Seeing the source

Hello. I'm new to Ruby (and also to scripting languages).

I'd like to know if, since Ruby is a scripting language, there's a way
to hide the code when deploying an application. I'd users to be unable
to see the source.

Is there a solution for that?

Thanks in advance

Hello. I'm new to Ruby (and also to scripting languages).

I'd like to know if, since Ruby is a scripting language, there's a way
to hide the code when deploying an application. I'd users to be unable
to see the source.

Is there a solution for that?

http://www.rubyinside.com/px-a-quick-and-silly-ruby-obfuscation-system-7.html

If you want to obfuscate code for business reasons, though, you might want to use a different language (Perl is naturally obfuscated :P), where obfuscators are available on a larger scale (Java and .NET languages should offer that, with them being enterprise-y and all).

The question is: Why do you need that? If you license your software, you could include a section on using the source in other applications a big, big no-no (well, you'd reiterate copyright laws, basically), and that your code is a trade secret. IANAL, though, nor do I play one on TV, so take that with a grain of salt.

Hello. I'm new to Ruby (and also to scripting languages).

I'd like to know if, since Ruby is a scripting language, there's a way
to hide the code when deploying an application. I'd users to be unable
to see the source.

Is there a solution for that?

A commercial obfuscator was announced last year, ZenObfuscate:
http://blog.zenspider.com/archives/2006/07/zenobfuscate_no.html

This free project, Ruby2CExtension, works along similar principles:
http://ruby2cext.rubyforge.org/

Both have some limitations on certain kinds of ruby expressions
that can't be handled.

(I've never used either one, just read about them.)

On the balance, I agree with what others are saying in this thread:
If you can find a way to avoid needing to obfuscate the code, so
much the better.

My current project is part C++, part Ruby. So I figure I'll just
leave all the ruby code open source, and put the registration check
logic in the C++ components.

Regards,

Bill

Michel Cabili wrote:

Hello. I'm new to Ruby (and also to scripting languages).

I'd like to know if, since Ruby is a scripting language, there's a way
to hide the code when deploying an application. I'd users to be unable
to see the source.

Is there a solution for that?

There's a couple for JRuby that have been briefly mentioned:

- JRuby can load .rb files from within a .jar file. Since most people don't know a .jar is just a zip file, many would never think to look in there.
- JRuby can also compile most .rb into Java .class files. From there it's nearly impossible to get decompiled output that resembles either Java or Ruby.

- Charlie

If you really think you need to obfuscate your code, then you're doing something wrong. It is always possible to decompile stuff even with compiled languages. PHP users often use obfuscation to try and hide stuff.
Consider crafty use of file permissions settings, and simply burying things in modules with hard to read names.
But ultimately, simply put pen to paper and make somebody sign a contract if you have to. You could go to great lengths, but if it's really worth it, you'll just use lawyers.

Charles Oliver Nutter wrote:

- JRuby can load .rb files from within a .jar file. Since most people don't know a .jar is just a zip file, many would never think to look in there.\

Thus extending the cracking time by nearly 15 seconds. (-;

Hi,

Well, then I guess that we can't obfuscate the code with Ruby.

It's not a necessity. It's just that I'm used to compiled languages in
wich, if the project isn't that complex, you basically give one file to
the user.

<troll>
If I really need this kind of feature I guess I could develop a library
in C that would encrypt all my '.rb' files into another file and decode
them when launching the application... or something like that.
</troll>

Thanks for your answers.

John Joyce wrote:

Hello. I'm new to Ruby (and also to scripting languages).

I'd like to know if, since Ruby is a scripting language, there's a way
to hide the code when deploying an application. I'd users to be unable
to see the source.

Is there a solution for that?

PX: A quick and silly Ruby obfuscation system

If you want to obfuscate code for business reasons, though, you might want to use a different language (Perl is naturally obfuscated :P), where obfuscators are available on a larger scale (Java and .NET languages should offer that, with them being enterprise-y and all).

The question is: Why do you need that? If you license your software, you could include a section on using the source in other applications a big, big no-no (well, you'd reiterate copyright laws, basically), and that your code is a trade secret. IANAL, though, nor do I play one on TV, so take that with a grain of salt.

--
Phillip Gawlowski

If you really think you need to obfuscate your code, then you're doing something wrong. It is always possible to decompile stuff even with compiled languages. PHP users often use obfuscation to try and hide stuff.
Consider crafty use of file permissions settings, and simply burying things in modules with hard to read names.

Disassemble, sure. But it's fairly easy to generate sequences of assembly instructions or bytecodes that can't be decompiled into any reasonable language. JRuby's compiler, for example, emits bytecode that could never be reversed into .java files, largely because it uses the operand stack much more heavily and forgoes the use of local variables.

- Charlie

JRuby's main problem: you still need to know Java to use Ruby!

Michel Cabili wrote:

<troll>
If I really need this kind of feature I guess I could develop a library
in C that would encrypt all my '.rb' files into another file and decode
them when launching the application... or something like that.
</troll>

Why is that "trolling"? It's actually "shrouding". Not sure if that came up
in this thread.

