TOPIC: Sunedo code is partially visible in a compiled lib
#373
Sunedo code is partially visible in a compiled lib 3 Years, 11 Months ago
Hi, I have compiled some Suneido functions in my library, then I have done a 'suneido -compact' and finally I have loaded the suneido.db file in an hex editor. I have discovered with my surprise that the variable names, the names of the functions called and the strings are all unhidden in the compiled code. Why? In this way the compiled code is reduced only a little in size and its security level is very very low... I would implement some code to protect my app from unauthorized use, but with this security level it is not possible...
There is a way to obfuscate strings, variable names and function calls in the compiled code?
 
 
Mauro
 
#377
Re:Sunedo code is partially visible in a compiled 3 Years, 11 Months ago
Sorry, protecting source code has never been a priority for us (or most other Suneido users that I know of). It is an open source project, after all :-)

Suneido code is always compiled. Normally this happens when it is loaded from a library. Normally you want debugging information. Currently, there is no way to request stripping out this debugging information.

Even on a production system, it is still useful to have debugging information, for example, when there is an unhandled exception we log the call stack and variables.

The global (library) names could not be stripped out totally because they are what links the code together. I suppose you could write something to obfuscate all the global names in a library, but you would have to modify every call. (And watch out for calls that are done dynamically.
 
 
andrew
 
#383
Re:Sunedo code is partially visible in a compiled 3 Years, 11 Months ago
Ok, I have thinked a method to obfuscate the string names and it appear to be working, but another big problem is obfuscating the function calls... Do you think it is possible?
 
 
Mauro
 
#388
Re:Sunedo code is partially visible in a compiled 3 Years, 11 Months ago
The global (library) names could not be stripped out totally because they are what links the code together. I suppose you could write something to obfuscate all the global names in a library, but you would have to modify every call. (And watch out for calls that are done dynamically.

You could write some code that would rename all the library records (e.g. to random or numbered names) and then go through all the records and change all the calls from the original name to the the new name. This should not be that difficult, although there might be a few issues.
 
 
andrew