Source Code Encryption

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Source Code Encryption

Alex jimmy Montaño fuentes
How to encrypt source code deployed on Apache Tomcat?

I using rails on jruby deployed on client machine, and I want to prevent
client from hacking my source code.

Any ideas?

Thanks
Kengsreng

--
Posted via http://www.ruby-forum.com/.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

Re: Source Code Encryption

Karol Bucek

 Chances are you're already using Warbler to generate a .war ... just try it's compiled feature.

It will pre-compile all .rb files into -> .class ones and replace .rb file's content to load the compiled .class.

If you're really into it you can further obfuscate with tools such as Proguard, although I would be a little cautious there.

K.

On Tue, May 5, 2015 at 8:13 AM, Kengsreng Tang <[hidden email]> wrote:
How to encrypt source code deployed on Apache Tomcat?

I using rails on jruby deployed on client machine, and I want to prevent
client from hacking my source code.

Any ideas?

Thanks
Kengsreng

--
Posted via http://www.ruby-forum.com/.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email



Reply | Threaded
Open this post in threaded view
|

Re: Source Code Encryption

Alex jimmy Montaño fuentes
In reply to this post by Alex jimmy Montaño fuentes
Karol,

Do you know how to compile xxx.yml files ?

--
Posted via http://www.ruby-forum.com/.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

Re: Source Code Encryption

Doug Hathaway
You could perhaps encrypt the contents of the YML file, then decrypt before parsing.


Sent from Mailbox


On Thu, May 7, 2015 at 6:29 PM, Kengsreng Tang <[hidden email]> wrote:

Karol,

Do you know how to compile xxx.yml files ?

--
Posted via http://www.ruby-forum.com/.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email



Reply | Threaded
Open this post in threaded view
|

Re: Source Code Encryption

Christian MICHON

Use jrubyc to compile your main ruby script to class files. That should do.

On May 8, 2015 12:49 AM, "Doug Hathaway" <[hidden email]> wrote:
You could perhaps encrypt the contents of the YML file, then decrypt before parsing.


Sent from Mailbox


On Thu, May 7, 2015 at 6:29 PM, Kengsreng Tang <[hidden email]> wrote:

Karol,

Do you know how to compile xxx.yml files ?

--
Posted via http://www.ruby-forum.com/.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email



Reply | Threaded
Open this post in threaded view
|

Re: Source Code Encryption

keithrbennett
Even with compiling, the resulting class files can be inspected (somewhat) with javap.

If you run javap -v on the file (don’t included the .class extension) then you can see the method signatures and Java byte code instructions.  Not at all like seeing the original source, but not at all encrypted either.

- Keith



On May 9, 2015, at 3:45 AM, Christian MICHON <[hidden email]> wrote:

Use jrubyc to compile your main ruby script to class files. That should do.

On May 8, 2015 12:49 AM, "Doug Hathaway" <[hidden email]> wrote:
You could perhaps encrypt the contents of the YML file, then decrypt before parsing.


Sent from Mailbox


On Thu, May 7, 2015 at 6:29 PM, Kengsreng Tang <[hidden email]> wrote:

Karol,

Do you know how to compile xxx.yml files ?

--
Posted via http://www.ruby-forum.com/.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email




Reply | Threaded
Open this post in threaded view
|

Re: Source Code Encryption

Christian MICHON

I agree but there's no way to really recover the original ruby script. At best you'll retrieve what you listed and the string constants.

It's the easiest form of obfuscation I know for jruby.

If you have another suggestion, I will test it

On May 9, 2015 9:18 PM, "Keith Bennett" <[hidden email]> wrote:
Even with compiling, the resulting class files can be inspected (somewhat) with javap.

If you run javap -v on the file (don’t included the .class extension) then you can see the method signatures and Java byte code instructions.  Not at all like seeing the original source, but not at all encrypted either.

- Keith



On May 9, 2015, at 3:45 AM, Christian MICHON <[hidden email]> wrote:

Use jrubyc to compile your main ruby script to class files. That should do.

On May 8, 2015 12:49 AM, "Doug Hathaway" <[hidden email]> wrote:
You could perhaps encrypt the contents of the YML file, then decrypt before parsing.


Sent from Mailbox


On Thu, May 7, 2015 at 6:29 PM, Kengsreng Tang <[hidden email]> wrote:

Karol,

Do you know how to compile xxx.yml files ?

--
Posted via http://www.ruby-forum.com/.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email




Reply | Threaded
Open this post in threaded view
|

Re: Source Code Encryption

Christian MICHON

I almost forgot... Have a look at jd-gui if you're using Windows. You'll get a much better java decompilation than what you suggested.

On May 9, 2015 9:49 PM, "Christian MICHON" <[hidden email]> wrote:

I agree but there's no way to really recover the original ruby script. At best you'll retrieve what you listed and the string constants.

It's the easiest form of obfuscation I know for jruby.

