开发者

Code obfuscation and runtime behaviour changes

Is there any way that you may create a puzzle of three pieces with your code that you allows you to have an encrypted string, a function built specifically for that string and only for that one, (string that in its decrypted form is actually code/instructions to execute). And the third and most important, the final piece would be the context that makes the execution of function possible, and that environment state must be unforgeable. So the function to be executed on the matching string only one time, only one environment state, and after that to expire. It must be as a perfect clock mechanism that even only one piece that is missing to make it "un...tickable" (unable to tick, as in "to function", of course, because every part is vital).

I am speaking about script languages here, where exists something like eval, but it can be applied as a general technique.

Using some kind of "domino" effect based of all kinds of memory states, and variables, random, or not, you could create something similar to a "leak effect" letting bits of your code in a structured (but hidden) place, so that at the end, using a strange tool as a "code funnel" all to arrange in an execution flow.

As I do not know of anything like this, my words are made-ups in order to be able to give then any kind of readable and understandable form.

My question is exactly about this... is it possible? Is there any help I can get? As any ideas somewhere? Because I cannot find anything right now that can hold such an effect.

And of course you might find no reason for me to ask for such a thing, as you could say that no one is interested in my code, or I suffer of paranoia. But still consider it might be a reason out there. No, it surely is a reason for me wanting to know this.

And please don'开发者_Python百科t hush and jump to conclusions like "it was specified clearly that this is not a discussion forum", as this is a problem I am facing with some urgent need for a solution. And as I have few experience about a lot of things, including serious math, and a solid algorithmic thinking, I am in a cry for help. So I thank those who will give any consideration to this matter.


This is essentially impossible, at a very fundamental level.

You want to give someone some information (your code). You want them to be able to execute the code once, in one particular state (that you don't define very well). But you don't want them to be able to inspect that code, or execute it under other circumstances. Impossible.

A program on that person's machine (that will execute the code) must be able to inspect the code, in order to be able to execute it. So other programs on that machine will also be able to inspect the code.

You can encrypt your code, so that arbitrary programs can't inspect it, and you regain control. But the program intended to execute the code still needs to inspect it, so you'll have to somehow get the information it needs to decrypt the code.

But now you're right back to your original problem: You some information (the decryption key), which you want to give the user for one particular use (decrypting and running your code under only the circumstances you specify), and not for any others.

More interestingly, you could instead encrypt your code with a hash value derived from the parts of the environment you want to check (how exactly you derive the key is impossible to say without knowing what you want to check). Then, if the user (or a program executing your code on their behalf) wants to inspect the code, it will have to follow the same process of deriving a hash value from the environment and have the correct environment. But the user could arrange to collect the hash value from that environment and keep it, allowing them to inspect your code whenever they want.

Plus, I have no idea what you could possibly check that actually guarantees the correct environment. If the program is supposed to check that it is correctly running itself (with no modifications to spy on your code) before decrypting the secret part of itself and running that, then a spy can easily pull out the encrypted stuff, worked out from the (unencrypted) checking code what computations are done to check the environment, and then do their own calculations based on the "correct" environment rather than the one that actually exists.

All you can do, in the end, is make the process of recovering your top secret code more annoying, so that it de-motivates from bothering. Most people will never bother to look at your code anyway; they just don't care. Most of the remaining ones will give up at the slightest resistance (though it may put them off using your software). The ones who are still trying after that... there's always a chance (if your secret code is really that valuable/interesting) that there will be sufficiently motivated people who will get around whatever you do (unless you just never give anyone your code in the first place). So my inclination is to just put some small easy effort into obscuring your secret code, and don't worry about achieving perfect security, because it's impossible.


You could simply encrypt the code using a symmetric encryption. Encrypt it using a random key, store that key on the computer, and then include in the encrypted code a part that deletes that key from memory when the code is run. Of course it would be relatively easy for someone to copy the key before it was deleted and restore it to memory later, but you could put it somewhere obscure, and I think no matter what you do someone could restore the computer to an earlier state (using backup software).


@Ben, interesting presentation, I believe that I was thinking about this from the very moment I understood what can be done, and what cannot be done. I thought of every possible situation you mention, and even more, indeed it seems there is no way. Maybe I should limit myself at just making it as much as a headache as I can. Not only that is a super-secret code, as you named it, but I have another intention in hiding it, it's that, pardon my lack of modesty, it really is an interesting code, and I really want to filter those to see it, if it takes a genius to make it from A to C without going through B, and it must take another to figure out how. I though it was my lack of experience that kept me down with is unsolvable problem. But still, I am always put in front of such seeming impossible situations, and I usually raise hell to find the solution, I manage it just fine. But now it just that I cannot surrender.

I might just have known the answer since the beginning, that no matter how much you try it can't be done, and of course it is easy to find out why, because it is not normal, or correct, it must depend on your knowledge and experience the limit of what you are creating. And with that in mind it is obviously why there must be a way someone better, and surely there will be someone better, than you to overcome you. Even if this is, for my at least, subjectively speaking, such troublesome. Well then, I guess I'll give my best to lessen those to know my super-secret code. After all even god is great puzzle maker.

Anyway I highly appreciate your answer.

P.S. Sorry for the late answer, but as I could not answer my question for 8 hours, I had to wait, and after that I couldn't be able to find any avaible time to do it.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