[Newbies] Squeak in commercial projects
Ron Teitelbaum
Ron at USMedRec.com
Wed Mar 7 16:11:21 UTC 2007
Hey Bert,
This sounds pretty interesting, can you share more about how to mangle
names. Does it require a change in the VM to de-mangle?
Ron Teitelbaum
> From: Bert Freudenberg
>
> On Mar 7, 2007, at 8:57 , goran at krampe.se wrote:
>
> > Hi!
> >
> > Just a note - decompiling from bytecodes is very easy in Squeak. The
> > only thing missing is the original indentation and any comments. But
> > everything else is there. Just so you know.
>
> Well, if you're really concerned about decompiling, just mangle the
> selectors. As long as you are not constructing Symbols at runtime
> (#asSymbol, #intern:) this works perfectly well. Same for class names
> and instance variable names.
>
> > Locking down the image is of course doable - so that you can't easily
> > get to the tools etc - but there are of course ways to go around that
> > too. For example, I guess you can use an image file analyzer (there is
> > at least one I think) or hack a VM to do stuff when the image is
> > loaded.
>
> Sure. But if the names are mangled this is about as much fun as
> reverse engineering machine code. No wait, the tool support is still
> better ;)
>
> >> But doesn't this imply that the source is downloaded, making it easy
> >> (easier) to hack the system? I could make the private Monticello
> >> connection secure, update the system and then delete the source...
> >> just
> >> thinking out loud.
> >
> > Yes - a Monticello package is just a zip file of source code. Sure,
> > you
> > can make the transfer "secure" using SSL or whatever - and you can
> > apply
> > it and throw it away
>
> Well, you certainly would want to encrypt and sign the patch. If you
> are *that* paranoid I'd not even use MC but just image segments.
>
> It's all a question of cost/value. I for one would be more concerned
> about preventing malicious code injection than the possibility of
> reverse engineering. But you have to weigh that yourself.
>
> - Bert -
>
>
> _______________________________________________
> Beginners mailing list
> Beginners at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/mailman/listinfo/beginners
More information about the Beginners
mailing list