How can I obfuscate my Perl script to make it difficult to reverse engineer?

I've developed a Per开发者_如何学Cl script that has a confidential business logic.

I have to give this script to another Perl coder to test it in his environment. He may try to extract the logic in my program. So I want to make my script very hard to understand.

Any suggestions?

I suggest that you get this person and his management to sign a legally enforceable agreement that forbids all forms of reverse engineering, and any other means of gaining access to the stuff you want to protect.

Obfuscation cannot protect you against a determined attempt to reverse engineer. It is theoretically and practically impossible.

Don't try to obfuscate your Perl. You're wasting your time there. I show plenty of people how to break that sort of stuff in Mastering Perl just so they won't try to do it.

Have you considered implementing the sensitive stuff in C and shipping a pre-compiled binary with a Perl interface? It's relatively easy to do and has the same effect without relying on a clever trick. The determined, skilled person can still reverse engineer it, but that's true for any solution. You do have to compile the library for each platform, but if this stuff is important enough to protect, it important enough to charge enough to people to use it.

Alternatively, put the sensitive stuff behind a web service so they never get the code.

One clever tactic I've seen involves a file that is tailored to each client, whether through formatting or content. This serves as something like a low-grade watermark using banal code, comments, or docs. Find that curious text sequence and you know the source of the leak.

The business answer is to not give the program to people you don't trust, or to make the penalties stiff enough to discourage it.

First, let me say that you're barking up the wrong tree. What you want to do is the wrong approach for many reasons.

Second, check out Filter::Crypto (and PAR::Filter::Crypto). Read the whole manual before your start.

Use Acme::Bleach to bleach the code clean. Then obfuscate the resulting bleached code. However, any encoded/obfuscated code can be decoded, as the Perl interpreter has to decode it anyway.

You could look at perlcc. It doesn't guarantee correctness, but it should do alright if you're not doing anything too funky in your scripts.

On OSX at least, they provide three great commands:

parl
par.pl
pp

parl - convert a par file into an executable binary that doesn't need Perl or other modules to run

par.pl - make par files from your perl scripts

pp - compile a perl script into a binary (but it still requires perl)

Not certain if these are available for Windows or Linux.

One interesting thing I noticed was that when I used a command in my compiled perl script to indicate the current working directory, it was the same thing as the directory of my new binary executable. I would have thought that it would have have uncompressed something into /tmp and run it from there, but that wasn't the case.