Xref: utzoo comp.arch:6818 comp.lang.c:13550 comp.lang.misc:2041 Path: utzoo!yunexus!geac!syntron!jtsv16!uunet!cbmvax!golux!eric From: eric@golux.UUCP (Eric S. Raymond) Newsgroups: comp.arch,comp.lang.c,comp.lang.misc Subject: Forget uMIILs -- why not an 'obfuscate' tool for C instead? Message-ID: Date: 24 Oct 88 15:23:55 GMT Article-I.D.: golux.eB93d#29Vk4y=eric References: <358@istop.ist.co.uk> <6152@june.cs.washington.edu> Organization: Paratheo-Anametamystikahood Of Eris Esoteric Lines: 46 In <6152@june.cs.washington.edu> pardo@cs.washington.edu (David Keppel) writes: > Essentially, preform all the optimizations that I can on the C source, > and steal liberally from the Obfusacted C Code Contest. This gives me an interesting and twisted thought. Consider the following notional man page: -------------------------------------------------------------------------- NAME obfuscate -- code obfuscator for semi-secure source code distribution SYNOPSIS obfuscate [file...] DESCRIPTION The obfuscate tool applies transformations to a set of source files intended to make the source unreadable as possible. The intent is to support secure distribution of proprietary C source. Obfuscate begins by preprocessing the file, throwing away all information in comments and mnemonic defines. Then it randomly renames all variables using conventions designed to confuse the eye. Next, obfuscate applies a further series of transformations we shall leave deliberately undocumented here. Some of these are `smart' obfuscations using source features deducible from flow analysis. Finally, obfuscate smashes all non-significant whitespace out of the file and reformats it as a sequence of solid-filled 8-character lines. Though the output of obfuscate will always compile to the same (stripped) object code as its input, the obfuscate algorithm is deliberately nondetermistic; some of the transformations applied will vary randomly from run to run. NOTE To make reverse-engineering of the scramble algorithms more difficult, the source of obfuscate is distributed in obfuscated form. -------------------------------------------------------------------------- Maybe this is as good a secure uMIIL as we can hope for. I'd write it, but I've got my hands full with 3.0 news and changing machines. Anybody else wanna try? -- Eric S. Raymond (the mad mastermind of TMN-Netnews) UUCP: ...!{uunet,att,rutgers}!snark!eric = eric@snark.UUCP Post: 22 S. Warren Avenue, Malvern, PA 19355 Phone: (215)-296-5718