[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

I found way to protect Source Code! :

Alexey Petrushin

10/16/2008 11:44:00 AM

Hello!

Hope I found way how to protect Ruby sources.

The Super Product has been created and now we want to sell it. But there
is one problem, we are forced to distribute sources with it.

Solution? - The 'BlackBox' machine. :)

We take a computer, setup Linux with encrypted file system and install
our solution. The 'BlackBox' is fully functional as a web server and the
sources are also protected.
So, we can sell these 'BlackBox'es.

I've heard, that there is a way to hack Linux encrypted data if there is
a physical access to server-machine, but as far as i know it's hard
enough.
--
Posted via http://www.ruby-....
26 Answers

James Dinkel

10/16/2008 12:18:00 PM

0

Alexey Petrushin wrote:
> Hello!
>
> Hope I found way how to protect Ruby sources.
>
> The Super Product has been created and now we want to sell it. But there
> is one problem, we are forced to distribute sources with it.
>
> Solution? - The 'BlackBox' machine. :)
>
> We take a computer, setup Linux with encrypted file system and install
> our solution. The 'BlackBox' is fully functional as a web server and the
> sources are also protected.
> So, we can sell these 'BlackBox'es.
>
> I've heard, that there is a way to hack Linux encrypted data if there is
> a physical access to server-machine, but as far as i know it's hard
> enough.

Unless one of your developers is going to type in the encryption key
every time the computer gets rebooted, then the key and/or passphrase
will have to be stored on that computer unencrypted. Which means that
if someone has physical access it will be trivial to gain access to the
encrypted data.

You only solution there is probably going to be to host the website in
your own datacenter and give clients access to it over the internet.
--
Posted via http://www.ruby-....

Josef 'Jupp' Schugt

10/16/2008 12:22:00 PM

0

On Thu, 16 Oct 2008 13:43:37 +0200, Alexey Petrushin <axyd80@gmail.com>
wrote:

> We take a computer, setup Linux with encrypted file system and install
> our solution. The 'BlackBox' is fully functional as a web server and the
> sources are also protected.

As long as the system is up and running, the encrypted file system is
accessible as if it were not encrypted. Without securing the system
against intrusion in that state encryption is pointless.

Josef 'Jupp' Schugt
--
Blog: http://penpen.gooda...
PGP key (id 6CC6574F): http://wwwkeys.d...
Jabber - http://www.j... - contact information on request

Ade Inovica

10/16/2008 9:20:00 PM

0

Interesting solution. May I also suggest that you try
www.rubyencoder.com as this protects Ruby source code also. I am
involved in this project (disclaimer!) but thought it was appropriate to
mention it

Ade
--
Posted via http://www.ruby-....

Aaron Turner

10/16/2008 10:24:00 PM

0

On Thu, Oct 16, 2008 at 2:20 PM, Ade Inovica <adrian.teasdale@gmail.com> wrote:
> Interesting solution. May I also suggest that you try
> www.rubyencoder.com as this protects Ruby source code also. I am
> involved in this project (disclaimer!) but thought it was appropriate to
> mention it

Both of these "solutions" are useful for keeping honest people honest,
but won't protect you against a determined attacker.


--
Aaron Turner
http://s...
http://tcpreplay.s... - Pcap editing and replay tools for Unix & Windows
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin

Mike Gold

10/16/2008 10:56:00 PM

0

Ade Inovica wrote:
> Interesting solution. May I also suggest that you try
> www.rubyencoder.com as this protects Ruby source code also. I am
> involved in this project (disclaimer!) but thought it was appropriate to
> mention it

The last time you advertised this product here, we had proven the claims
on your website to be false.

http://www.ruby-...topic/166...

You have not made any changes or corrections to the website since.
--
Posted via http://www.ruby-....

John Carter

10/17/2008 12:44:00 AM

0

On Fri, 17 Oct 2008, Aaron Turner wrote:

> On Thu, Oct 16, 2008 at 2:20 PM, Ade Inovica <adrian.teasdale@gmail.com> wrote:
> Both of these "solutions" are useful for keeping honest people honest,
> but won't protect you against a determined attacker.

Solution? Translate it into perl.

Then no one can read it. ;-)



John Carter Phone : (64)(3) 358 6639
Tait Electronics Fax : (64)(3) 359 4632
PO Box 1645 Christchurch Email : john.carter@tait.co.nz
New Zealand

Sasha Bee

10/17/2008 6:11:00 AM

0

Mike Gold wrote:
> Ade Inovica wrote:
>> Interesting solution. May I also suggest that you try
>> www.rubyencoder.com as this protects Ruby source code also. I am
>> involved in this project (disclaimer!) but thought it was appropriate to
>> mention it
>
>The last time you advertised this product here, we had proven the claims
>on your website to be false.
>

Could you suggest anything real to protect the Ruby code? We are still
working on our project and we use Ruby for it and need to protect the
code. We are still searching for a good solution for it. We are not just
Ruby enthusiasts and we are doing a real project. I wish we choose C to
develop our product and then have no problems in protecting the code.
But we use Ruby now for many reasons...

We do not want any conversions like Ruby to C or JRuby. We do not need
or want Java for its slowness. (We just do not need Java - don't want to
get into a battle with Java fans :) And also we understand there is no
ideal 100% proved protection solutions for any language. I know there
are some good encoders for PHP but what do we have for Ruby?


--
Posted via http://www.ruby-....