If you have another suggestion, I will test it

On May 9, 2015 9:18 PM, "Keith Bennett" <[hidden email]> wrote:
Even with compiling, the resulting class files can be inspected (somewhat) with javap.

If you run javap -v on the file (don’t included the .class extension) then you can see the method signatures and Java byte code instructions.  Not at all like seeing the original source, but not at all encrypted either.

- Keith



On May 9, 2015, at 3:45 AM, Christian MICHON <[hidden email]> wrote:

Use jrubyc to compile your main ruby script to class files. That should do.

On May 8, 2015 12:49 AM, "Doug Hathaway" <[hidden email]> wrote:
You could perhaps encrypt the contents of the YML file, then decrypt before parsing.


Sent from Mailbox


On Thu, May 7, 2015 at 6:29 PM, Kengsreng Tang <[hidden email]> wrote:

Karol,

Do you know how to compile xxx.yml files ?

--
Posted via http://www.ruby-forum.com/.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email




Reply | Threaded
Open this post in threaded view
|

Re: Source Code Encryption

Alex jimmy Montaño fuentes
In reply to this post by Alex jimmy Montaño fuentes
Hi Christian,

Is Jrubyc can compile yaml file?

--
Posted via http://www.ruby-forum.com/.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

Re: Source Code Encryption

Christian MICHON
No jrubyc will only compile ruby files, ie .rb files.

If you wish to preserve the yaml content, I would suggest to simply encrypt it with ruby-rc4 (why not?) and obfuscate the string used as key through a dictionary. That would do.

So in total:
- compile all rb files into class files using jrubyc
- encrypt yaml and xml with ruby-rc4, and obfuscate the key within a dictionary.

If you need more dedicated help, just point me to a git repository. ;-)


On Mon, May 11, 2015 at 7:58 AM, Kengsreng Tang <[hidden email]> wrote:
Hi Christian,

Is Jrubyc can compile yaml file?

--
Posted via http://www.ruby-forum.com/.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email





--
Christian
Reply | Threaded
Open this post in threaded view
|

Re: Source Code Encryption

Tim Uckun
Why don't you just put your settings in a .rb file?

On Mon, May 11, 2015 at 10:36 PM, Christian MICHON <[hidden email]> wrote:
No jrubyc will only compile ruby files, ie .rb files.

If you wish to preserve the yaml content, I would suggest to simply encrypt it with ruby-rc4 (why not?) and obfuscate the string used as key through a dictionary. That would do.

So in total:
- compile all rb files into class files using jrubyc
- encrypt yaml and xml with ruby-rc4, and obfuscate the key within a dictionary.

If you need more dedicated help, just point me to a git repository. ;-)


On Mon, May 11, 2015 at 7:58 AM, Kengsreng Tang <[hidden email]> wrote:
Hi Christian,

Is Jrubyc can compile yaml file?

--
Posted via http://www.ruby-forum.com/.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email





--
Christian

Reply | Threaded
Open this post in threaded view
|

Re: Source Code Encryption

Christian MICHON

I'm not the creator of this thread, but I believe settings should be part of a configuration file instead of being in the code itself.

Database.yaml in rails is a typical example of such approach.

On May 11, 2015 6:05 PM, "Tim Uckun" <[hidden email]> wrote:
Why don't you just put your settings in a .rb file?

On Mon, May 11, 2015 at 10:36 PM, Christian MICHON <[hidden email]> wrote:
No jrubyc will only compile ruby files, ie .rb files.

If you wish to preserve the yaml content, I would suggest to simply encrypt it with ruby-rc4 (why not?) and obfuscate the string used as key through a dictionary. That would do.

So in total:
- compile all rb files into class files using jrubyc
- encrypt yaml and xml with ruby-rc4, and obfuscate the key within a dictionary.

If you need more dedicated help, just point me to a git repository. ;-)


On Mon, May 11, 2015 at 7:58 AM, Kengsreng Tang <[hidden email]> wrote:
Hi Christian,

Is Jrubyc can compile yaml file?

--
Posted via http://www.ruby-forum.com/.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email





--
Christian

Reply | Threaded
Open this post in threaded view
|

Re: Source Code Encryption

christian
I followed the thread and realized the you want to "encrypt" some passwords or something when you asked about yaml file.

if you use something like configurator gem to replace yaml with ruby code then the jrubyc will still keep yaml values as literals inside the class files. even you decide to use some encryption for the yaml file you will face the same problem that the encryption key which is just a literal or byte array inside a class file. all you gain is that nobody tumbles over the "password" accidentally but anyone who wants to unwrap if can do so and it might take only a few minutes to do so.

if your intention is to obfuscate your ruby codebase then jrubyc could be OK but even this can be reversed. but is probably not feasible for bigger codebase as it is manual procedure.

I personally find it important to think on how to undo the protection you put in place - just to get a feeling how good your protection is.

- christian