[Newbies] Squeak in commercial projects

Ron Teitelbaum Ron at USMedRec.com
Wed Mar 7 16:11:21 UTC 2007


Hey Bert,

This sounds pretty interesting, can you share more about how to mangle
names.  Does it require a change in the VM to de-mangle?

Ron Teitelbaum

> From: Bert Freudenberg
> 
> On Mar 7, 2007, at 8:57 , goran at krampe.se wrote:
> 
> > Hi!
> >
> > Just a note - decompiling from bytecodes is very easy in Squeak. The
> > only thing missing is the original indentation and any comments. But
> > everything else is there. Just so you know.
> 
> Well, if you're really concerned about decompiling, just mangle the
> selectors. As long as you are not constructing Symbols at runtime
> (#asSymbol, #intern:) this works perfectly well. Same for class names
> and instance variable names.
> 
> > Locking down the image is of course doable - so that you can't easily
> > get to the tools etc - but there are of course ways to go around that
> > too. For example, I guess you can use an image file analyzer (there is
> > at least one I think) or hack a VM to do stuff when the image is
> > loaded.
> 
> Sure. But if the names are mangled this is about as much fun as
> reverse engineering machine code. No wait, the tool support is still
> better ;)
> 
> >> But doesn't this imply that the source is downloaded, making it easy
> >> (easier) to hack the system? I could make the private Monticello
> >> connection secure, update the system and then delete the source...
> >> just
> >> thinking out loud.
> >
> > Yes - a Monticello package is just a zip file of source code. Sure,
> > you
> > can make the transfer "secure" using SSL or whatever - and you can
> > apply
> > it and throw it away
> 
> Well, you certainly would want to encrypt and sign the patch. If you
> are *that* paranoid I'd not even use MC but just image segments.
> 
> It's all a question of cost/value. I for one would be more concerned
> about preventing malicious code injection than the possibility of
> reverse engineering. But you have to weigh that yourself.
> 
> - Bert -
> 
> 
> _______________________________________________
> Beginners mailing list
> Beginners at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/mailman/listinfo/beginners




More information about the Beginners mailing list