Could you use JRuby and ship .class files? That's pretty shrouded. But, as
usual, you are only raising the cost of hacking, not preventing it...

Michel Cabili wrote:

Well, then I guess that we can't obfuscate the code with Ruby.

It's not a necessity. It's just that I'm used to compiled languages in wich, if the project isn't that complex, you basically give one file to the user.

<troll>
If I really need this kind of feature I guess I could develop a library in C that would encrypt all my '.rb' files into another file and decode them when launching the application... or something like that.
</troll>

Thanks for your answers.
  

I actually worked on something like this but I finally decided that it was hopeless. Since the encrypted Ruby code must be decrypted before being handed off to the Ruby interpreter, there's always going to be a way for a sufficiently-motivated user to get their hands on the unencrypted version of the program.

Well, then I guess that we can't obfuscate the code with Ruby.

Sure you could. Just how effective obfuscation would be in *any* language
depends on exactly what you're trying to accomplish, but it will not prevent
anyone with a fair bit of time and determination from figuring out what your
code is doing. It might be enough to prevent the average person from taking
your code and using it directly in their product/project, who knows... Even
with a compiled language, it's generally possible to decompile from the
bytecode or machine code.

It's not a necessity. It's just that I'm used to compiled languages in

wich, if the project isn't that complex, you basically give one file to
the user.

Doesn't seem related to obfuscation... Ruby has a pretty good package
management system called RubyGems, that might be what you're looking for?

<troll>

If I really need this kind of feature I guess I could develop a library
in C that would encrypt all my '.rb' files into another file and decode
them when launching the application... or something like that.
</troll>

Actually, you really couldn't. You'd need to put the decryption key
somewhere where the client can get at it. Companies with much greater
resources than you and I try to do this all the time. The scheme is
generally broken in around 4 hours by some Nordic teenager (it's cold and
dark there, not much else to do.)

Good luck and have fun with Ruby!

JRuby's main problem: you still need to know Java to use Ruby!

Oh, I'm just laying awake at night wondering when someone's going to invent RJava...

(-;

John Joyce wrote:

JRuby's main problem: you still need to know Java to use Ruby!

Well, we're hoping to solve that too; jrubyc already provides a mechanism for compiling to class files, and generally of the class files are just in the "right places" in your load path they'll load fine. For example:

~/NetBeansProjects/jruby $ jrubyc test/foo.rb
Compiling file "test/foo.rb" as class "test.foo"
~/NetBeansProjects/jruby $ rm test/foo.rb
~/NetBeansProjects/jruby $ jruby -I. -e "require 'test/foo'"
hello from compiled Ruby

So there's no need for you to worry yourself about classpaths and jar files and whatnot. Simply lay the compiled versions in the same directory structure as the uncompiled versions, point load paths to the appropriate roots, and you're off.

We'll also look into providing Ruby-friendly packaging logic, probably through Java-specific Rake tasks, once the compiler is 100% complete.

- Charlie

Phlip wrote:

Why is that "trolling"? It's actually "shrouding". Not sure if that came
up
in this thread.

Could you use JRuby and ship .class files? That's pretty shrouded. But,
as
usual, you are only raising the cost of hacking, not preventing it...

Trolling because that came up just like that... Didn't know if that kind
of technique was really used (I'm just a student).

But thanks.
Do you have any usefull link that give some light on that matter?

That sounds very cool.
A real Ruby interface to Java!
I do want to learn Java at some point though, just because there is a wealth of stuff there.

Michel Cabili wrote:

Do you have any usefull link that give some light on that matter?

No! Just dive into one of the Ruby Grammar attempts, and then change each
intention-revealing symbol into an unreadable ugly one. Then scramble the
blanks, and you are shrouded.

Though with some Ruby there's not much shrouding left to go...

Responding to the thread in general - just put your family jewels into C++
behind a Ruby layer, and ship Ruby for the easy stuff that your clients
don't need to steal...

Phlip wrote:

Responding to the thread in general - just put your family jewels into
C++
behind a Ruby layer, and ship Ruby for the easy stuff that your clients
don't need to steal...

That seems a fair solution. Although I'm not that deep into Ruby yet, I
saw some links concerning creating extensions for Ruby... but in C.
There must be something equivalent for C++...

That means that when I create for instance my extension (let's say
"funky_extension"), the file concerning the extension will be compiled
therefore obfuscated? Is that what you're talking about?

Intellectual property theft is a social problem, not a technical one. Social
problems should have social solutions, and not technical solutions. I agree
with a former poster: I believe your answer consists of contracts, licenses
and lawyers. It's quite usually immensely cost and time intensive to build a
technical solution that makes intellectual property theft unattractive for a
large percentage of your target audience, there are very, very few cases
where it has arguably been made entirely unfeasible - and that took a whole
lot of engineering.

Just my two cents,

Felix