eric@golux.UUCP (Eric S. Raymond) (10/24/88)
In <6152@june.cs.washington.edu> pardo@cs.washington.edu (David Keppel) writes: > Essentially, preform all the optimizations that I can on the C source, > and steal liberally from the Obfusacted C Code Contest. This gives me an interesting and twisted thought. Consider the following notional man page: -------------------------------------------------------------------------- NAME obfuscate -- code obfuscator for semi-secure source code distribution SYNOPSIS obfuscate [file...] DESCRIPTION The obfuscate tool applies transformations to a set of source files intended to make the source unreadable as possible. The intent is to support secure distribution of proprietary C source. Obfuscate begins by preprocessing the file, throwing away all information in comments and mnemonic defines. Then it randomly renames all variables using conventions designed to confuse the eye. Next, obfuscate applies a further series of transformations we shall leave deliberately undocumented here. Some of these are `smart' obfuscations using source features deducible from flow analysis. Finally, obfuscate smashes all non-significant whitespace out of the file and reformats it as a sequence of solid-filled 8-character lines. Though the output of obfuscate will always compile to the same (stripped) object code as its input, the obfuscate algorithm is deliberately nondetermistic; some of the transformations applied will vary randomly from run to run. NOTE To make reverse-engineering of the scramble algorithms more difficult, the source of obfuscate is distributed in obfuscated form. -------------------------------------------------------------------------- Maybe this is as good a secure uMIIL as we can hope for. I'd write it, but I've got my hands full with 3.0 news and changing machines. Anybody else wanna try? -- Eric S. Raymond (the mad mastermind of TMN-Netnews) UUCP: ...!{uunet,att,rutgers}!snark!eric = eric@snark.UUCP Post: 22 S. Warren Avenue, Malvern, PA 19355 Phone: (215)-296-5718
rsalz@bbn.com (Rich Salz) (10/25/88)
The discussions on HIMIL's, MIIL's, stopped being relevant to comp.lang.c some time ago. Please edit your Newsgroups lines more carefully. Thanks, /rich $alz -- Please send comp.sources.unix-related mail to rsalz@uunet.uu.net.
djones@megatest.UUCP (Dave Jones) (10/25/88)
From article <eB93d#29Vk4y=eric@golux.UUCP>, by eric@golux.UUCP (Eric S. Raymond): > NAME > obfuscate -- code obfuscator for semi-secure source code distribution > > SYNOPSIS > obfuscate [file...] > Perhaps we should have a contest to see who can write the best version of this... "The Obfuscating C Contest." Then again, maybe not.
olling@batcomputer.tn.cornell.edu (Cliff Olling) (10/25/88)
I think I saw something that was run through this program :-) while working with a Data General Nova about 10 years ago. The source was written in an interpreted BASIC with lots of DG-specific extensions (there was no compiled BASIC for that machine). I believe that the program was a payroll package of about 20k lines or so. The interesting thing about the source was that all the variable names were mixtures of "O"'s (capitol-o) and "0"'s (zeros). It certainly made for confusing reading. Luckily :-), once the program was loaded, there were handy tools which could be (mis-)used to dis-ambiguate(sp?) the variable naming. --- Clifford Olling, olling@tcgould.tn.cornell.edu, (cornell!plab!olling) Modern Languages and Linguistics, Cornell University
libes@cme-durer.ARPA (Don Libes) (10/25/88)
I went to a talk in April '87, where Jim Gimpel (the fellow who wrote C-terp) described a system for doing exactly this - converting readable C code to obfuscated code for the purposes of source distribution. It was definitely written by that time because he showed some examples. Oddly, though, I've never seen any advertisements for it since then. Don Libes libes@cme.nbs.gov ...!uunet!cme-durer!libes
skh@hpclskh.HP.COM (10/25/88)
From some stuff I saw long ago, I would say the DoD has this program for FORTRAN already, and probably for years. Shouldn't be too hard to adapt it to C, or even PASCAL for that matter.
jeff@amsdsg.UUCP (Jeff Barr) (10/26/88)
I recently received information on a product known as PC-LINT (?) sold by Gimpel Software (Pensylvania, I believe). They distribute PC-LINT in an OBSCURED source form which allows recompilation but apparently is not amenable to human inspection. I wonder what 'cb' could do for it? I'm not associated with Gimpel Software. Jeff /-------------------------------------------------------\ / Jeff Barr AMS-DSG uunet!amsdsg!jeff 800-832-8668 \ \ American Express: "Don't leave $HOME without it". / \-------------------------------------------------------/ -- /-------------------------------------------------------\ / Jeff Barr AMS-DSG uunet!amsdsg!jeff 800-832-8668 \ \ American Express: "Don't leave $HOME without it". / \-------------------------------------------------------/