From - Sun May 18 10:38:17 1997
Path: world5.bellatlantic.net!out2.nntp.cais.net!news2.cais.com!news.intr.net!news.charm.net!news.clark.net!noos.hooked.net!www.nntp.primenet.com!nntp.primenet.com!feed1.news.erols.com!howland.erols.net!psinntp!pubxfer.news.psi.net!usenet
From: Grant Gainey <ggainey@widget.com>
Newsgroups: comp.lang.java.security
Subject: Re: Protecting Source Code
Date: Tue, 22 Apr 1997 07:47:16 -0500
Organization: The Widget Workshop, Inc. Cary, NC
Lines: 85
Message-ID: <335CB354.41C6@widget.com>
References: <msadamsE8z0Io.Gx8@netcom.com> <335B0176.10746485@best.com> <msadamsE90CG1.9J0@netcom.com>
NNTP-Posting-Host: 204.241.231.18
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 3.0 (X11; U; AIX 1)


Michael Adams wrote:
> 
> I checked out the sources you listed, and came to the conclusion that
> until they get native code compilers, there is not much protection for
> source code.

Oh boy, here we go again.  Native executables don't provide "protection 
to source code".  If you're relying on being "protected" by having
your C/C++/Ada/what-have-you compiled to native, then you've already
lost your shirt.

Someone else already pointed out C. Cifuentes' "dcc" work; here's the
URL again for anyone who missed it:

 http://www.it.uq.edu.au/groups/csm/dcc.html

You migt also check out 

 http://wwwis.cs.utwente.nl:8080/~faase/Ha/decompile.html

for another good overview of decompiling techniques.

If you can't get to uq.edu.au, here's a quick excerpt from that
page.  The "dcc" app takes the following from an i386 based system:

         55 8B EC 83 EC 04 56 57 1E B8 94 00 50 9A 
   0E 00 3C 17 59 59 16 8D 46 FC 50 1E B8 B1 00 50 
   9A 07 00 F0 17 83 C4 08 BE 01 00 EB 3B 1E B8 B4
   00 50 9A 0E 00 3C 17 59 59 16 8D 46 FE 50 1E B8
   C3 00 50 9A 07 00 F0 17 83 C4 08 FF 76 FE 9A 7C
   00 3B 16 59 8B F8 57 FF 76 FE 1E B8 C6 00 50 9A
   0E 00 3C 17 83 C4 08 46 3B 76 FC 7E C0 33 C0 50
   9A 0A 00 49 16 59 5F 5E 8B E5 5D CB 55 8B EC 56
   8B 76 06 83 FE 02 7E 1E 8B C6 48 50 0E E8 EC FF
   59 50 8B C6 05 FE FF 50 0E E8 E0 FF 59 8B D0 58
   03 C2 EB 07 EB 05 B8 01 00 EB 00 5E 5D CB 
      
and produces this:

#include <stdio.h>                                            
                                                              
int main()                                                    
{ int i, numtimes, number;                                    
  unsigned value, fib();                                      
                                                              
   printf("Input number of iterations: ");                    
   scanf ("%d", &numtimes);                                   
   for (i = 1; i <= numtimes; i++)                            
   {                                                          
      printf ("Input number: ");                              
      scanf ("%d", &number);                                  
      value = fib(number);                                    
      printf("fibonacci(%d) = %u\n", number, value);          
   }                                                          
   exit(0);                                                   
}                                                             
                                                              
unsigned fib(x)                 /* compute fibonacci number recursively
*/
int x;                                                        
{                                                             
   if (x > 2)                                                 
      return (fib(x - 1) + fib(x - 2));                       
   else                                                       
      return (1);                                             
}                                                             

Boy oh boy, I'm sure glad this wasn't Java bytecode - we might have been
able to figure out what the program was doing!

In a project of any significant size, an obfuscator and compiling
optimized will provide just as much "protection" as native code does
now.  Decompiling the code and making any productive use out of it
will cost more than just buying the thing.

Grant
(who isn't sure why this "only native code can save us!" idea bugs me as
 much as it does.  So it goes.)
___________________________________________________________________________
Grant Gainey                                            
ggainey@widget.com
The Widget Workshop         http://www.widget.com/           
(919)677-1942
  "In theory, there is no difference between theory and practice.  
   In practice, there is no relationship between theory and practice."