Ryan Davis

10/17/2008 8:37:00 AM

0


On Oct 16, 2008, at 23:10 , Sasha Bee wrote:

> Could you suggest anything real to protect the Ruby code? We are still
> working on our project and we use Ruby for it and need to protect the
> code. We are still searching for a good solution for it. We are not
> just
> Ruby enthusiasts and we are doing a real project. I wish we choose C
> to
> develop our product and then have no problems in protecting the code.
> But we use Ruby now for many reasons...

no, not really... anything that has ruby objects and ruby methods
involved can be popped wide open. If I can get my grubby paws on it, I
can play with it

> We do not want any conversions like Ruby to C or JRuby. We do not need
> or want Java for its slowness. (We just do not need Java - don't
> want to
> get into a battle with Java fans :) And also we understand there is no
> ideal 100% proved protection solutions for any language. I know there
> are some good encoders for PHP but what do we have for Ruby?

there is zenobfuscate which translates to C, that prevents my above
statement from occurring... as others have pointed out, if you are
just munging source, you're doing nothing... nothing at all to protect
things. encryption? it needs to be decrypted in order to run and then
you're dealing with my original claim again...

I don't know of any other method than removing the ruby source entirely.

Michal Suchanek

10/17/2008 10:46:00 AM

0

On 17/10/2008, Ryan Davis <ryand-ruby@zenspider.com> wrote:
>
> On Oct 16, 2008, at 23:10 , Sasha Bee wrote:
>
>
> > Could you suggest anything real to protect the Ruby code? We are still
> > working on our project and we use Ruby for it and need to protect the
> > code. We are still searching for a good solution for it. We are not just
> > Ruby enthusiasts and we are doing a real project. I wish we choose C to
> > develop our product and then have no problems in protecting the code.
> > But we use Ruby now for many reasons...
> >
>
> no, not really... anything that has ruby objects and ruby methods involved
> can be popped wide open. If I can get my grubby paws on it, I can play with
> it
>
>
> > We do not want any conversions like Ruby to C or JRuby. We do not need
> > or want Java for its slowness. (We just do not need Java - don't want to
> > get into a battle with Java fans :) And also we understand there is no
> > ideal 100% proved protection solutions for any language. I know there
> > are some good encoders for PHP but what do we have for Ruby?
> >
>
> there is zenobfuscate which translates to C, that prevents my above
> statement from occurring... as others have pointed out, if you are just
> munging source, you're doing nothing... nothing at all to protect things.
> encryption? it needs to be decrypted in order to run and then you're dealing
> with my original claim again...
>
> I don't know of any other method than removing the ruby source entirely.
>

Remember DOS games? These employed many baroque copy protection
schemes including specially formatted or perhaps even specially
manufactured floppies so that nobody could make a copy with standard
software or even any standard floppy drive. Still the popular ones
were disassembled and circulated without the protection, and the lame
ones forgotten.

So if your software is worth anything you can only reasonably protect
it by selling it as service hosted on servers protected both in
software and physically.

If you just want people paying money for using your software forget
protection. It's just additional effort and if you are lucky it does
not get in your way too much. Sell the software for price that people
who are likely going to use it can afford, and make the payment method
an easy one.

Also services like support and customization help getting some money
from your users.

If your application is that lame that anybody looking at the source
would run away screaming in horror then you probably need a better
coder.

I guess that's pretty much all that can be said about code protection.

Thanks

Michal

James Dinkel

10/17/2008 1:49:00 PM

0

Michal Suchanek wrote:
> On 17/10/2008, Ryan Davis <ryand-ruby@zenspider.com> wrote:
>> >
>> > are some good encoders for PHP but what do we have for Ruby?
>> >
>>
>> there is zenobfuscate which translates to C, that prevents my above
>> statement from occurring... as others have pointed out, if you are just
>> munging source, you're doing nothing... nothing at all to protect things.
>> encryption? it needs to be decrypted in order to run and then you're dealing
>> with my original claim again...
>>
>> I don't know of any other method than removing the ruby source entirely.
>>
>
> Remember DOS games? These employed many baroque copy protection
> schemes including specially formatted or perhaps even specially
> manufactured floppies so that nobody could make a copy with standard
> software or even any standard floppy drive. Still the popular ones
> were disassembled and circulated without the protection, and the lame
> ones forgotten.
>
> So if your software is worth anything you can only reasonably protect
> it by selling it as service hosted on servers protected both in
> software and physically.
>
> If you just want people paying money for using your software forget
> protection. It's just additional effort and if you are lucky it does
> not get in your way too much. Sell the software for price that people
> who are likely going to use it can afford, and make the payment method
> an easy one.
>
> Also services like support and customization help getting some money
> from your users.
>
> If your application is that lame that anybody looking at the source
> would run away screaming in horror then you probably need a better
> coder.
>
> I guess that's pretty much all that can be said about code protection.
>
> Thanks
>
> Michal

C can be reverse engineered and java jars can be converted back to
source code. No program's source is 100% safe. The suggestion of
selling it as a service and hosting the app on your own servers is as
close as you're going to get. So don't freak out too much because you
can't get perfect code protection. It just doesn't exist and yet
millions of people still pay for software.

Personally I do use rubyscript2exe for all my software (used internally
around the office). That is mainly so I don't have to install the
entire ruby interpreter on every computer that uses the applications,
but it also has an added bonus of not making your source code readily
available. It would be trivial to get to the source for someone that
knows rubyscript2exe, but most people aren't even going to give that a
thought.

--
Posted via http://www.ruby-....