| View previous topic :: View next topic |
| Author |
Message |
WaterRatj
Voice
Joined: 30 Mar 2011
Posts: 1
|
 Posted: Wed Mar 30, 2011 6:05 am Post subject: Question (encryption) |
 |
|
| Is there any way to encrypt a tcl script so when you give out your script to someone they can't edit it or see the source code and they can only run it? |
|
| Back to top |
|
 |
nml375
Revered One
Joined: 04 Aug 2006
Posts: 2857
|
| Posted: Wed Mar 30, 2011 12:29 pm Post subject: |
|
|
Encrypt it: No. Thel-interpreter would still have to be able to decode your source in order to run the compiler. And once the script is loaded, it'd be as simple as .tcl info args / .tcl info body to get the original source anway...
ActiveTcl does however provide a byte-code compiler for tcl, making it more difficult to retrieve the original code. Even so, a creative user could still trace any and all command calls. Once the code has been traced enough, it'd be a mere matter of 'puzzle-solving'.
Be adviced though, within the eggdrop community, obfuscating the code is generally thought of as you might be hiding malware in the script (there are a few infamous examples of this to date).
_________________
NML_375, idling at #eggdrop@IrcNET |
|
| Back to top |
|
|
willyw
Revered One
Joined: 15 Jan 2009
Posts: 1175
|
| Posted: Wed Mar 30, 2011 1:41 pm Post subject: |
|
|
This thread reminded me of something that I wondered about some time ago, (and I hope the answer contributes to the original poster's quest):
| nml375 wrote: | Encrypt it: No.
...
|
What's all that stuff in
alice.tcl
?
to the untrained eye, it looks like some sort of method of encrypting.....
http://www.egghelp.org/tclhtml/3478-4-0-0-1-alice.htm
Thanks |
|
| Back to top |
|
|
nml375
Revered One
Joined: 04 Aug 2006
Posts: 2857
|
| Posted: Wed Mar 30, 2011 3:26 pm Post subject: |
|
|
@willyw:
That is simply obfuscation. Everything needed to restore the script into the original source is provided; add a line to open a file (set fd [open myfile.tcl "WRONLY CREAT TRUNC"]), and then replace the outer eval with "puts $fd ", and finally a "close $fd" at the end of the script, and you'll find the whole source in myfile.tcl after loading the script..
Or, as I mentioned in my earlier post, you could simply use the "info args" and "info body" commands to rebuild any and all procs (use "info procs" for a list of all procs) once the script is loaded...
_________________
NML_375, idling at #eggdrop@IrcNET |
|
| Back to top |
|
|
speechles
Revered One
Joined: 26 Aug 2006
Posts: 1398
Location: emerald triangle, california (coastal redwoods)
|
| Posted: Wed Mar 30, 2011 11:36 pm Post subject: Re: Question (encryption) |
|
|
| WaterRatj wrote: | | Is there any way to encrypt a tcl script so when you give out your script to someone they can't edit it or see the source code and they can only run it? |
As nml375 originally said sure there are. But with it come ethical and real-world outcomes. Eggdrop is mostly hobbyists. There isn't much potential in generating a pay model from supporting eggdrop users with scripts (This is the only reason I can think of where one would obfuscate code). Thats the real-world outcome, you won't make any money. You instead, need to support the hobbyist. To these hobbyists, seeing how others create their "wheel" vs another scripters "wheel" helps them see the inner workings of what truly makes one script different than another. Being it string vs list flaws, Injection exploits, etc.. That means, you didn't directly put within your code any intentional trojans or intentional code to takeover someones bot. But what you did do, is write your script so poorly it allows malicious users to takeover the bot using specially crafted queries. This is just as bad as purposely writing in these exploits. As obfuscated, these issues cannot be corrected as easily. And rather than de-obfuscate to fix the issue, taking all that time just so you can see the code and begin to find/correct the issue. It's easier to just use any other script that does similar.
So after the reading the above, you still feel like alienating 99.999% of eggdrop's audience from ever using your script, and feel happy with the .001% that do use it. That being mostly 1, just you. Or... perhaps 2, you and a friend of yours using that script. Even if you distribute it well. It will likely just be you and your friend ever using it. This is why there is really no point to obfuscate your code.. Just food for thought.
_________________
speechles' eggdrop tcl archive |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
