encrypting/obfuscation and also obfuscation site.I didn't really understand how to do it, but maybe some of you would be so kind and tell me how i can 'encrypt' scripts or how to use 'obfuscation'.I need it for my next script which source shouldn't be visible to public.I still didn't start to write script, because i don't know how i can 'encrypt' it later.
Tnx
This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.
For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.
All data has been migrated (including user logins/passwords) to a new phpBB version.
For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.
Encrypting/Obfuscation
There's no way to create working code that can't be read by anyone. But you can scare off most people by using procomp to bytecode compile your script. (I would still be able to get your source ;P)
Have you ever read "The Manual"?
Just read the site and it looks ok, but i need something which doesn't need extra libary/file to be loaded...Just something which strikelight is using...I don't need it to be super encrypted, only something which will prevert newbies to view the sourceuser wrote:There's no way to create working code that can't be read by anyone. But you can scare off most people by using procomp to bytecode compile your script. (I would still be able to get your source ;P)
Any idea, how i can use similar method like strikelight is using?The whole point of obfuscation is that people don't understand how it works, so posting a way to obfuscate kinda defeats its own purpose 
If a method of obfuscation becomes widely used, the way to deobfuscate it will (sooner or later) become public knowledge too.
Make sure you back up any file you want to try this on as i didn't test it much
Btw: you can run it multiple times on the same file if you want to waste some more cpu loading the script.
If a method of obfuscation becomes widely used, the way to deobfuscate it will (sooner or later) become public knowledge too.
Code: Select all
proc obfuscate code {
foreach c [split $code ""] {set tmp($c) ""}
set chrs [array names tmp]
set i [array size tmp]
set forward [set back [list]]
foreach c $chrs {
set r [expr {int(rand()*$i)}]
incr i -1
lappend forward $c [lindex $chrs $r]
set back [concat [list [lindex $chrs $r] $c] $back]
set chrs [lreplace $chrs $r $r]
}
# EDIT 3: added this if
if {rand()>0.5} {
set cmd "if [expr {int(rand()*(1<<24))}]"
} {
set cmd eval
}
set code "[rndesc $cmd] \[[rndesc "string map"] [list $back [string map $forward $code]]\]"
}
proc obfuscateFile file {
set f [open $file r+]
puts $f [obfuscate [read $f][seek $f 0]]
close $f
}
# EDIT 2: added this little sucker to hide the cleartext commands a bit :)
proc rndesc str {
set o ""
foreach c [split $str ""] {
if {[string is space $c]} {append o $c} {
append o [switch [expr {int(rand()*3)}] {
0 {format \\%o [scan $c %c]}
1 {format \\x%x [scan $c %c]}
2 {format \\u%.4x [scan $c %c]}
}]
}
}
set o
}Btw: you can run it multiple times on the same file if you want to waste some more cpu loading the script.
Last edited by user on Fri Aug 06, 2004 11:52 am, edited 5 times in total.
Have you ever read "The Manual"?
should I care?KrzychuG wrote:I don't think you can retrieve source code from compiled tcl files.
Just because you failed doesn't mean it's impossible. I won't give you my decompiler, so you better start coding your own (just start reading the tbc loader source and get to know the format, and you should be able to make your own decompiler in a couple of evenings) or rewrite those scripts you claim to have lost.
Have you ever read "The Manual"?
Advice 1: Be more specific
Advice 2: Stay focused when reading the source and take notes
As I don't know C, my decompiler is 100% tcl (which is sort of weird, sure) it has a call stack emulator that actually "runs" the bytecode. (the only way to do it i guess)
But if you're doing it in C, I think there's lots of stuff to cut'n'paste from where the error messages are generated (it will generate the source for a small part of the bytecode where the error occured (iirc))
Advice 2: Stay focused when reading the source and take notes
As I don't know C, my decompiler is 100% tcl (which is sort of weird, sure
) it has a call stack emulator that actually "runs" the bytecode. (the only way to do it i guess)But if you're doing it in C, I think there's lots of stuff to cut'n'paste from where the error messages are generated (it will generate the source for a small part of the bytecode where the error occured (iirc))
Have you ever read "The Manual"?